[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 184
  • Last Modified:

ColdFusion Code Validation

Can someone tell me how to add code to a cf web form that will dis allow certain characters from being entered into the form fields.  The form data is dumped into a 2005 SQL Server database.  I need to prohibit certain characters, i.e. single quotes, from being entered.  I assume you use some kind of form validation but I'm not sure how to do it.
0
RavenTim
Asked:
RavenTim
  • 2
  • 2
1 Solution
 
_agx_Commented:
You can use javascript to validate on the client side, and CF replace() or a regex replace to revalidate on the server side.

But first we need to know which characters you want to allow/disallow. Use whichever set is smaller.
0
 
RavenTimAuthor Commented:
AGX:  I'm not sure about a set of charcters, however, I do know that single & double quotes have created problems when they have been passed on to the datafields.
0
 
_agx_Commented:
Shouldn't be a problem if you're using cfqueryparam. (Which you definitely should for security alone).

But to answer your question, if it's just those 2 for now, I'd use a plain vanilla replace:

<cfsavecontent variable="form.someField">
This is a test of "quotes". Lot's of quote. Both 'double' and "single".
Yeah, I deliberately ' mixed "" them up for fun! ;)
</cfsavecontent>

<!--- remove all single and double qutoes --->
<cfset form.someField = replace(form.someField, '"', "", "all")>
<cfset form.someField = replace(form.someField, "'", "", "all")>

Result:
<pre><cfoutput>#form.someField#</cfoutput></pre>

Open in new window

0
 
RavenTimAuthor Commented:
Thank you!
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now