ColdFusion Code Validation

Posted on 2011-10-19
Last Modified: 2012-05-12
Can someone tell me how to add code to a cf web form that will dis allow certain characters from being entered into the form fields.  The form data is dumped into a 2005 SQL Server database.  I need to prohibit certain characters, i.e. single quotes, from being entered.  I assume you use some kind of form validation but I'm not sure how to do it.
Question by:RavenTim
    LVL 51

    Expert Comment

    You can use javascript to validate on the client side, and CF replace() or a regex replace to revalidate on the server side.

    But first we need to know which characters you want to allow/disallow. Use whichever set is smaller.

    Author Comment

    AGX:  I'm not sure about a set of charcters, however, I do know that single & double quotes have created problems when they have been passed on to the datafields.
    LVL 51

    Accepted Solution

    Shouldn't be a problem if you're using cfqueryparam. (Which you definitely should for security alone).

    But to answer your question, if it's just those 2 for now, I'd use a plain vanilla replace:

    <cfsavecontent variable="form.someField">
    This is a test of "quotes". Lot's of quote. Both 'double' and "single".
    Yeah, I deliberately ' mixed "" them up for fun! ;)
    <!--- remove all single and double qutoes --->
    <cfset form.someField = replace(form.someField, '"', "", "all")>
    <cfset form.someField = replace(form.someField, "'", "", "all")>

    Open in new window


    Author Closing Comment

    Thank you!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    PROBLEM:  How to open a cfwindow or run a function on double click of a cfgrid row. One of my clients wanted to be able to double click on a row item to get more detailed information about a transaction and to be able to modify the line items i…
    Today, I was working on some optimization and spam-stopping techniques when I encountered Ben Nadel's post to reduce spam feature using Math ( While this method is not o…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now