ColdFusion Muse

Number Formatting in Coldfusion - a look "Under the Hood"

Formatting numbers is a pain. It would be great if our little human pea brains could read a number without commas in it to group the hundreds (or periods for my European readers). Sadly, we find ourselves unable to cope without the commas, so a good deal of display code regarding numbers is written to simply output them in the correct format. Most CF programmers use numberFormat( ) or decimalFormat( ) to control the output. Decimal format seems handy because it doesn't require a mask and produces the typical format you would expect. The 2 functions are quite different however and it may cause some perplexity when you are working with large numbers. Let me explain.

Note: Examples provided by Russ "Snake" Michaels from the CFGURU list :)

Cfdocument and Performance

Cfdocument is a new weapon in the Coldfusion arsenal. It's not without it's detractors, but personally I think it is splendid for what it can do. When it comes to performance, however, there are a number of things to keep in mind. If you think about what Cfdocument is being tasked to do under the hood and I'm sure you could come up with a few as well. Since it is my blog, we might as well work from my list...

Crashing Your Server in an Infinite Number of Steps

Infinite loops are great fun. Technically an infinite loop is one with no hope of ever stopping. In the old days(1995) I worked for an outfit with a database product for salvage yards. The whole thing was written in MUMPS and everything was done through a terminal. The first program I ever wrote myself was a "spinner" program. It ran on the terminal and produced the following characters 1/2 second apart - "/,|,-,\,|" the result was a little spinning widget on the terminal. I added some text that said "rebuilding dataset, please wait". Whenever we were working on something and needed a way to keep folks from hassling us with new issues we would put it up on the screen. It looked like it was really doing something. With an http request it's a different story however...

Function for Handling Email Injection Attacks

Many of my readers have been following a posting made some time ago on email injection attacks and Coldfusion. I noticed a recent function called trimFalseEmailHeaders posted on CFLib by Tony Brander. The purpose of the function is to strip out possible injection attacks from the email body. The general consensus is that scrubbing input parameters is the best way to handle this problem.

It's never been proven to me (however) that any version of CF is actually vulnerable to injection attacks - since CF handles the creation of the spool file through the cfmail tag. If it is vulnerable I have a feeling it would be earlier versions. CFMX adds a "BODY" string to each line of the spool file, making it difficult to control line content in a way that would line up a header correctly. The biggest problem with injection is the announce of receiving 3 or 4 bogus "contact us" submissions.

Watch out for Coldfusion Mappings When Using onReqest( )

I love using the application.cfc file instead of application.cfm. The cfc approach encapsulates several events inside of automatically fired functions that formerly required "hand coding". For example, I used to check to see if application vars existed and set them if they did not. This required thinking about locking and testing one or more variables for existence (isDefined() or structKeyExists()). Using Application.cfc means this job is handled by the onApplicationStart( ) function. One function that belongs to Application.cfc deserves a bit more attention - the onRequest( ) function. Here's an example from a webtop application that forces login.

Radder Rad With Cfquery and Cut and Paste

When I first heard of RAD my immediate thought was the wonderful folks of Virginia and the Cumberland Gap - where I met my wife (a nurse from Minnesota, what are the odds). In the blue green mountains of Appalachia, everyone knows about Rad. It's the opposite of Blue. If you mix a little yeller into it you get arnge. When I started studying IT and Technology. It didn't take me long to learn that RAD stood for "Rapid Application Development". Now if you've been using Coldfusion for any length of time you will know that "RAD" is a word often used in to describe the usability and accessibility of the language. Here one reason why....

Listen Here

How to Build a Website in 4 Hours (without Elves)

If it hasn't happened to you already it will happen eventually. Someday soon, someone is going to ask for your help building a web site pro-bono. Now, I think this is a very good idea. If you are a member of a Church, a Scout leader, a band booster or involved in any other worthwhile cause that's long on commitment and short on funds, you should dedicate a part of your skills to helping them leverage the web. The problem is usually time. If you are like me you may have trouble coming up with enough time to build a web site "for free" - at least not the 30 or 40 hours you feel such an effort deserves. Not to worry... I'm here to tell you that with a couple of simple choices you can build an excellent web site in around 4 hours. What?? You don't believe me?

Listen Here

"Ask A Muse" Answers Anonymous Questions

When I blatantly stole Ray Camden's "ask a jedi" and created "ask a muse". I was gratified that so many people took advantage of the form to ask a question. Granted, many of them where oil ministers sons from Nigeria - but there were still a number of pertinent questions to which I've been able to respond. There have been a number of good questions to which I have been unable to respond, either because I don't understand the question, or because I don't know the answer. Accordingly, I have added an "email" text box so I can at least respond in person to the asker - ever if I can't answer the question. Here are some of the excellent questions I've received: