ColdFusion form: using INPUT instead of CFINPUT

ColdFusion 9
MS SQL Server 2012

Hi friends.

I am trying to get a form to work using INPUT rather than CFINPUT. Why? I want to avoid using the scripts in CFIDE; also, I am using a pure CSS3 method of client-side form validation that recognizes the INPUT tag but, for some reason, gets buggy when I use CFINPUT.

When I use CFINPUT, then my variables display in the form field. See attached image.

Is there any way I can use INPUT, rather than CFINPUT? I attach code for file EditNews.cfm. Thank you for your help as always.


Name:        editNews.cfm
Author:      Eric Bourland / gdemaria / _agx_
Description: this interface allows a user to create and edit database records that contain news items
Created:     March 2011
Edited: April 2014
ColdFusion Version 9
MS SQL Server 2005

 <!--- Set default value for newsID in scope URL --->
<cfparam name="url.newsID" default="">

<!--- Define newsID in scope FORM, then set form.newsID equal to the newsID passed in the URL: for use later in the application --->
<cfparam name="form.newsID" default="#url.newsID#">

<cfparam name="form.newsTitle" default="">
<cfparam name="form.newsContent" default="">
<cfparam name="form.newsAuthor" default="">
<cfparam name="newsDateCreated" default="">
<cfparam name="form.NewsDate" default="">
<cfparam name="form.newsExcerpt" default="">

<!--- in user-editable fields, set up protection against XSS  --->
    <cfloop collection="#FORM#" item="field">
      <cfset FORM[ field ] = ReReplaceNoCase (FORM[ field ], "<script.*?>.*?</script>", "", "all")>

<cfquery datasource="#application.datasource#" name="editNews">
SELECT newsID, newsTitle, NewsDate, newsAuthor, newsContent, newsExcerpt, newsDateCreated
WHERE newsID = <cfqueryparam value="#val(url.newsID)#" cfsqltype="cf_sql_integer">

<!---- begin CFTRY; catch errors ---->
<!---- populate cftry with error message ---->
<cfset variables.error = ""> 
<!--- begin form.doSave --->

<cfif IsDefined("form.doSave")>

<!--- when an newsID Exists, the action is UPDATE --->
<cfif val(form.newsID)>
            <cfquery name="UpdateRecord" datasource="#application.datasource#">
				  UPDATE #REQUEST.NewsTable#
           newsTitle = <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(Left(form.newsTitle,255))#">, 
           NewsDate = <cfqueryparam cfsqltype="cf_sql_date"  value="#createODBCdate(Trim(form.NewsDate))#">,
           newsAuthor = <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(Left(form.newsAuthor,128))#">,
           newsContent = <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(form.newsContent)#">,
           newsExcerpt = <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(form.newsExcerpt)#">
           		  WHERE newsID = <cfqueryparam cfsqltype="cf_sql_integer" value="#val(form.newsID)#">

<!--- CFELSE: if newsID does not exist, then create new record --->
<!--- query to insert new user record into #REQUEST.NewsTable# --->
			<cfquery name="InsertRecord" datasource="#application.datasource#" result="newPage">
                    <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(Left(form.newsTitle,255))#">,
                    <cfqueryparam cfsqltype="cf_sql_date"  value="#createODBCdate(Trim(form.NewsDate))#">,
                    <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(Left(form.newsAuthor,128))#">,
                    <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(form.newsContent)#">,
                    <cfqueryparam cfsqltype="cf_sql_varchar"  value="#Trim(form.newsExcerpt)#">,
                    <cfqueryparam cfsqltype="cf_sql_timestamp" value="#now()#">
<!--- use the result attribute value (newPage) to set form field value --->
      <cfset form.newsID = newPage.IDENTITYCOL>
<!--- END queries to update or insert database records ---> 

<!--- END cfif val(form.newsID) -- if a topic needed to be updated or added, then it was done --->

<!--- done? relocate --->

<cfif val(url.NewsID)>
<cflocation url="/admin/editNews.cfm?NewsID=#url.NewsID#" addtoken="yes">

<cflocation url="/admin/manageNews.cfm" addtoken="no">
<!--- END: Save action --->

<!--- END form.doSave --->
<!--- END queries to update or insert database records ---> 

<!--- this CFCATCH will trap errors --->
            <cfcatch type="Any">
                 <cfset variables.error = cfcatch.message>

<!--- END CFTRY --->  
<!--- fetch the data from the database only when there are no errors; let the form variables pass back from the data table into the form to display ---->
<cfif len(variables.error) eq 0>
<!--- get data from table #REQUEST.NewsTable# and convert the data into form variables --->
			  <cfquery name="getPageDetails" datasource="#application.datasource#">
			    SELECT newsID, newsTitle, NewsDate, newsAuthor, newsContent, newsExcerpt, newsDateCreated
                FROM #REQUEST.NewsTable#
                WHERE newsID = <cfqueryparam cfsqltype="cf_sql_integer" value="#val(form.newsID)#">

  			<cfloop index="aCol" list="#getPageDetails.columnList#">
			       <cfset "form.#aCol#" = getPageDetails[aCol][getPageDetails.currentRow]>

<!----- if record already exists then update record; otherwise, add new record ----->
				<cfif val(url.newsID)>
					  <cfset FormTitle="Update News">
					  <cfset ButtonText="Update">
						<cfset FormTitle="Create News Record">
						<cfset ButtonText="Create News Record">


       <!--- BEGIN HTML / CSS PAGE HEADER --->
<cfinclude template="/admin/admin_header.cfm">

<cfinclude template="/admin/adminNav.cfm">

<!--- if there an error, display error in readable form --->

<cfif len(variables.error)> 
	    <div class="errorbox">#variables.error#</div>

             <div class="center">
               <input type=button value="Go Back" onClick="history.go(-1)">

<cfparam name="url.cftoken" default="">

<cfif len(url.cftoken)> 

<div class="center"><button class="medium green"><span class="icon white medium" data-icon="C"></span> Update Succeeded. Good work.</button></div>


	<!--- Add or Update News Form begins here --->
	<cfform method="post" enctype="multipart/form-data" name="ebwebworkForm" class="ebwebworkForm">
 <!--- Embed newsID (PK) to assign a value to it --->
<input type="hidden" name="newsID" value="#form.newsID#" />


     <img src="" alt="Required Field" width="16" height="16"> Required

  <label for="newsTitle"><h3>News Title:</h3></label>
  	 <input name="newsTitle" placeholder="Enter News Title" value="#form.newsTitle#" tabindex="1" pattern="^[A-Za-z0-9_]{1,15}$" size="70" type="text" autofocus="true" required="yes" />
        <span class="form_hint">Enter News Title</span>         
<label for="NewsDate"><h3>News Date:</h3></label>
<input name="NewsDate" placeholder="Enter Date in mm/dd/yyyy format" value="#DateFormat(NewsDate, "mm/dd/yyyy")#" tabindex="2" pattern="(0[1-9]|1[0-9]|2[0-9]|3[01]).(0[1-9]|1[012]).[0-9]{4}" size="70" required="yes" />
<span class="form_hint">Enter Date in mm/dd/yyyy format</span>


<label for="newsAuthor"><h3>Author:</h3></label>
<input name="newsAuthor" placeholder="Enter Author Name" value="#form.newsAuthor#" tabindex="3" size="70" required="yes" />
<span class="form_hint">Enter Author Name</span>

            <p class="center">Use the TinyMCE Editing Interface to edit content:</p>

 <cfinclude template="/admin/TinyMCE.cfm">

<label for="newsContent"><h3>News Description:</h3></label>

    <span class="smallred">Enter and format content here.</span>
      <textarea name="newsContent"


     <label for="newsExcerpt"><h3>News Excerpt:</h3></label>
     <span class="smallred width600px">Display an excerpt to encourage readers. Just text, no images. There is no need to format this excerpt text. Your web site style sheet automatically applies formatting per the established style of your web site template.</span>
      <textarea name="newsExcerpt"

<div class="submitButton">
   <button name="doSave" type="submit" class="green">#ButtonText#</button>


<!--- Page footer --->
<cfinclude template="/admin/admin_footer.cfm">

Open in new window

Eric BourlandAsked:
Who is Participating?
gdemariaConnect With a Mentor Commented:

You need to have <cfoutput> around the input tags :)

You don't need them with CFINPUT because its' a CF tag, but when it's not a CF tag, you need cfoutput
Pasha KravtsovSupport EngineerCommented:
I don't know CFML at all but on an unrelated note I do want to recommend that you have the latest patch/security update for CF 9. It's really really easy for a malicious user to gain admin credentials and destroy everything you're working for..
Gurpreet Singh RandhawaWeb DeveloperCommented:
@Eric, I understand all you need is validation Portion, Give the jquery validation, you will never look back.

If you preety much worried about the form validation, i suggest you to purchase  a Custom Tag by EwSoftware:

Probably, it is not maintained any more i suppose, but the author can help you if you purchase the tag.,

well, as @gd suggested, cfinput is needed if you using input with validation.

Although the cfinput will call CFIDE directory to make the validation work.

Also, if you use cfinput and clicks on submit, it will show all the messages in single alert box for all the fields with whom you have provided the validation..

So best bet is you can either purchase the above listed custom tag or get the one for the following list:
Eric BourlandAuthor Commented:

gdemaria -- yep, that was it.

Pasha -- yep, that is true. I am very conscientious about patching my CF 9 server, and I get a lot of support from my ISP, I know that one day I will need to move up to CF 10, or the new CF 11 whenever it comes out and CF 9 is no longer supported. I keep track of patches and security concerns.

randhawa -- I hear what you are saying. I have spent a great deal of time over the past several days testing different client-side form validation methods. Most everything fails or is imperfect. The current solution I am using works ... mostly. It is not perfect and I am having some very weird trouble with some of the formatting of the form field hints -- "Enter date in mm/dd/yyy format", etc.

I will take a closer look at the two ideas you have suggested. I have invested so much time in this, that I am stubbornly determined to make it work.

Later I will think about server-side validation. Though, since I want to eschew CFIDE completely, I am not sure how this is going to work. This is something I will think about.

Thank you all for your ideas. I hope your day is going well. Onward....

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.