?
Solved

ColdFusion form: using INPUT instead of CFINPUT

Posted on 2014-04-17
4
Medium Priority
?
1,061 Views
Last Modified: 2014-04-18
ColdFusion 9
MS SQL Server 2012

Hi friends.

I am trying to get a form to work using INPUT rather than CFINPUT. Why? I want to avoid using the scripts in CFIDE; also, I am using a pure CSS3 method of client-side form validation that recognizes the INPUT tag but, for some reason, gets buggy when I use CFINPUT.

When I use CFINPUT, then my variables display in the form field. See attached image.

Is there any way I can use INPUT, rather than CFINPUT? I attach code for file EditNews.cfm. Thank you for your help as always.

Eric

<!-----
Name:        editNews.cfm
Author:      Eric Bourland / gdemaria / _agx_
Description: this interface allows a user to create and edit database records that contain news items
Created:     March 2011
Edited: April 2014
ColdFusion Version 9
MS SQL Server 2005
----->


 <!--- Set default value for newsID in scope URL --->
<cfparam name="url.newsID" default="">

<!--- Define newsID in scope FORM, then set form.newsID equal to the newsID passed in the URL: for use later in the application --->
<cfparam name="form.newsID" default="#url.newsID#">

<cfparam name="form.newsTitle" default="">
<cfparam name="form.newsContent" default="">
<cfparam name="form.newsAuthor" default="">
<cfparam name="newsDateCreated" default="">
<cfparam name="form.NewsDate" default="">
<cfparam name="form.newsExcerpt" default="">

<!--- in user-editable fields, set up protection against XSS  --->
    <cfloop collection="#FORM#" item="field">
      <cfset FORM[ field ] = ReReplaceNoCase (FORM[ field ], "<script.*?>.*?</script>", "", "all")>
    </cfloop>

<cfquery datasource="#application.datasource#" name="editNews">
SELECT newsID, newsTitle, NewsDate, newsAuthor, newsContent, newsExcerpt, newsDateCreated
FROM #REQUEST.NewsTable#
WHERE newsID = <cfqueryparam value="#val(url.newsID)#" cfsqltype="cf_sql_integer">
</cfquery>

		   
<!---- begin CFTRY; catch errors ---->
<cftry>  
 
<!---- populate cftry with error message ---->
<cfset variables.error = ""> 
 
<!--- begin form.doSave --->

<cfif IsDefined("form.doSave")>

<!--- when an newsID Exists, the action is UPDATE --->
   
<cfif val(form.newsID)>
                
            <cfquery name="UpdateRecord" datasource="#application.datasource#">
				  UPDATE #REQUEST.NewsTable#
				  SET
           newsTitle = <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(Left(form.newsTitle,255))#">, 
           NewsDate = <cfqueryparam cfsqltype="cf_sql_date"  value="#createODBCdate(Trim(form.NewsDate))#">,
           newsAuthor = <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(Left(form.newsAuthor,128))#">,
           newsContent = <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(form.newsContent)#">,
           newsExcerpt = <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(form.newsExcerpt)#">
           		  WHERE newsID = <cfqueryparam cfsqltype="cf_sql_integer" value="#val(form.newsID)#">
			</cfquery>


<!--- CFELSE: if newsID does not exist, then create new record --->
				<cfelse> 
                
                
<!--- query to insert new user record into #REQUEST.NewsTable# --->
			<cfquery name="InsertRecord" datasource="#application.datasource#" result="newPage">
				 INSERT INTO #REQUEST.NewsTable#
     					(
                        newsTitle,
			            NewsDate,
                        newsAuthor,
                        newsContent,
                        newsExcerpt,
                        newsDateCreated
                        )
			     VALUES(
                    <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(Left(form.newsTitle,255))#">,
                    <cfqueryparam cfsqltype="cf_sql_date"  value="#createODBCdate(Trim(form.NewsDate))#">,
                    <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(Left(form.newsAuthor,128))#">,
                    <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(form.newsContent)#">,
                    <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(form.newsExcerpt)#">,
                    <cfqueryparam cfsqltype="cf_sql_timestamp" value="#now()#">
                         )         
					</cfquery>
                    
                    
<!--- use the result attribute value (newPage) to set form field value --->
      <cfset form.newsID = newPage.IDENTITYCOL>
              
<!--- END queries to update or insert database records ---> 

<!--- END cfif val(form.newsID) -- if a topic needed to be updated or added, then it was done --->
					    </cfif>  


<!--- done? relocate --->

<cfif val(url.NewsID)>
<cflocation url="/admin/editNews.cfm?NewsID=#url.NewsID#" addtoken="yes">

<cfelse>                     
<cflocation url="/admin/manageNews.cfm" addtoken="no">
				     
</cfif>
             
<!--- END: Save action --->

<!--- END form.doSave --->
                    </cfif>
       
<!--- END queries to update or insert database records ---> 
        

<!--- this CFCATCH will trap errors --->
            <cfcatch type="Any">
                 <cfset variables.error = cfcatch.message>
            </cfcatch>

<!--- END CFTRY --->  
			</cftry>
       
       
<!--- fetch the data from the database only when there are no errors; let the form variables pass back from the data table into the form to display ---->
 
<cfif len(variables.error) eq 0>
    
<!--- get data from table #REQUEST.NewsTable# and convert the data into form variables --->
			  <cfquery name="getPageDetails" datasource="#application.datasource#">
			    SELECT newsID, newsTitle, NewsDate, newsAuthor, newsContent, newsExcerpt, newsDateCreated
                FROM #REQUEST.NewsTable#
                WHERE newsID = <cfqueryparam cfsqltype="cf_sql_integer" value="#val(form.newsID)#">
 			  </cfquery>

  			<cfloop index="aCol" list="#getPageDetails.columnList#">
			       <cfset "form.#aCol#" = getPageDetails[aCol][getPageDetails.currentRow]>
			  </cfloop>
    
</cfif>



<!----- if record already exists then update record; otherwise, add new record ----->
				<cfif val(url.newsID)>
					  <cfset FormTitle="Update News">
					  <cfset ButtonText="Update">
				<cfelse>
						<cfset FormTitle="Create News Record">
						<cfset ButtonText="Create News Record">

				</cfif>

       
       
       <!--- BEGIN HTML / CSS PAGE HEADER --->
<cfinclude template="/admin/admin_header.cfm">

<cfinclude template="/admin/adminNav.cfm">




<!--- if there an error, display error in readable form --->

<cfif len(variables.error)> 
	  <cfoutput>
	    <div class="errorbox">#variables.error#</div>
	    </cfoutput>
   


             <div class="center">
               <input type=button value="Go Back" onClick="history.go(-1)">
             </div>
             
             <cfabort>
</cfif>

<cfparam name="url.cftoken" default="">

<cfif len(url.cftoken)> 

<div class="center"><button class="medium green"><span class="icon white medium" data-icon="C"></span> Update Succeeded. Good work.</button></div>

</cfif>

	<!--- Add or Update News Form begins here --->
	<cfform method="post" enctype="multipart/form-data" name="ebwebworkForm" class="ebwebworkForm">
                
 
 <!--- Embed newsID (PK) to assign a value to it --->
 <cfoutput>
<input type="hidden" name="newsID" value="#form.newsID#" />
 </cfoutput>

    <ul>
        <li>
<cfoutput>
<legend><h2>#FormTitle#</h2></legend>
</cfoutput>

     <img src="https://lh6.googleusercontent.com/-rXrwzErpu7Q/U06TdnsBKfI/AAAAAAAAAoA/5QepC-sHWpc/s800/red_asterisk.png" alt="Required Field" width="16" height="16"> Required
      </li>

<li>
  <label for="newsTitle"><h3>News Title:</h3></label>
  	 <input name="newsTitle" placeholder="Enter News Title" value="#form.newsTitle#" tabindex="1" pattern="^[A-Za-z0-9_]{1,15}$" size="70" type="text" autofocus="true" required="yes" />
        <span class="form_hint">Enter News Title</span>         
</li>
        
        
 <li>
    
<label for="NewsDate"><h3>News Date:</h3></label>
<input name="NewsDate" placeholder="Enter Date in mm/dd/yyyy format" value="#DateFormat(NewsDate, "mm/dd/yyyy")#" tabindex="2" pattern="(0[1-9]|1[0-9]|2[0-9]|3[01]).(0[1-9]|1[012]).[0-9]{4}" size="70" required="yes" />
<span class="form_hint">Enter Date in mm/dd/yyyy format</span>
        
</li>
        
        

<li>

<label for="newsAuthor"><h3>Author:</h3></label>
<input name="newsAuthor" placeholder="Enter Author Name" value="#form.newsAuthor#" tabindex="3" size="70" required="yes" />
<span class="form_hint">Enter Author Name</span>
        
</li>



            <p class="center">Use the TinyMCE Editing Interface to edit content:</p>


 <cfinclude template="/admin/TinyMCE.cfm">

<li>
<label for="newsContent"><h3>News Description:</h3></label>

    <span class="smallred">Enter and format content here.</span>
     
      <textarea name="newsContent"
      		wrap="virtual"  
      		tabindex="4"
      		width="600"
	  		height="300"
      		style="width:600px;height:300px;"
      		required="yes">

           <cfoutput>#form.newsContent#</cfoutput>
   
	  </textarea>
</li>

     
     <li>
     <label for="newsExcerpt"><h3>News Excerpt:</h3></label>
     <span class="smallred width600px">Display an excerpt to encourage readers. Just text, no images. There is no need to format this excerpt text. Your web site style sheet automatically applies formatting per the established style of your web site template.</span>
      <textarea name="newsExcerpt"
            wrap="virtual"  
            tabindex="5"
            width="600"
			height="100"
            style="width:600px;height:100px;"
            required="yes">

           <cfoutput>#form.newsExcerpt#</cfoutput>
   
	  </textarea>
</li>
    
    
    <li>
<div class="submitButton">
   <cfoutput>  
   <button name="doSave" type="submit" class="green">#ButtonText#</button>
   </cfoutput>
</div>  
</li>
    
    
    </ul>



</cfform>




<!--- Page footer --->
<cfinclude template="/admin/admin_footer.cfm">

Open in new window

cfinput.gif
0
Comment
Question by:Eric Bourland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 39

Accepted Solution

by:
gdemaria earned 2000 total points
ID: 40008023
Eric,

You need to have <cfoutput> around the input tags :)

You don't need them with CFINPUT because its' a CF tag, but when it's not a CF tag, you need cfoutput
0
 
LVL 5

Expert Comment

by:Pasha Kravtsov
ID: 40008024
I don't know CFML at all but on an unrelated note I do want to recommend that you have the latest patch/security update for CF 9. It's really really easy for a malicious user to gain admin credentials and destroy everything you're working for..
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 40008231
@Eric, I understand all you need is validation Portion, Give the jquery validation, you will never look back.

If you preety much worried about the form validation, i suggest you to purchase  a Custom Tag by EwSoftware:

http://www.electricsheep.co.nz/products/terraform/

Probably, it is not maintained any more i suppose, but the author can help you if you purchase the tag.,

well, as @gd suggested, cfinput is needed if you using input with validation.

Although the cfinput will call CFIDE directory to make the validation work.

Also, if you use cfinput and clicks on submit, it will show all the messages in single alert box for all the fields with whom you have provided the validation..

So best bet is you can either purchase the above listed custom tag or get the one for the following list:

http://www.riaforge.org/index.cfm?event=page.search#form%20validation

http://www.riaforge.org/index.cfm?event=page.search#validation
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 40008964
=)

gdemaria -- yep, that was it.

Pasha -- yep, that is true. I am very conscientious about patching my CF 9 server, and I get a lot of support from my ISP, viviotech.net. I know that one day I will need to move up to CF 10, or the new CF 11 whenever it comes out and CF 9 is no longer supported. I keep track of patches and security concerns.

randhawa -- I hear what you are saying. I have spent a great deal of time over the past several days testing different client-side form validation methods. Most everything fails or is imperfect. The current solution I am using works ... mostly. It is not perfect and I am having some very weird trouble with some of the formatting of the form field hints -- "Enter date in mm/dd/yyy format", etc.

I will take a closer look at the two ideas you have suggested. I have invested so much time in this, that I am stubbornly determined to make it work.

Later I will think about server-side validation. Though, since I want to eschew CFIDE completely, I am not sure how this is going to work. This is something I will think about.

Thank you all for your ideas. I hope your day is going well. Onward....

Eric
0

Featured Post

RHCE - Red Hat OpenStack Prep Course

This course will provide in-depth training so that students who currently hold the EX200 & EX210 certifications can sit for the EX310 exam. Students will learn how to deploy & manage a full Red Hat environment with Ceph block storage, & integrate Ceph into other OpenStack service

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The technique is by far very Simple! How we can export the ColdFusion query results to DOC file?  Well before writing this I researched a lot in Internet but did not found a good Answer anyways!  So i thought now i should share my small snippet w…
I spent nearly three days trying to figure out how incorporate OAuth in Coldfusion for the Eventful API. Hopefully, this article will allow Coldfusion Programmers to buzz through the API when they need to. Basically, what this script does is authori…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question