How is "1,235" considered an integer? I know that ColdFusion is a lossely typed language, but what CF programmer is writing code like <cfset myNumber = 1,234 /> ?
Not only is it wrong to validate numeric input with commas, it's counter-intuitive, illogical, and just plain insecure. If the programmer wishes the user to be able to enter commas, that's fine, but it should certainly not be the default behavior, especially when the validation did not work that way prior to MX 7. I don't understand why the person/people who developed these most recent validation functions did not think programmers would not want the numeric data to be something that could be stuck straight into a SQL query as a numeric data type. Commas should be an exception, not the rule. Add a new validation function called "numberWithCommas" or something like that, but why break something that works just fine? What's even worse, is the number validation functions will allow an arbitrary number of commas at arbitrary positions. So the user can enter "1,,,,,,2,,,3,,,,,,,,5" and it will validate just fine. This is because whoever wrote the validation JavaScript (located in cfform.js) decided it would be a wise idea to strip the commas, and other special characters, from the input string before validating it. However, these characters are not stripped from the user's actual input, so the JavaScript is validating something different that was actually typed. I don't see how you can call this anything but a bug. I've been a huge fan and supporter of ColdFusion since I started using it in version 5. However, this recent discovery has caused me to lose a lot of faith, because data validation that is something that I fell can not be overlooked in the slightest, as it apparently has been in MX 7. I for one, will be using custom regular expressions, until Adobe either issues a fix for the validation functions, or the new version of CF is released, and I would suggest that everyone else do the same, as that current numeric validation functions pose a serious security risk and allow users to easily crash your application if you do not know what to expect. As a footnote, I've also had issues with the validate="telephone" function as well. I would suggest for anyone that extensively uses the validation feature in <cfform> elements, to write their own custom regular expressions for as many of the validation types as possible. Of course, you could also make changes to the cfform.js script, but that probablly isn't the wisest idea for a long-term solution. Regards, Justin Holzer >I was gonna say, I thought an Int was just a whole number, meaning no >fractions or decimals correct? > >Commas should be allowed past that shouldn't they? > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252165 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
