You CAN Use the File System With Cfdocument (Who Knew)
In regard to my previous post on Cfdocument and SSL I stand corrected. It is definitely possible to use a "file:" protocol identifier in the image path when using Cfdocument. My problem was with the syntax. As is often the case, a helpful reader put me on the right path. Thanks to Julian Halliwell for pointing out that my problem was syntax. I was trying 2 slashes as in:
Not only is this a rock solid fix for the SSL issue (see the previous post) but it has the potential to dramatically impact the speed of your cfdocument call, especially if you using large images. We have an application that embeds fairly large photographic images. I'm guessing this will greatly increase the speed of rendering. I'll post a follow up and let you know.
Sneaky Coldfusion - Creating CF Tags Out of HTML Tags
This is quite possibly the neatest trick ever invented for Coldfusion - so hang on to your Cf_hat. I had nearly forgotten about it until someone on CF-Talk mentioned a problem they were having. It seems they were struggling with a CMS system where users were entering hyperlinks that were incorrectly formatted (they lacked URL encoding). The dilemma was how to fix it without requiring action from the user.
Read MoreThe Application Security Pyramid - Securing Your Code
Is your site vulnerable to SQL Injection Attack? How about Cross Site Scripting? Are you even sure you know enough about those 2 vulnerabiities to protect against them?
This post is a continuation of a 5 part series on security called "The Application Security Pyramid". The introduction introduced a new metaphor for dealing with security that loosely mimics Maslow's heirarchy of self-actualization. In Part I I discussed the importance of "border patrol" technology to safeguard your network. In part II I discussed internal Policing and People Policy. In Part III I discussed the importance of managing the security framework of your actual application and how it relates to it's specific environment. In this, our final post in the series, we will discuss securing your application code itself.
Cfmail and Missing Line Breaks
Here's a quick tip I learned today on CF-Talk about CFMAIL and whitespace. If you are using CFMAIL to send plain text mail but you set the "suprressWhitespace" attribute to YES it will strip out the whitspace and cause the mail to be sent without line breaks. To fix it, simply wrap your cfmail tag in a cfprocessingdirective tag, like this:
<cfmail from="blah" to ="blah" subject="more blah">
even more blah with a linebreak
some more blah
sincerly
blah blah
</cfmail>
</cfprocessingdirective>
Getting the Auto Number Field in MS Access
As a follow up to this Previous Post on using the @@Identify Field and it's related function "scope_identity()", it appears that it is possible to do this same thing in Access. Charlie Arehart has posted a great article with some examples titled "Select @@Identity Works in Access. Worth Exploring. Check it out.
Server-side Vs. Client-side Validation Revisited
CF Muse Reader Asks:
You suggest both client and server side should be used for validation. Just to check - I should code so that js picks up the errors first using event code or onsubmit then let server side pick up the errors on submit using cfinput validate/required etc. Or do I recode all the stuff to be event driven such as onchange etc.
This question refers to the previous post on form validation. From the way the question is phrased I believe the reader is probably proficient at JavaScript. There are some amazing things you can do with JavaScript, and I'm in favor of creating intuitive interfaces that help your user cope with the complexity of your application. Obviously JavaScript is or can be a big part of that solution. If your concern is to provide a better user experience then JavaScript is helpful and necessary. If your concern is to validate your data for accuracy and security then you must use server side code to check your form inputs.
Read MoreCFMX and the Dot Operator - Migrating From CF 5 to CFMX
If you come from the old "Coldfusion 4-5" days (in fact many or our customers are still running CF 5) then you might remember how those earlier versions handled variables with periods in the name. If you created a variable with a period in the name CF simply treated the period as if it were part of the variable name. For example, if you did the following in CF 5:
You would not have created anything more than a primitive variable named "var1.var2.var3". If you tried to use <cfdump ...> to dump out var1 it would generate an error - var1 not found. If you intended for var1 to be a structure containing a structure var2 containing a primitive var3 then you would have to rewrite the code like this:
<cfset var1.var2 = structNew()>
<cfset var1.var2.var3 = "My Dotty Variable">
Running Queries Using JavaScript?
CF Muse Reader Asks:
I am trying to develop 3 drop down list boxes which gets the data from the database. On change of first will pop up second and on change of second will get the values based on first and second. Do you know the smartest way to do this. How can I run queries from JavaScript?
The first thing to decide is, do you really want to connect to the server for each change in the drop down box? The answer depends on the size and schema of the database.
Read MoreSites to Watch
Aggregators
RSS
