RE: Ben Forta for president?
I say we start a new party and make him our Candidate. Although he is everything no one would expect to find in a presidential candidate. He is intelligent, unselfish, and is accessible to anyone. Yep, nothing you would expect... Now, what about a name for our party. Programlicans, Webcratics, or we could go back in time and pick up on the 'Whig party and just call ourselves the Brain party? David -andy wrote: Just write him in.andy Dave Long wrote: Great idea! Somebody send me the PDF for some counterfeit voter registration forms and we can start canvassing. Dave _ Store, manage and share up to 5GB with Windows Live SkyDrive. http://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive_102008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314357 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: using dynamic variable in cfset statement
I hope no one Evaluates() this thread or I'll get a CF- ;).~David _ Get more out of the Web. Learn 10 hidden secrets of Windows Live. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312298 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How NOT to Evaluate (moved from cfset so not to confuse topic)
Ray wrote: As someone who used to always pounce on folks for using evaluate, I believe I remember reading recently a blog entry from an Adobian that points out that evaluate is not nearly as slow as it used to be. Now when I recommend against Evaluate I do so on readability terms rather than performance. For almost every use of evaluate I see in the field, the code can be rewritten in a cleaner, easier to understand manner. How then would you approach the following without Evaluate, because it was the only way I could get it to work: (oh, let the fun begin, the shame. I probably committed at least 7 deadly sins alone. And yes, I am using Access. Moan. Laughter.) In my ever growing need to expand my knowledge base (and look less like an idiot to this list) HELP? It's a query that accepts information from a Search field to run a query. cfquery name=getPhysicianRecords datasource=#DSN#SELECT *FROM ContactsWHERE Contacts.ContactType = 'Physician' AND Contacts.#FORM.Field# = '#Evaluate(FORM.#FORM.Field#)#'ORDER BY Contacts.LastName~David _ See how Windows connects the people, information, and fun that are part of your life. http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312302 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: How NOT to Evaluate (moved from cfset so not to confuse topic)
Adrian Wrote: SELECT * FROM Contacts WHERE Contacts.ContactType = 'Physician' AND Contacts.#FORM.Field# = '#FORM[FORM.Field]#' ORDER BY Contacts.LastName What is the [] for. How would they be used. I have never used them at all. What is the protocal. Is that CF or SQL or... And then throw in some cfqueryparams. I am just starting to write in the cfqueryparams. That is a new one too. ~David _ Want to do more with Windows Live? Learn 10 hidden secrets from Jamie. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312309 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: How NOT to Evaluate (moved from cfset so not to confuse topic)
You people are just scary smart. At least I have my good looks to fall back on :) (I wish)... ~David _ See how Windows connects the people, information, and fun that are part of your life. http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312326 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: How NOT to Evaluate (moved from cfset so not to confuse topic)
Well, if you'll were trying to make it clearer - it's darker than pitch now. Smart - but confusing. Seriously. I'm, lost again. Let's just do this one: cfoutput query=getPhysicianSubTypes startrow=#Evaluate(start)# maxrows=#Evaluate(end)# and this one, which is from a tag I got of Adobe 2 days ago called cf_search_nextprevious: a href=#variables.FileName#?#variables.ExtraURLString#amp;#variables.strt_string#=#Evaluate(variables.strt + variables.show)##variables.layout_next#/a ~David lol Shouldn't that be: cfset x = x cfoutput#variable[variable.x]#/cfoutput /lol Adrian Lynch wrote: A little correction: cfoutput#variables[x]#/cfoutput should be: cfoutput#variables[x]#/cfoutput _ See how Windows Mobile brings your life togetherat home, work, or on the go. http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312329 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: How NOT to Evaluate (moved from cfset so not to confuse topic)
Judah wrote: Untested but should work: cfquery name=getPhysicianRecords datasource=#DSN# SELECT * FROM Contacts WHERE Contacts.ContactType = 'Physician' cfif Len(form.field) AND StructKeyExists(form,form.field) AND Contacts.#FORM.Field# = '#Trim(form[form.field])#' cfelse 1 = 0 /cfelse ORDER BY Contacts.LastName /cfquery Showing my ignorance again, but it is already showing so why not. What does the 1 = 0 do? ~David _ Want to do more with Windows Live? Learn 10 hidden secrets from Jamie. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312336 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: How NOT to Evaluate (moved from cfset so not to confuse topic)
Now I am having one of those v8Aha!/v8 moments. Thank you... ~David Judah wrote: Ah, sorry, didn't explain fully. I did a StructKeyExists and a Len to make sure that the field you are going to evaluate really exists in the form. If it doesn't, you don't want your cfquery to throw a gnarly error (most likely) so if the assertion is false, the WHERE clause becomes WHERE 1 = 0 which is always false so the query completes and returns 0 records. Alternatively, you could wrap your query in a try/catch and catch any db errors and display them back to the user telling them that they forgot to put in a field to search on. Cheers, Judah _ Stay up to date on your PC, the Web, and your mobile phone with Windows Live. http://clk.atdmt.com/MRT/go/msnnkwxp1020093185mrt/direct/01/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312349 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: using dynamic variable in cfset statement
Would something like this work? cfset Evaluate(application.#appconfig.code_name#) = '#appconfig.code_value#' ~ David Moore _ Get more out of the Web. Learn 10 hidden secrets of Windows Live. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312269 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: using dynamic variable in cfset statement
I just love giving you guys something to laugh at ... Rag the newbie... It's OK. At least I am learning, and trying. :) hehe :) Ouch! Evaluate _ See how Windows Mobile brings your life togetherat home, work, or on the go. http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312273 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: using dynamic variable in cfset statement
Pat wrote: It's sometimes the best and fastest way to learn :-). Evaluate works, it's just not really recommended Ouch. ;-) Yes. It's just painful to the character of ones soul. I didn't know that about Evaluate. Glad I do know that...now. I wish there was an asterisks next to code somewhere that says, here's some code, but don't use this. It's really BAD. It works, but you shouldn't use it I mean, why is it there if you are not supposed to use it. It's like Eve and the apple all over again... ~ David _ See how Windows Mobile brings your life togetherat home, work, or on the go. http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312278 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: using dynamic variable in cfset statement
Charlie wrote: hey i was laughing at patrick laughing at you, not laughing at you directly, so it's ok :) Oh, I'm cool. I worked in Radio for 15 years as a DJ, so I don't expect a whole lot out of myself. I thought it was funny too. :) ~David _ Want to do more with Windows Live? Learn 10 hidden secrets from Jamie. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312280 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: mail
Chad wrote: Hello, I am using CFMail to send an email and if one of the email addresses in the TO attribute does not exists then no one in the TO attribute gets the email. It sits in the undelivered folder. Error,scheduler-5,09/08/08,10:17:32,,Invalid Addresses; nested exception is: class javax.mail.SendFailedException: 550 5.1.1 Mailbox [EMAIL PROTECTED] does not exist How can I avoid this. I want everyone to get the email even if one of the email addresses does not exist. I have the emails separated by commas in the TO attribute. Should I not do this? Loop over all the To's. Don't put them all in the To field. cfloop index=ToEmails list=#ListofEmails# cfmail to=#ToEmails# from=[EMAIL PROTECTED] subject=email content /cfmail You may also want to do some email validation. ~David Moore _ Get more out of the Web. Learn 10 hidden secrets of Windows Live. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312180 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Text to image for Non CSS font resolution
C Wrote: Not to rule out other options, but try setting the background color when the image object is created: cfset myImage=ImageNew(,500,20, rgb, ff) Though, I do not think you want to create the images every time the page loads. That helps, but I still need help. It did do the trick, but is it the best solution? I am not going to create it each time. Just each time they need new text. I will build an image inventory and check to see if the FileExists. I hate the way this will work, but I can't talk them into doing it any other way. I am using a combination of sIFR and this. (I got the sIFR working late last night). I don't like any of it, but an Agency created the design using ScalaSans everywhere, even with me explaining how text resolves. And the site is completely dynamic. Has anyone else run into this and found a better solution. If text comes out of a database dynamically and it must be a non-universal font, is there any other solution other than Text to Image or sIFR? Thanks, ~David Moore _ Talk to your Yahoo! Friends via Windows Live Messenger. Find out how. http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311713 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Text to image for Non CSS font resolution
Jake Churchill Wrote:Try a .jpg. I've had funny issues with .gif files before. Didn't fix it. Still black background. I copied the code write off the Adobe Live Docs website? What could I have done. Anyone else. I saw the suggestion in this thread of using sIFR. What should I do? Any advice from others. Should I stick with this and get it working or go with sIFR? The client has to use Scala Sans in a lot of places including some Headers, navigation, etc. And all of the content is being dymically generated from an access database that I pull over from their business every night. Help? ~ David Moore _ Talk to your Yahoo! Friends via Windows Live Messenger. Find out how. http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311674 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Centering text written on an image
Are you doing this dynamically using cfimage or Photoshop or just how? ~David Subject: Centering text written on an image From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Fri, 22 Aug 2008 11:09:37 -0400 Hi, I want to add some text to an image but have it centered rather than left justified. Does anyone know how to do that? Kevin Roche ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311410 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Centering text written on an image
Kevin Wrote I am using ColdFusion to write some text on an image and I don't know in advance what the string is going to be so I can't guess where to start writing it. Is there a way to say write this text around a particular point? I can check from the image how wide it is and work out where the centre is but I can't see how to either tell the ImageDrawText() function to center it or work out how wide the text will be once its written. The only way I know is to set the start point of the text. To do this you would take the TotalImageWidth - TextWidth/2 to find where the start point should be. That would be one way. ~David _ Talk to your Yahoo! Friends via Windows Live Messenger. Find out how. http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311426 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Query Too Complex for Access?
No I haven't. What you are saying is that I should use valueList to build a full list from all values in the getActiveWorks query and then listQualify to see if any variable matches. Thanks David! I will give it a shot. Does anyone else know of any other ways? David G. Moore, Jr. UpstateWeb. LLC Subject: RE: Query Too Complex for Access? From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 13:27:34 -0500 Have you tried: AND Works.ThisInventory not in (#listQualify(valueList(getActiveWorks.ThisReference),')#) ?? Dave -Original Message- From: David Moore [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 1:18 PM To: CF-Talk Subject: Query Too Complex for Access? I know I am setting myself up for another Query too complex issue, so before I start I thought I would ask for suggestions. I run into this when I have to reference two different Access databases that are Client imposed (don't ask). Basically, I have to use one for active data and one to show available date (minus the active data). This is, of coures, where the problem comes in. The queries will help: cfquery name=getActiveWorks datasource=#DSN# SELECT * FROM Works WHERE Works.PageReference = #FORM.ThisPage# AND Works.TypeReference = '#FORM.ThisType#' /cfquery cfquery name=getWorks datasource=#DSN2# SELECT * FROM Works, Artists WHERE Artists.ArtistNumber = Works.ArtistNumber AND Works.Type = '#FORM.ThisType#' cfloop query=getActiveWorks AND Works.ThisInventory '#getActiveWorks.ThisReference#' /cfloop/cfif ORDER BY Works.Title Asc /cfquery Where the cfloop is is where the problem is going to come into play when the Active Works get to a certain level and the Query becomes Too Complex. What is the Best way to handle this? I am using CF8, Windows Server 2003, and MS Access w/Unicode ODBC Connector. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311310 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a my SQL Injection blocker is better than yours, yet trying to educate myself on just what is going on and what is best to do. Does this thing just raise it's ugly head every now and then and go away for a while? This is the first I have seen of it on my server. Thanks in advance, ~David G. Moore, Jr. UpstateWeb, LLC Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 14:36:46 -0400 I also had a concern about thread safety; it's caching the java.util. regex.Matcher object in Application scope, and calling Application. injChecker.reset(testvar) for each url/form/etc variable -- seems like Matcher.reset() changes state of the cached Matcher object? Thanks for pointing this out...I updated the tool on my site to address this and also switched it to use a different RegEx that seems to work better and throw less false positives. Same link to download as before: http://www.cfwebstore.com/index.cfm?fuseaction=page.downloaddownloadID=18 --- Mary Jo ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311313 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Query Too Complex for Access?
I noticed that after I hit the 'send' button. I had a cfif to check if there were actual records before running the statement. I didn't think I needed to show all that, so I took it out, but left the stray end code. The code works well. I haven't tested it at a lot of values though. This will not have the same issue once their are like 100 records in the getActiveWorks query. Right? ~David G. Moore, Jr. Subject: RE: Query Too Complex for Access? From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 15:18:11 -0500 Acutally, the first part is correct. The listQualify() function actually just places 'single quotes' around each of the values in your valuelist since that would be required by the DB. List qualify doesn't check any variables. I noticed you had a stray /cfif tag. Were you missing a cfif condition as you only wanted to compare against 'some' of the records in getActiveWorks? If so, send your CFIF statement as we'll have to modify what I sent you earlier. Dave -Original Message- From: David Moore, Jr. [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 1:37 PM To: CF-Talk Subject: RE: Query Too Complex for Access? No I haven't. What you are saying is that I should use valueList to build a full list from all values in the getActiveWorks query and then listQualify to see if any variable matches. Thanks David! I will give it a shot. Does anyone else know of any other ways? David G. Moore, Jr. UpstateWeb. LLC Subject: RE: Query Too Complex for Access? From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 13:27:34 -0500 Have you tried: AND Works.ThisInventory not in (#listQualify(valueList(getActiveWorks.ThisReference),')#) ?? Dave -Original Message- From: David Moore [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 1:18 PM To: CF-Talk Subject: Query Too Complex for Access? I know I am setting myself up for another Query too complex issue, so before I start I thought I would ask for suggestions. I run into this when I have to reference two different Access databases that are Client imposed (don't ask). Basically, I have to use one for active data and one to show available date (minus the active data). This is, of coures, where the problem comes in. The queries will help: cfquery name=getActiveWorks datasource=#DSN# SELECT * FROM Works WHERE Works.PageReference = #FORM.ThisPage# AND Works.TypeReference = '#FORM.ThisType#' /cfquery cfquery name=getWorks datasource=#DSN2# SELECT * FROM Works, Artists WHERE Artists.ArtistNumber = Works.ArtistNumber AND Works.Type = '#FORM.ThisType#' cfloop query=getActiveWorks AND Works.ThisInventory '#getActiveWorks.ThisReference#' /cfloop/cfif ORDER BY Works.Title Asc /cfquery Where the cfloop is is where the problem is going to come into play when the Active Works get to a certain level and the Query becomes Too Complex. What is the Best way to handle this? I am using CF8, Windows Server 2003, and MS Access w/Unicode ODBC Connector. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311315 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
When you say Update Your Code, are you saying using cfqueryparam? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. Not trying to pick a fight, becuase I am sure you have forgotten more code than I will ever know (seriously) and I am probably just being lazy (seriously), but is cfqueryparam something a lot of programmers really use? I have never seen cfqueryparam used on any tags I have purchased or exchanged and I am afraid all I know is what I have learned from books and forums. This is the first I have ever heard of using cfqueryparam. ~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 17:01:42 -0400 I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a my SQL Injection blocker is better than yours, yet trying to educate myself on just what is going on and what is best to do. My original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) just checks for basic SQL keywords with a semicolon in URL variables. It's a quick and dirty way to give you some protection from bots short-term while your code base is updated to use best practices and secure coding methods. Mary Jo's is more thorough in that it checks additional variable scopes, and can help protect better against hand-drafted attacks, but may have a higher potential for false positives (though it's improved recently from what I can tell). SQLPrev has a version compatible with CF5 for those who need it where the other script relies on CFMX functions to run. I'm not saying one is better than the other, they both get the job done. Just use whatever works best for you, and update your code so that you don't need either of them g. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311320 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
And this is where I am. I have been using CF since 4.5. Very Scary. Glad I have found this list. I am sure to learn a lot. I will try to read and not bother. Thanks for the SMACK DOWN. I will start to write it in and become more learned. I can say, just in the last weeks since joining I have learned a lot. ~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 14:35:19 -0700 Not trying to pick a fight, becuase I am sure you have forgotten more code than I will ever know (seriously) and I am probably just being lazy (seriously), but is cfqueryparam something a lot of programmers really use? I have never seen cfqueryparam used on any tags I have purchased or exchanged and I am afraid all I know is what I have learned from books and forums. This is the first I have ever heard of using cfqueryparam. It depends on what you mean by a lot. But, if you'd been hanging out on this list at all, you'd have heard of cfqueryparam. It's discussed quite often. But, since most people learn ColdFusion on their own, and it's not a necessary tag to know about to get things done, you could go for years without using it or even understanding why it's needed. -- Josh ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311324 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
Justin, I certainly don't feel picked on. I feel blessed to have a place where I can learn from people who do know so much. And you are right. I (we) only seem to learn under fire. I am a one man business owner in a small town with limited resources and time. 10 hour days, work weekends, what is family time except coaching baseball-soccer-basketball, and I have forgotten what sleep even is. So, what do we do? I am a little embarrassed to say I didn't know, but at least in honesty I can learn and get a complete picture. So, what is PCI-DSS (he asks sheepishly) or is that a whole nother Post Thanks everyone! ~David G. Moore, Jr. P.S. Speaking of Smack Down's. Mary Jo's got a great right cross :) Go get'em girl! Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 17:41:12 -0400 When you say Update Your Code, are you saying using cfqueryparam? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. Essentially, yes, code should be using cfqueryparam and other secure coding methods to keep the baddies out. The resources will get used either way, really. You can either rely on a filter up-front and use up CPU cycles regardless of whether a user is legitimate or not, or even whether or not a query is being run in the page or not, etc. Or, you can implement cfqueryparam where appropriate and only use those cycles where they're needed, and you'll get the added benefit of prepared statements on the SQL Server in most cases and the queries will run slightly faster as a result. Either way you go, protect yourself and your clients. SQL injection attacks have been around since before I got started in web development, and secure coding against them has been a best practice just as long. I remember updating old CF code I inherited way back when I was using ColdFusion 4, so it's certainly nothing new. It's unfortunate that you haven't seen this in practice until now, but it really is something you should be doing. It's been my observation over the years that web programmers in general (not just limited to ColdFusion) tend to learn about security only when there is a breach of some kind, and then have to scramble to learn under fire. Just as an example, how many out there run e-commerce applications and have never heard of PCI-DSS? I'm not picking on you specifically, David, so please don't think I'm calling you out or anything. I'm always learning new things myself, but we web developers need to collectively get more educated about the risks and threats we face and alter our practice accordingly. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311328 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
The only way I found the SQL Injection Attack was my server kept crawling to a dead hault. I looked in SeeFusion (some softwear I purchased that lets me see what is going on live with the websites) and I noticed that the sites Total Time just kept going up and never resolving, basically every website coming to a hault and bringing my server to a scretching hault. I would reboot CF to get it to unlock. After a scan of Cold Fusion logfiles application.cfm file, I saw this weird URL string and thus my search landed me here. Whether or not that is what was or is bringing my server to a hault, I don't know - but I can only hope. I am pretty sure it has something to do with the (don't everyone scream all at once) 45 access databases I am using to run the individual websites off of or not, but just maybe. ~ David G. Moore, Jr. P.S. Can't wait to see everyone's response to this one? I am pretty sure I am about to get another SMACK DOWN... Subject: RE: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 17:59:23 -0400 Does this thing just raise it's ugly head every now and then and go away for a while? This is the first I have seen of it on my server. This is the first large-scale automated SQL injection attack. Automated attacks have been around for a long time, as have SQL injection attacks. Honestly, this current attack is just a nuisance. SQL injection attacks are usually more destructive, in that they often involve the theft of sensitive data. In those cases, of course, the attack is manual rather than automated. But if your site is vulnerable to this automated attack, it has always been vulnerable to these manual, destructive attacks - which may have already occurred without your knowledge. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311332 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
Well, it is my goal :) not there yet... Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 16:59:26 -0500 is cfqueryparam something a lot of programmers really use? Only the good ones. ;) Thanks, Eric David Moore, Jr. wrote: When you say Update Your Code, are you saying using cfqueryparam? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. Not trying to pick a fight, becuase I am sure you have forgotten more code than I will ever know (seriously) and I am probably just being lazy (seriously), but is cfqueryparam something a lot of programmers really use? I have never seen cfqueryparam used on any tags I have purchased or exchanged and I am afraid all I know is what I have learned from books and forums. This is the first I have ever heard of using cfqueryparam.~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 17:01:42 -0400 I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a my SQL Injection blocker is better than yours, yet trying to educate myself on just what is going on and what is best to do. My original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) just checks for basic SQL keywords with a semicolon in URL variables. It's a quick and dirty way to give you some protection from bots short-term while your code base is updated to use best practices and secure coding methods. Mary Jo's is more thorough in that it checks additional variable scopes, and can help protect better against hand-drafted attacks, but may have a higher p otential for false positives (though it's improved recently from what I can tell). SQLPrev has a version compatible with CF5 for those who need it where the other script relies on CFMX functions to run. I'm not saying one is better than the other, they both get the job done. Just use whatever works best for you, and update your code so that you don't need either of them g. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311333 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
So, I have found like the Mother Load of good programmers who really care about Cold Fusion and take the time to do it right? Becuase every peice of code I have ever gotten from Adobe Exchange or Purchase from other sites has never had cfqueryparam. And I know Ben is going to shoot me, because looking back at some of his Advanced books now I see where he says I should be using it. I guess my 10 hour days just turned into 14 hours. Anybody got a Starbucks Supersize Java Java Double Caffeine coupon? Eric is pretty good at the Smack Down too, Eric The Great takes David the Geek over the ropes and into the first row of chairs! (Yes, I am from the South and everything references Wrestling or Nascar) ~David Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 16:59:26 -0500 is cfqueryparam something a lot of programmers really use? Only the good ones. ;) Thanks, Eric David Moore, Jr. wrote: When you say Update Your Code, are you saying using cfqueryparam? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. Not trying to pick a fight, becuase I am sure you have forgotten more code than I will ever know (seriously) and I am probably just being lazy (seriously), but is cfqueryparam something a lot of programmers really use? I have never seen cfqueryparam used on any tags I have purchased or exchanged and I am afraid all I know is what I have learned from books and forums. This is the first I have ever heard of using cfqueryparam.~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 17:01:42 -0400 I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a my SQL Injection blocker is better than yours, yet trying to educate myself on just what is going on and what is best to do. My original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) just checks for basic SQL keywords with a semicolon in URL variables. It's a quick and dirty way to give you some protection from bots short-term while your code base is updated to use best practices and secure coding methods. Mary Jo's is more thorough in that it checks additional variable scopes, and can help protect better against hand-drafted attacks, but may have a higher p otential for false positives (though it's improved recently from what I can tell). SQLPrev has a version compatible with CF5 for those who need it where the other script relies on CFMX functions to run. I'm not saying one is better than the other, they both get the job done. Just use whatever works best for you, and update your code so that you don't need either of them g. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311334 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Consider me connected. At the same time, I will try not to just suck the life out of the list and provide substance where I can. I was a morning radio announcer for 20 years before becoming a web programmer, so if you can't remember the name of that song or artist - just ask. :) As for the can o' worms. If you're ever in Spartanburg, SC, just bring 'em along and I can show you some really nice fishin! Seriously, thanks everyone! ~David G. Moore, Jr. Subject: Re: SQL injection attack on House of Fusion From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Wed, 20 Aug 2008 18:17:34 -0400 I certainly don't feel picked on. I feel blessed to have a place where I can learn from people who do know so much. And you are right. I (we) only seem to learn under fire. I am a one man business owner in a small town with limited resources and time. 10 hour days, work weekends, what is family time except coaching baseball-soccer-basketball, and I have forgotten what sleep even is. So, what do we do? Well, the first step is getting more connected to the community, being exposed to different styles, and being on a list such as this one is a great start. Presentations at user groups can also cover topics such as this if you have one near your area. So, what is PCI-DSS (he asks sheepishly) or is that a whole nother Post In short, PCI-DSS is the Payment Card Industry Data Security Standard. It is required for any merchant who accepts, processes, handles, stores, or transmits credit card or debit card information. It isn't law, but your merchant account (or those of your clients) will have provisions in their contracts that require compliance with these rules. You can read more about it at: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml That's another whole can o' worms though. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311337 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Mary Jo, Sorry. Didn't see all that. First time using this kind of post. Here's another smack down for youit would be nice if you could remove all the extra quoted stuff on your poststake a look at the online web archives, it really makes a mess of the thread! Will do better in the future. No way for me to go in an edit that once it is posted? YUCK. Where's a good Langolier when you need one? Thanks for the education though. ~David P.S. I like your Smack Downs. You got GRIT! Were you wearing a cape or mask when you wrote that SMACK!? _ See what people are saying about Windows Live. Check out featured posts. http://www.windowslive.com/connect?ocid=TXT_TAGLM_WL_connect2_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311358 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Actually I am a pacifist at heart and always try to not lose my temper (serves me well with customers, particularly the endlessly annoying ones!) LOLOL. I am actually a moderately conservative liberal. I believe in loosing my temper only when I know I can't find it. As for not knowing what cfqueryparam is and how to properly secure an application (there's more to it than just cfqueryparam) hopefully all these issues that people are dealing with will help such information make it's way into even beginner CF materials, and not have it be so much of an afterthought as it seems to have been up to this point. On a serious note, it would have been nice that I would have been more aware when I started coding those many years ago. I have more lines of code that need reworking than I care to think of, but I have to start somewhere. --- Mary Jo Thanks for your help today! You have been incredibly patient and kind. Now, I must go home because my wife has called for her third and last time, which means I am on the couch... ~David Rock Moore _ Get ideas on sharing photos from people like you. Find new ways to share. http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311359 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
OK. I thought it was from you. I was sent an email with the link to SQLprev.cfm in an email and they referenced I use your suggestion in the email as well. I stuck the two together. David Moore, Jr. wrote: I am currently using the SQLprev.cfm from Jochem Jochem Wrote? The what from whom?Please don't shoot me. I am new to all this? Sleep deprived... ~David _ Talk to your Yahoo! Friends via Windows Live Messenger. Find out how. http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311362 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Creating a database with repeated information
Melissa, This would be in your Query statement. Insert INTO STATES Where State = '#URL.State#' David G. Moore, Jr. UpstateWeb LLC Subject: Re: Creating a database with repeated information From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Mon, 18 Aug 2008 11:05:02 -0400 Thanks for the welcoming answers. :) I am relatively new to ColdFusion, but I may have misstated my question; it's not the pulling information from the database I'm not sure how to do, it's the setting the database up (efficiently) in the first place. I figure each record will need five fields: the ubiquitous auto-incremented ID, the page title, the page content, then the state and the page name (to call in from the URL, like index.cfm?page=aboutstate=VA). Since all the states will have the same set of ten pages to start, it seems that one should be able to use a cfloop of insert statements. Where I get jammed up is figuring out how to tell it what state to insert in the state field. Would it need to be a long cfswitch saying if i=1 the state is AL, if i=2 the state is AK, etc.? Thanks again! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311184 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Creating a database with repeated information
Ooopss. Subject: Re: Creating a database with repeated information From: [EMAIL PROTECTED] To: cf-talk@houseoffusion.com Date: Mon, 18 Aug 2008 22:19:03 +0700 hmmm... INSERT with a WHERE cause? Didn't you mean UPDATE? Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/David Moore, Jr. wrote: Melissa,This would be in your Query statement. Insert INTO STATES Where State = '#URL.State#'David G. Moore, Jr. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311187 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
