This is the replace statement a regex guru gave me
to wrap a variable found in a string in a span tag.
Not sure you can call them a guru when the only piece of regex used is a pair
of parentheses which are entirely unnecessary. *shrug*
Here's a simpler version that does exactly the same
This is a case for Regular Expressions (RegEx):
REReplaceNoCase(answer, '(#search_string#)', 'span
class=keyword\1/span', 'all')#
Heh, just seen this after the other thread, so guess I'll repeat what I said
there:
Using parentheses is completely unnecessary. Use \0 in the replacement string
Wouldn't this also catch words like 'myselection'?
Yes. \b is your friend. :)
Or possibly even stuff like (?=^|;)\s*(?:SELECT|DECLARE|EXEC|etc)\b to
ensure this is stuff at a beginning of a string/statement.
But I don't really agree with the general approach here.
With cfqueryparam +
I'd raise four must-fix issues with that code.
1:
You haven't var/local scoped any of these variables, despite being inside a
function which is probably going to end up in a shared scope, so this code
isn't thread-safe and thus can cause incorrect behaviour if two people upload
images at the
It's Railo, that's r-a-I-L-o, not Ralio.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
Sorry, yeah, that was worded badly.
I should have prefixed that with If you *always* use the local scope, you
don't need var...
Annoyingly I can't go back and revise the message, and for some reason it got
posted twice too. :/
If the format is as simple as this, regex would be overkill.
Also, don't forget that list functions ignore empty delimiters (by default), so
can just do:
cfset FirstNumber = ListFirst( CurrentLine , 'x_' ) /
cfset LastNumber = ListLast( CurrentLine , '_' ) /
Uh, the original post states all have xx at the beginning.
I can only read that as two literal x characters, not some random value, and
similarly the description of the format as xx-digits-underscore-digits seems to
be pretty explicit.
Given the information provided, the results are entirely
It doesn't matter - CFML is not like Java (where you must pre-define variables
with strict types). In CFML, variables can change types at any time.
If you're just var scoping a cfquery variable, it doesn't matter what you use.
(I would guess using QueryNew might be ever so slightly slower -
With CF9 you don't need the var keyword anymore, and if you don't need
backwards compatible code it's (arguably) clearer to not use it at all.
That means, do NOT use either of your examples, unless you _need_ a value in
myvar1/myvar2 at the start.
Perhaps a good way to explain it is to use
With CF9 you don't need the var keyword anymore, and if you don't need
backwards compatible code it's (arguably) clearer to not use it at all.
That means, do NOT use either of your examples, unless you _need_ a value in
myvar1/myvar2 at the start.
Perhaps a good way to explain it is to use
As has been said, Git was built knowing that branching is an important task -
and so creating and using branches is easy, fast, and flexible.
(I used to work on a large project that used SVN, and I had half a dozen
checked-out copies because I often worked on multiple things and switching
Jason wrote:
Text = reReplace(Text, [^\x20-\x7E], , all);
That'll also strip tabs, newlines and carriage returns, which probably isn't
desired.
Use [^\t\n\r\x20-\x7E] to keep them.
However, this shouldn't be necessary - doesn't TinyMCE already have the ability
to clean-up MS Word pastes?
Hi Jenny, could you provide the address where I can send all future message
drafts for you to verify if you will allow them to be on this list? Thanks!
~|
Order the Adobe Coldfusion Anthology now!
My reply to Rick was not condescending, since to be so requires intent, and
there was none.
My aim with all my responses to this list is to be helpful and try to make the
web a better place. I try to write replies keeping in mind that the post may
well be used as a reference by others -
This is slightly more efficient:
REMatch( '[^]+|\S+' , value )
The difference is probably insignificant here, but as a general rule a negated
greedy match is a better choice than a wildcard lazy match.
(The second half is no different, just makes it more readable.)
when one programmer decides to do a mass search and replace and totally
destroys a code base, then management directs you to do it by hand.
That's because management doesn't know that the correct response to that was:
1) why didn't they check it on their local machine before committing?
1)
( Although the management can probably at least count to three correctly. :$ )
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
Heh, whilst I guess I can see :P being exhaustion, it's always been a
teasing/playful emote for me (which is also how Wikipedia defines it: tongue
sticking out, cheeky/playful).
And yeah, I wasn't offended by anything from you - but I did dislike being told
that I effectively wasn't allowed
Don't built dynamic queries with user-supplied data, unless you like exposing
yourself to SQL injection.
cfquery name=myQuery datasource=myDatasource
SELECT value
FROM table1
WHERE id = cfqueryparam value=#url.param1# /
/cfquery
And url.param1 can contain as many single or double quotes as you
I'm doing a lot of detection and loading code and style
sheets based on what browser is being used, but it's a steady pain to
keep up with what works and what doesn't.
That's why you shouldn't do browser detection, you should do feature detection.
For HTML5, here's a guide to doing that:
We need some sort of continuously updated standard with
more nimble browser updating, as well.
That is *EXACTLY* what HTML5 is now - an evolving standard which you CAN use on
the desktop right now (if you do things correctly; detect features not
browsers).
Richard wrote:
the issue here is that there are various filters being built up from
different functions which is why we are having to do it as a string
and not directly inside a cfquery tag.
The issue here is that you are trying to use cfquery in a way it wasn't
designed to be used, which
I don't quite see it that way, Peter.
...
It's been a long week...
And a long rambling post, which seems to be missing the points I was making. :P
The W3C will always be doing the major milestone nonsense, because they're a
big bureaucratic organisation that does stuff like that.
well any variable has to be #text# with no spaces
No it doesn't. If you felt like it, you could do...
#
text
#
That is perfectly valid and works on all the CFML engines.
However, even if a valid assumption for the codebase in question, trying to
match a hash
I would start by finding/escaping identifiable single hashes - i.e. the font
colours and HTML entities.
Using a regex search that supports lookbehind (so not CF itself, but ok with
CFEclipse/CFBuilder) you can do:
(?!#)#(?=[A-F0-9]{3,6}\s*+[';])
Which assumes colours must end with or '
Steven wrote:
From what I've been reading so far I think this regex should work:
[^#]#[a-fA-F0-9]{3,6}
If I'm correct it would pick up #FF3366 but not ##FF3366.
That will not just pick up #FF3366 it will *also* pick-up the character before
that (either space, colon, quote, etc).
If you are
Ray wrote:
Here is a crazy idea - wouldn't what you are looking for be a runtime
error? If so - can't you use the Code Analyzer in the CF Admin to scan
the folder and find them all at once?
Guessing you meant to write compile-time there (since that's where the error
is; when compiling the
Of course, however you do this, you'll want to make sure you don't
inadvertently escape colours/etc that are *not* inside cfoutput (or any tags
that emulate cfoutput; cfmail, cfquery, etc).
~|
Order the Adobe Coldfusion
Use cfdocument not cfcontent.
Documentation at:
http://cfquickdocs.com/cf9/#cfdocument
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
Ah wait, sorry, didn't read the message properly.
The answer is to use filename attribute of cfdocument - this saves the file on
disk, and doesn't send it to the browser.
~|
Order the Adobe Coldfusion Anthology now!
Give this a go:
cfset Result = InputText.replaceAll
( '~\{(?:(?!/a).)+(?!\}~)(?=/a/li)'
, '$0}~'
) /
It uses the java replaceAll regex function so that it can do the negative
lookbehind to ensure existing correct items are not changed, meaning it can be
run
200ms is still a good page load time.
Not when the original was 20ms!
A page that takes 0.2s to load is no longer instant, there's a detectable
delay, which isn't good.
Does it really take 145ms to check for SQL Injection? :/
What's it doing that takes that long!?
After punching all that data in I was walking to the
card reader with them in one huge stack and I tripped...
I've heard a similar story a few times, and I don't get it.
If I had a large stack of cards, especially one that had to stay ordered, I'd
get a piece of string and make a quick
Well ideally you have a non-development staging server, which closely mimics
your live production server, against which you can run load testing to help
determine this.
The other question is, how secure is your code? If it's riddled with
vulnerabilities then it might be safer to take this
Not only can you do it with jQuery, you /should/ do it with jQuery (or equiv).
Regex is not built for HTML parsing, and there are many reasons why it wont
work correctly when you try. Rather than worry about numerous edge cases, use a
tool designed for the job from the start.
Here's a page which explains how URLs are made up:
http://hybridchill.com/anatomy-of-a-url.html
And here's how your URL divides:
Protocol = http
Server = //localhost
Script Name = /students/index.cfm
Path Info = /register
Query String = action=studentreg
It's possible (but unlikely) that
In this situation, there is no real difference between lazy or greedy - because
the quantified item is mutually exclusive with the next characters - i.e. \s+
cannot match \) - so it will always consume to the end of the whitespace.
It is better to not assume lazy or greedy as a 'default' and
To be clear, CF uses the Apache ORO library, which is different to both Perl
and Java Regex.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Hmmm, although it works that code is not quite correct - there's a few issues
with it.
If you don?t mind characters like ñ, then just use \w instead of A-Za-z0-9_
This is *incorrect* - in ColdFusion regex, \w does NOT include accented
characters. There are other regex engines where it does,
I went to go take a look at it, and got to the download page...
Apparently I have to sign an SLA and NDA to download it?
Screw that.
~|
Order the Adobe Coldfusion Anthology now!
Depends how you've scoped them. Here's a quick example if they're unscoped:
cfloop item=CurVar collection=#Variables#
cfif isQuery(Variables[CurVar])
cfdump var=#Variables[CurVar]# label=#CurVar# /
/cfif
/cfloop
If you've got multiple scopes used, and/or
It's not clear what you're trying to do.
Can you post examples of each type of value it might contain, and whether that
is considered true/false?
(It's probably still simplest to step through the array and check each value
though.)
In CF9, Adobe have (finally) added the ArrayFind function, which simplifies
that code.
(Also available in OpenBD v1.3 and above, and in Railo since early days.)
~|
Order the Adobe Coldfusion Anthology now!
That coupled with StructKeyExists is a pain to type!
Why on earth would you *type* it!?
This is exactly why your IDE has Word Completion, Snippets and Templates!
Str then Alt-/ completes word to StructKeyExists
(press Alt-/ again to cycle through other commonly used words)
ske then Ctrl-J
Oh, just to point out, ske and skel are custom ones I've created. They're not
default commands.
Shortcut keys may vary too.
~|
Order the Adobe Coldfusion Anthology now!
This must be a CFEclipse thing as CFBuilder is CTRL-SPACE
That's code completion. Word completion is faster (when you know what you want).
These are all Eclipse things (and will exist in any other IDE worth using), so
available for both CFEclipse and CFBuilder.
Hmmm, maybe they've changed the default.
Goto WindowsPreferences and type keys in the filter box.
That should bring the key binding panel, type word in that.
Look for Word Completion option(s) and it'll list what the binding is.
If it still doesn't work, check the When value - I've got one
just a quick test, please ignore
(sorry for the noise)
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
I prefer to CFParam my vars with a default value of a zero len string or a 0
for numeric values. Then I skip the isdefined and just test against the
value. Well recently someone I know said that it's better to test if it's
defined. Is there a pro or con to doing it my way vs. IsDefined ?
There
It'll have a (very very minor) impact on the first load.
I'd be surprised (and dissappointed) if it wasn't optimised away after that.
However, don't forget Human performance impact - if it takes an extra 0.5
seconds to decipher whether it just says varName versus #varName#i (or
similar), then
Hmmm, I'm guessing the web interface to cf-talk is doing double escaping or
something bad.
~|
Order the Adobe Coldfusion Anthology now!
However don;t forget that these files are only loaded once and then are
cached by the browser.
Not guaranteed in all cases, and also the first impression can be the most
important one, so definitely worth looking at a custom solutionm based on
jQuery (or other established framework)
Also,
Josh, you're missing the point entirely.
Converting from CSV-Query makes sense and wasn't being questioned.
Using the cfhttp tag to do the conversion is what's crazy.
There is no sensible reason for requiring CSV conversion to go via HTTP - since
the vast majority of the time this isn't
To use an analogy, just because trillions of flies eat manure, does
that mean we ought to?
Directors don't care if developers eat shit, once they get the job done quicker
and cheaper.
There's also the quote Nobody ever got fired for using #IndustryLeader#.
Which isn't particularly helpful,
Don't specify the columns attribute, it is not needed, and obviously doesn't
work.
(The columns attribute is part of cfhttp's csv parsing ability. Why cfhttp does
CSV parsing instead of having dedicated CSV functions is something only Adobe
can tell us.)
Use the cfhttpparam tags to send
Anyone have a reliable reference to how many sites may are using ColdFusion?
Why do you want one?
~|
Order the Adobe Coldfusion Anthology now!
Oh and name is incorrect attribute too.
Should be result to change the default 'cfhttp' variable name.
There's a lot of hidden fields you probably need to pass in - here's some code
that will get you a step closer.
(Note how the cfhttp tag only has URL and METHOD attributes - nothing else is
To respond to an IT director who thinks ColdFusion is dated and not in much
use anymore...
Well if he's determined, he'll just return with how many sites run on PHP or
.NET or whatever.
Numbers don't help for CF - what you need to demonstrate is how active and
passionate the community is.
A
cfset keywords = reMatchNoCase([?|][p|q]=[^]+, referer)
This is incorrect - the | is a literal in character classes.
You want [?][pq]=[^]+
~|
Order the Adobe Coldfusion Anthology now!
That's not SQL injection, it's HTML injection. (Or XSS as the fashionable term
is).
You need to use HtmlEditFormat (or similar function) to ensure all content
output to HTML pages gets appropriately escaped.
(If you need to allow certain HTML, escape it all, and then unescape only the
safe
There's little point in making it Open Source.
It might be a nice gesture from Adobe, but it's hard enough finding CF
developers willing to do Java; finding a Delphi developer willing to support
HomeSite would be even worse!
For the people that like Homesite, there's nothing wrong with
Read up on threading, which CF implements with the cfthread tag.
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
You'd be best talking to your local Adobe rep about this.
Something on this page will probably give details for that:
http://www.adobe.com/support/contact/
If Adobe can't provide you with a price you're happy with, you might want to
consider Railo (http://www.gerailo.com) and OpenBD
Do this:
cfloop index=i array=#variables.exampleList.split('oat')#
...
/cfloop
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
If they are clicking on the email links as well, that's pretty
advanced..
No its not. It's simple.
A small challenge for a general purpose one, but trivial if you're targeting a
specific site/application.
If you know how to use cfpop, rematch and cfhttp, you can throw an email
validation
Is it possible to dynamically evaluate the temp variable from the
regular expression and use it as a ColdFusion variable?
It's not a temp variable from the regular expression, it is a variable which
exists *within the scope* of that regular expression.
That's important to understand - given
Beehive Forum is the best forum software, and it happens to be PHP. :)
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
I really love how people do not read the post in question.
Huh?
I did read the question.
Looking back it seems both Sebastiaan and I misread the (badly structured)
second paragraph in the post and assumed he was asking for a software package.
The subject and question are both ambiguously
Don't limit yourself to looking specifically for a PHP community.
Go for a general programming community, to learn concepts in a general fashion,
and (if necessary) then use the PHP manual to learn specific syntax/etc.
(Although most general communities will have PHP users anyway.)
And for
Well I can't comment on how good the PHP devs are, but in general SO users tend
to figure out the intent fairly well - and it has the benefit of allowing edits
and comments to clarify things further.
One way to test how well (any) community works: ask a question you've already
figured out,
That'll probably be matching against the full hostname, so try this:
RewriteRule /[\w-]+/$ index.cfm\?name=$1 [NC,L]
Also might be necessary to escape the slashes, so if that doesn't work give
this a try:
RewriteRule \/[\w-]+\/$ index.cfm\?name=$1 [NC,L]
(Another thing you could try is
The only punctuation that \w matches is underscore.
To match hyphen also, use [\w-], which then gives the expression /[\w-]+/
(To match hyphen but not underscore [a-zA-Z0-9-] is what you want)
NOTE: The hyphen must be first/last in the class, or be escaped with a
backslash.
To specifically
What Justin should have put was this:
WHERE somefield = cfqueryparam value=#trim(form.field)#
cfsqltype=cf_sql_varchar/
Always use cfqueryparam for user-supplied query values!
~|
Want to reach the ColdFusion community with
We have some pretty simple CF8 code, to merge individual PDFs into a single
document:
cfdirectory action=list
directory=#Application.PdfDir#
filter=#Attributes.RunId#*.pdf
sort=asc
name=pdfList
/
cfif pdfList.RecordCount
cfpdf action=merge
Turned out the source PDFs were corrupt/truncated, due to that damned 64000
byte default on the datasources. (I'm almost certain I'd changed that, but oh
well.)
Anyone have suggestions on a nice way to throw an error when the data is
truncated? (rather than silently failing at that point and
Nah, I was hoping for a check at the insert stage.
I guess something like:
cfif SizeOfData(PdfData) GT CFAdmin.Datasources['PdfStorage'].MaxBlobSize
[throw error]
cfelse
[insert data]
/cfif
A long-winded alternative would be, after the insert, to do a select, write
file, then IsPDF on
The qpscanner is ok in general but I want something that will only get
me numeric variables that are not in a cfqueryparam.
That is not enough to protect you!
It is not hard to create injection attacks that bypass CF's auto-doubling of
quotes.
qpscanner deliberately errs on the side of
I think there's at least one or two more too. I should really make a
note of them somewhere...
Charlie Arehart's list.
Pretty sure he's got all this listed in a security/similar category.
Yep, here we go:
http://www.carehart.org/cf411/#testing
1) Does this functionality exist in the newer versions of the Aptana /
CFECLIPSE IDE?
Not afaik.
2) If not, then is there some similar type of functionality that will allow
me to select an entire tag and perform an indent / outdent?
You can use jump to matching tag to identify the appropriate
but what is the query syntax for the reverse scenario when the
multiple values passed by a form are NOT IN that particular data set?
You should have tried what you wrote, because that's what it is: NOT IN
So:
SELECT stuff FROM somewhere WHERE id IN (1,2,3);
Can be inverted to:
SELECT stuff
Oh and in both cases, since this is user-supplied form data you must use
cfqueryparam to protect the database.
Like this:
SELECT stuff FROM somewhere
WHERE id IN (cfqueryparam list=true value=#Form.ListOfIds#
cfsqltype=cf_sql_integer/)
And again the same for doing NOT.
Use UrlEncodedFormat for encoding URLs (i.e. contents of href and src
attributes)
Use HtmlEditFormat for encoding text that displays on the page (i.e. contents
of tabs).
I'm guessing you want something like this:
a href=#UrlEncodedFormat(MyLink)##HtmlEditFormat(MyLink)#/a
Ah, I didn't read the original post fully. :$
So is this IE8 or IE7, and if the former, is in compatibility mode or not?
Have you been able to duplicate it on other machines?
Do you have any toolbars or plugins installed that might be causing it?
I have no control over this code
The only time parsing HTML with RegEx might be remotely viable is when you know
what that code will be - if the HTML is uncontrolled then using RegEx is a
futile effort.
RegEx is for dealing with Regular text, and HTML is not a Regular language -
even
Not the best option
What's a better option then?
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
I have a (large) table that has a list of
users with IDs of newUsers and oldUsers.
This is wrong!
Every ID on the page *must* be unique.
Use CLASS for common attributes.
~|
Want to reach the ColdFusion community with
I can't get to adalon.net (home of an old Fusebox-related tool).
Does anyone have v3.6 of Adalon which they can either put online, or email me
offlist with?
Thanks.
~|
Want to reach the ColdFusion community with something
This will replace everything that is not alphanumeric with a dash:
ProductPageName = rereplace( Form.PageName , '\W' , '-' , 'All' )
However, the above will change this that to this---that, if you would
prefer a single dash in situations like this, you can simply do this:
ProductPageName =
This doesn't sound like a very robust method.
Are you able to provide sample invoice(s)?
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
As I said, relying on line numbers doesn't seem like a robust method - what
happens if the top of the invoice is changed, and it suddenly becomes line
15/16 or 32/33 or something else?
Ideally you refer specifically to the location of the invoice number, hence
asking for a sample of the
The Invoice will not change, its only ever going to be on line 26 or line 27
I'd say the odds of that being the case are low... things like this frequently
come back to bite you.
I tried your code but all i get is an error messag saying:
You have attempted to dereference a scalar
Just noticed you're using rematch there - which is good since ListToArray will
remove blank lines (not what we want).
However, you can simplify it - instead of the crlf variable you can do:
cfset lineArray = reMatch( '\r\n' , myFile ) /
And, once you're there, it's one extra character to do:
A very quick summary...
Use cfqueryparam tags to insert user-provided data into the database.
Use the appropriate function (HtmlEditFormat, XmlFormat, UrlEncodedFormat,
JsStringFormat) to output user-provided data.
These will (should) deal with escaping all reserved characters.
If in doubt,
I'm converting PDFs to image
format, and would expect some kind of control over the output quality
- I'm writing a JPG after all.
Yep, and you *should* have the option to set a compression percentage for that,
so I would raise that bit as a bug.
I'm guessing the resolution setting is
lets say we have 650 elements in our list.
split them into seperate lists with a maximun of 100 elements.
remember, each list must be in a variable
Here we go - InputList will be your 650 elements.
SegmentedLists is an array of the results.
cfset SegmentedLists = segmentList( InputList ,
The resolution of an image defines the default physical size it gets sent to
the printer as (and it can generally be overridden at print stage anyway).
So you can probably ignore it.
~|
Want to reach the ColdFusion community
resulting images are identical in size. I checked the actual
resolution in Fireworks and it's 72 for both images.
It may well be that Fireworks is ignoring the value provided - you'll need to
use a metadata viewer to find out what value the actual file has, rather than a
graphics editor.
The client doesn't know...they want the pros/cons.
From what you've said, I'm inferring that they will mostly have 'normal'
people using their systems.
The main pro of mailing lists is that they're convenient for busy techies.
Some cons of mailing lists is that they're limited and
I don't see why anyone would have a problem using listserves...
And that's part of the reason why there's such a significant divide.
Technical people are fine with mailing lists; they understand them and can
generally setup their email client in a suitable way, and they don't get what's
wrong
1 - 100 of 483 matches
Mail list logo