DB choice for small Intranet site
Which DB would you choose (MSSQL Express / Apache Derby) for a small (4gb, with only 10 simultaneous connections) intranet CF App? I only used MS-SQL before, and I found the management studio very easy to work with. The only concern I have is the limitation of the Express version might get me one day. Then I found out CF8 comes with Apache Derby, and I wonder if that's a good choice. Actually, when is Derby a good choice?? Since there's no management studio like MSSQL for Derby (or MYSQL), anyone tried RDS support in CFEclipse? Can I use that to create/manage/backup the DB? Is it reliable? Thank you! Henry ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301377 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
mxAjax: Javascript Error
Hey all,
This is my first foray into mxajax, I have it installed properly (I think),
however I'm getting the following error:
output from firebug:
element has no properties
_observeAndCache(undefined, click, function(), false)prototype.js (line 1966)
observe(undefined, click, function(), false)prototype.js (line 1993)
setListeners()mxUpdateField.js (line 23) initialize(Object executeOnLoad=false
parser=Object paramArgs=Object)mxUpdateField.js (line 5) create()prototype.js
(line 20) init()detail.cfm (line 21) onload(load )
[Break on this error]
if (element.addEventListener) { prototype.js (line 1966)
here's my code:
script type='text/javascript' src='mxAjax/core/js/prototype.js?
jsVersion=#request.jsVersion#'/script
script type='text/javascript' src='mxAjax/core/js/mxAjax.js?
jsVersion=#request.jsVersion#'/script
script type='text/javascript' src='mxAjax/core/js/mxUpdateField.js?
jsVersion=#request.jsVersion#'/script
script language=javascript
var url = cfoutput#request.ajaxUrl#/cfoutput;
function init() {
new mxAjax.UpdateField({
executeOnLoad:false,
parser: new mxAjax.CFArrayToJSArray(),
paramArgs: new mxAjax.Param(url,
{param:empID={empID},statusID={statusID},contactMe={contactMe},statusNotes={statusNotes},
cffunction:fn_updateTTACStatus}),
target: statusID,contactMe,statusNotes,
source: statusID,contactMe,statusNotes,
action: go
});
}
//addOnLoadEvent(function() {init();}); /script
input type=hidden name=empID id=empID
value=cfoutput#IndvData.Id#/cfoutput/
Status
select name=statusID id=statusID
option value=nullSelect/option
cfoutput query=StatusDrop
option value=#ID# cfif IndvData.status eq
StatusDrop.IDselectedcfelse/cfif#CodeDesc#/option/cfoutput/select
br /
Contact me here:
input type=text name=contactMe id=contactMe/
p/p
Notes:
textarea name=statusNotes id=statusNotes cols=45
rows=5/textarea br/
input name=go type=button value=go /
any ideas?
Posted via HOF HTML Interface
--
Scott Stewart
ColdFusion Developer
SSTWebworks
4405 Oakshyre Way
Raleigh, NC. 27616
(919) 874-6229 (home)
(703) 220-2835 (cell)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301378
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: DB choice for small Intranet site
Personally, I like MS SQL Express. The only thing is that it doesn't come with an agent, AFAIK, so you'll need to find another way to do backups. If you don't want limitations, I would go with MySQL, but I could never get used to it, as the management tools sucked. Some people suggested something like NaviCat, which I haven't tried yet. This is the first I'm hearing of Apache Derby, and although I'm sure it's a nice project, it's written in Java, which means it will be slower then MSSQL and MySQL, and it probably doesn't have good management tools. Russ -Original Message- From: henry ho [mailto:[EMAIL PROTECTED] Sent: Sunday, March 16, 2008 7:44 AM To: CF-Talk Subject: DB choice for small Intranet site Which DB would you choose (MSSQL Express / Apache Derby) for a small (4gb, with only 10 simultaneous connections) intranet CF App? I only used MS-SQL before, and I found the management studio very easy to work with. The only concern I have is the limitation of the Express version might get me one day. Then I found out CF8 comes with Apache Derby, and I wonder if that's a good choice. Actually, when is Derby a good choice?? Since there's no management studio like MSSQL for Derby (or MYSQL), anyone tried RDS support in CFEclipse? Can I use that to create/manage/backup the DB? Is it reliable? Thank you! Henry ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301379 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
I couldn't quite tell from your sentence whether you were saying Derby doesn't have a good managment tool like MySQL, or if you thought MySQL doesn't have a good management suite. Just in case it was the latter, or in case anyone else isn't aware of it, I'll bore you with a gushing mention of the MySQL Administrator. Until a few weeks ago, I was doing everything through phpMyAdmin, thinking that was the height of administration. So much better than the hand-scripts I was writing to do everything. But my boss sent me the MySQL Administrator, and WOW, what a difference. Still not quite on par with Enterprise Manager for MSSQL, due to speed and interface, but it is pretty close, and more than enough for the job at hand. MySQL Administrator 1.2 - http://www.mysql.com/products/tools/administrator/ MySQL Query Browser 1.2 - http://www.mysql.com/products/tools/migration-toolkit/ MySQL Migration Toolkit 1.1 - http://www.mysql.com/products/tools/query-browser/ MySQL Workbench - http://www.mysql.com/products/tools/workbench/ Jerry On Sun, Mar 16, 2008 at 10:21 AM, Russ [EMAIL PROTECTED] wrote: From: henry ho [mailto:[EMAIL PROTECTED] Sent: Sunday, March 16, 2008 7:44 AM To: CF-Talk Subject: DB choice for small Intranet site Since there's no management studio like MSSQL for Derby (or MYSQL), anyone tried RDS support in CFEclipse? Can I use that to create/manage/backup the DB? Is it reliable? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301380 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
The first thing that popped in my head was MySQL. Samll, light weight and faast. I have been using it on production sites (CF and PHP) since v 3.x and only had 2 beefs with it. I had couple table corruption errors a few years back which repair fixed nicely. The other was not being able to get create FK's on tables with data in them. Not bad for a FOSS package over 6 years of *heavy* use. I was always amazed that Mysql 4.x could be running a dozen sites and have a 4 meg memory footprint. As far as tools go there is no shortage of high quality tools, either free, FOSS or commercial. I haven't been keeping up with the latest and greatest DBM tools but I have found Toad for MySQL (free) and SQLYog ($100) to be outstanding. I am also fond of Mysql front/ Heidi SQL for quick and dirty geterdone stuff. http://www.heidisql.com/ I have no problem with MSSQL. You should note the Express management console does not support import and export which can be a royal pain when moving from devel to production. The full evaluation version supports it though. I think it has a 6 month eval period so that might work. I used derby for about an hour, so no opinion other than Adobe chose to include it over Access in CF8. my $0.02 G On Sun, Mar 16, 2008 at 7:43 AM, henry ho [EMAIL PROTECTED] wrote: Which DB would you choose (MSSQL Express / Apache Derby) for a small (4gb, with only 10 simultaneous connections) intranet CF App? I only used MS-SQL before, and I found the management studio very easy to work with. The only concern I have is the limitation of the Express version might get me one day. Then I found out CF8 comes with Apache Derby, and I wonder if that's a good choice. Actually, when is Derby a good choice?? Since there's no management studio like MSSQL for Derby (or MYSQL), anyone tried RDS support in CFEclipse? Can I use that to create/manage/backup the DB? Is it reliable? Thank you! Henry ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301381 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: DB choice for small Intranet site
-Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Sunday, March 16, 2008 10:22 AM To: CF-Talk Subject: RE: DB choice for small Intranet site Personally, I like MS SQL Express. The only thing is that it doesn't come with an agent, AFAIK, so you'll need to find another way to do backups. I second SQL Server Express. It's pure bias of course, but it rocks. The management tools are best of class (actually - after being forced to use DB2 at the office - better than class) and the capabilities amazing. Transact SQL is very easy to pick up and if you don't want to bother you can create stored procs in any .NET runtime language (C#, javascript, etc). It supports XML and webservices natively and most of the basic OLAP stuff. You want the Advanced Services edition tho' - the basic edition is more for integrators (people want to integrate a DB into an application). The Advanced Services Edition (still free) includes the management console and (very nice) full-text search engine. I do miss some of the features of the full edition but the actual engines are exactly the same: there's no performance hit going from Enterprise to Express. Never having dug into them I can't compare it to mySQL or Derby but I can say compared to DB2 SQL Server is a freakin' joy to behold. But then again... that really isn't saying a whole hell of a lot. ;^) Jim Davis ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301382 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: DB choice for small Intranet site
I am not much of a MSSQL person but if you meet that limitation one day, can't you easily upgrade things into the full version? I have been using Oracle XE for similar needs that you have and also for moving things to/from development workstations to our development/production environments without any issues. To top it off our servers are on 9i so they are one version behind the version of XE we are using. On Sun, Mar 16, 2008 at 6:43 AM, henry ho [EMAIL PROTECTED] wrote: I only used MS-SQL before, and I found the management studio very easy to work with. The only concern I have is the limitation of the Express version might get me one day. -- Aaron Rouse http://www.happyhacker.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301383 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Using Var scope?
Haha! StringInTransit... I like it. :] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301384 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
I remember looking at Oracle XE(?) a year or so ago. Doesn't it suck up a couple of hundred megs of ram? Or was that something else? I don't remember which version I tried out but I *do* remember it was using some ungodly amount of ram. G On Sun, Mar 16, 2008 at 11:42 AM, Aaron Rouse [EMAIL PROTECTED] wrote: I am not much of a MSSQL person but if you meet that limitation one day, can't you easily upgrade things into the full version? I have been using Oracle XE for similar needs that you have and also for moving things to/from development workstations to our development/production environments without any issues. To top it off our servers are on 9i so they are one version behind the version of XE we are using. On Sun, Mar 16, 2008 at 6:43 AM, henry ho [EMAIL PROTECTED] wrote: I only used MS-SQL before, and I found the management studio very easy to work with. The only concern I have is the limitation of the Express version might get me one day. -- Aaron Rouse http://www.happyhacker.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301385 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: DB choice for small Intranet site
On Sun, Mar 16, 2008 at 8:21 AM, Russ [EMAIL PROTECTED] wrote: This is the first I'm hearing of Apache Derby, and although I'm sure it's a nice project, it's written in Java, which means it will be slower then MSSQL Just because it's java doesn't mean it's got to be slow. :] HSQLDB is a nice one-jar type of deal (easy to include with stuff), and pretty derned speedy. MS probably has the best GUI, but for RDS-db similar stuff, the Eclipse JDBC thingies (QuantumDB, etc.) let you talk to just about any DB, and if you mix and match the available plugins, you'll get better GUIness than the RDS stuff offers. I'm thinking that Derby is good if you want to use a built-in datastore with CF. =P Maybe for site configuration settings or something? 404 handler type deal? Heh. I'll think of something, watch. I'm using HSQLDB with the cfhibernate stuff, and it's nice to have everything all scriptable. Create the DB, run the tests, destroy the DB, all in-memory. Perfect for unit tests. And amazingly, hibernate does all kinds of stuff for you, from syncing up DB changes to exporting DDL files and whatnot. DdlUtils is pretty nifty too. I guess that's a pretty sweet thing about JDBC, neh? Just plug stuff into it... Guess I'll end it here, before I wander off any further. :] -- He either fears his fate too much, Or his deserts are small, That puts it not unto the touch To win or lose it all James Graham - Marquis of Montrose ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301386 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
I would go with MySQL and yes there are GUI's out there such as NaviCat, which I personally use, that rival Enterprise Manager and the Management suite. I also like the fact it isn't microsoft. It scales rather nicely so there are few to no limitations on it. It also has a fairly small memory footprint so running it on the same machine is no biggie. As far as saying Apache Derby being slow just because it is on top of Java is pretty baseless and making blanket statements like that are just about as bad as saying ColdFusion sucksand is slow because MySpace crashes all the time. yeah. J.J. On Sun, Mar 16, 2008 at 6:43 AM, henry ho [EMAIL PROTECTED] wrote: Which DB would you choose (MSSQL Express / Apache Derby) for a small (4gb, with only 10 simultaneous connections) intranet CF App? I only used MS-SQL before, and I found the management studio very easy to work with. The only concern I have is the limitation of the Express version might get me one day. Then I found out CF8 comes with Apache Derby, and I wonder if that's a good choice. Actually, when is Derby a good choice?? Since there's no management studio like MSSQL for Derby (or MYSQL), anyone tried RDS support in CFEclipse? Can I use that to create/manage/backup the DB? Is it reliable? Thank you! Henry ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301387 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
XML Question
Banging head on desk, sure I'm doing something daft ... When I reference the xml item it looks fine, then I try and insert it into a table and this happenes: insert into tbl_emails (UserName, Password, FirstName, LastName, IsSystemAdmin, IsDomainAdmin) Values ( '?xml version=1.0 encoding=UTF-8? UserName xmlns=http://tempuri.org/;[EMAIL PROTECTED]/UserName', How come the XML info is being shown and not just the item, please? TIA, Jenny ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301388 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
I honestly have never paid attention because never had RAM issues. I do not think my 2003 box here has more than a few gigs of RAM in it and it is used for MSSQL Express, Oracle XE, Active Directory for the domain, minimal shared file storage and ColdFusion 8 and it never has resource issues and is not even a server class machine but some AMD CPU box that was pieced together. The box I just recently did for a company here in town is running Oracle XE, used for a lot of file storage, and has ColdFusion 8 and zero resource issues on it, that intranet is used by roughly 30 people all day. On Sun, Mar 16, 2008 at 11:00 AM, Gerald Guido [EMAIL PROTECTED] wrote: I remember looking at Oracle XE(?) a year or so ago. Doesn't it suck up a couple of hundred megs of ram? Or was that something else? I don't remember which version I tried out but I *do* remember it was using some ungodly amount of ram. G On Sun, Mar 16, 2008 at 11:42 AM, Aaron Rouse [EMAIL PROTECTED] wrote: I am not much of a MSSQL person but if you meet that limitation one day, can't you easily upgrade things into the full version? I have been using Oracle XE for similar needs that you have and also for moving things to/from development workstations to our development/production environments without any issues. To top it off our servers are on 9i so they are one version behind the version of XE we are using. On Sun, Mar 16, 2008 at 6:43 AM, henry ho [EMAIL PROTECTED] wrote: I only used MS-SQL before, and I found the management studio very easy to work with. The only concern I have is the limitation of the Express version might get me one day. -- Aaron Rouse http://www.happyhacker.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301389 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
Never having dug into them I can't compare it to mySQL I have. Well... some. For basic SQL MySQL rocks and will meet the needs of 99% of the needs of most SMB's. But if you want to get into more nontrivial stuff MSSQL will be a better bet IMHO. My experience with (some) FOSS packages is that they are great up until the point where you want to do something non trivial. Like get a new printer to work with Linux or compile Apache/PHP from scratch to mirror your hosting companies version. You can run into some *serious* Time Bandits trying to find the secret handshake to get something to work with FOSS. Dependency hell anyone? That problem I had with Mysql and FK's I had mentioned wasted more than a solid work day trying to get it to work. Utterly frustrated, I open up MSSQL and got it to work the first time. I finally got it to work on Mysql, but I don't know how or why it worked *that* time so said screw it and went with MSSQL. As with everything, your mileage may vary. My buddy is a Mac head (and all about FOSS). He has a line that kills me. Macs are like Linux, except they just work. Holy war starting in 3...2...1.. ;) You definitely want the Advanced Services version though. The full text search on MSSQL is sweet. Oh yeah, I forgot, the Microsoft SQL Server 2005 Express Toolkit SP1 has a DTS wizard for import/export. So nix my previous statement. G On Sun, Mar 16, 2008 at 11:40 AM, Jim Davis [EMAIL PROTECTED] wrote: -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Sunday, March 16, 2008 10:22 AM To: CF-Talk Subject: RE: DB choice for small Intranet site Personally, I like MS SQL Express. The only thing is that it doesn't come with an agent, AFAIK, so you'll need to find another way to do backups. I second SQL Server Express. It's pure bias of course, but it rocks. The management tools are best of class (actually - after being forced to use DB2 at the office - better than class) and the capabilities amazing. Transact SQL is very easy to pick up and if you don't want to bother you can create stored procs in any .NET runtime language (C#, javascript, etc). It supports XML and webservices natively and most of the basic OLAP stuff. You want the Advanced Services edition tho' - the basic edition is more for integrators (people want to integrate a DB into an application). The Advanced Services Edition (still free) includes the management console and (very nice) full-text search engine. I do miss some of the features of the full edition but the actual engines are exactly the same: there's no performance hit going from Enterprise to Express. Never having dug into them I can't compare it to mySQL or Derby but I can say compared to DB2 SQL Server is a freakin' joy to behold. But then again... that really isn't saying a whole hell of a lot. ;^) Jim Davis ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301390 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: XML Question
How are you referencing the XML node? Is the query below the generated query? Adrian -Original Message- From: Jenny Gavin-Wear Sent: 16 March 2008 17:20 To: CF-Talk Subject: XML Question Banging head on desk, sure I'm doing something daft ... When I reference the xml item it looks fine, then I try and insert it into a table and this happenes: insert into tbl_emails (UserName, Password, FirstName, LastName, IsSystemAdmin, IsDomainAdmin) Values ( '?xml version=1.0 encoding=UTF-8? UserName xmlns=http://tempuri.org/;[EMAIL PROTECTED]/UserName', How come the XML info is being shown and not just the item, please? TIA, Jenny ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301391 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL Injection
Ian, I posted an example of this recently on my blog. http://www.coldfusionmuse.com/index.cfm/2008/2/22/sql-injection-on-a-charact er-field The long and short is that different platforms allow you to escape single quotes differently and this technique can be used to get the right number of quotes into string for the purpose of injection... Best practice: Use cfqueryparam - there is no good reason NOT to do so (especially on CF8). -mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2008 5:51 PM To: CF-Talk Subject: SQL Injection I am presuming the those who should not know this already know this. So how does a nefarious person get around CF's single quote escaping to inject SQL code? I understand how the following are vulnerable to the basic hack of url.code=34' OR 1=1-- SELECT * FROM county WHERE county_cd = #url.code# OR SELECT * FROM county WHERE county_cd = '#preserveSingleQuotes(url.code)#' But how would it work in this code? Anything I try just ends up with doubled single quotes and rendered harmless. SELECT * FROM county WHERE county_cd = '#url.code#' P.S. I know the answer is to always use cfqueryparam I am just trying to completely understand the answer here. TIA Ian ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301392 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: XML Question
Hi Adrian, this is an excerpt from the generating code: cfoutput cfloop from=1 to=#NumUsers# index=I Cfset found = 0 cfquery datasource=#application.dsn# name=exists select * from list_emails where sitedomain like 'fasttrackonline.co.uk' /cfquery cfloop query=exists cfif exists.username is MyXML.UserInfoListResult.Users.UserInfo[I].Username cfset found = 1 /cfif /cfloop cfif found is 0 cfquery datasource=#application.dsn# insert into tbl_emails (UserName, Password, FirstName, LastName, IsSystemAdmin, IsDomainAdmin) Values ( '#MyXML.UserInfoListResult.Users.UserInfo[I].Username#', '#ToString(MyXML.UserInfoListResult.Users.UserInfo[I].Password)#', '#MyXML.UserInfoListResult.Users.UserInfo[I].Firstname#', '#MyXML.UserInfoListResult.Users.UserInfo[I].LastName#', cfif MyXML.UserInfoListResult.Users.UserInfo[I].IsSystemAdmin is true1cfelse0/cfif, cfif MyXML.UserInfoListResult.Users.UserInfo[I].IsDomainAdmin is true1cfelse0/cfif ) /cfquery /cfif /cfloop /cfoutput -Original Message- From: Adrian Lynch [mailto:[EMAIL PROTECTED] Sent: 16 March 2008 18:04 To: CF-Talk Subject: RE: XML Question How are you referencing the XML node? Is the query below the generated query? Adrian -Original Message- From: Jenny Gavin-Wear Sent: 16 March 2008 17:20 To: CF-Talk Subject: XML Question Banging head on desk, sure I'm doing something daft ... When I reference the xml item it looks fine, then I try and insert it into a table and this happenes: insert into tbl_emails (UserName, Password, FirstName, LastName, IsSystemAdmin, IsDomainAdmin) Values ( '?xml version=1.0 encoding=UTF-8? UserName xmlns=http://tempuri.org/;[EMAIL PROTECTED]/UserName', How come the XML info is being shown and not just the item, please? TIA, Jenny ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301393 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CFForm - Make additional fields required another field is filled in?
Hi, I haven't had a need to do this before and wondering what the best way to accomplish this question. A visitor selects a value from a dropdown box, I then need additional form fields to be required depending on their selection. All of the form questions are stored in a database. I'm thinking I add another table there that has a few columns in there to represent the initial questionID that controls the required questionIDs. In the simplest terms, user selects No. 1 from the dropdown box, and one form field below is required, if they select 2, then two form fields are required. I'm kinda wondering if I need to send the form back to itself with an onchange event or if this could be something that is already stored in the page and triggered with the onchange request? This is a CF 7 server. -- Casey ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301394 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
The last small project I developed was a sales application that met the limits you mentioned (4Gb and 10 connections) . I compared MySQL (which I am a big fan of), and MS SQL Express. My customer was on a very tight budget and a commercial license (because the software is private and not released under GPL see: http://www.mysql.com/about/legal/licensing/commercial-license.html) for MySQL would add another $500 to the project. So I opted for MS SQL Express which is free. Mike Harman Which DB would you choose (MSSQL Express / Apache Derby) for a small (4gb, with only 10 simultaneous connections) intranet CF App? I only used MS-SQL before, and I found the management studio very easy to work with. The only concern I have is the limitation of the Express version might get me one day. Then I found out CF8 comes with Apache Derby, and I wonder if that's a good choice. Actually, when is Derby a good choice?? Since there's no management studio like MSSQL for Derby (or MYSQL), anyone tried RDS support in CFEclipse? Can I use that to create/manage/backup the DB? Is it reliable? Thank you! Henry ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301395 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: CF functions question
Thanks Dominic, I'd forgotten the cfreturn J -Original Message- From: Dominic Watson [mailto:[EMAIL PROTECTED] Sent: 03 March 2008 11:28 To: CF-Talk Subject: Re: CF functions question I would I would like to return the structure to the refering page, is this possible, please? Sure is: Function code: cffunction name=foo returntype=struct cfset stBar = StructNew() cfset stBar.bar = foo cfset stBar.foo = bar cfreturn stBar /cffunction Calling template: cfset stResult = foo() HTH Dominic -- Blog it up: http://fusion.dominicwatson.co.uk ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301396 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
AjaxCFC question
Hello to everyone familiar with ajaxCFC,
My component file component.cfc start getting too big and difficult to manage
(loads of functions there). Is there any way I could define more than one
components on the config of the index page. For example at the moment I have:
_ajaxConfig = { '_cfscriptLocation':'component.cfc',
'_jsscriptFolder':'/js',
'debug':false};
Can I do :
_ajaxConfig = { '_cfscriptLocation':'component1.cfc, component2.cfc,
component3.cfc',
'_jsscriptFolder':'/js',
'debug':false};
thanx in advance
Ioannis
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301397
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
denstar wrote: On Sun, Mar 16, 2008 at 8:21 AM, Russ [EMAIL PROTECTED] wrote: This is the first I'm hearing of Apache Derby, and although I'm sure it's a nice project, it's written in Java, which means it will be slower then MSSQL Just because it's java doesn't mean it's got to be slow. :] For some types of applications it does mean that. May I suggest Java Support for Data-Intensive Systems: Experiences Building the Telegraph Dataflow System? http://citeseer.ist.psu.edu/cache/papers/cs/23120/http:zSzzSzgist.cs.berkeley.eduzSz~mashahzSzjava-paperzSzpaper.pdf/shah01java.pdf Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301398 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: DB choice for small Intranet site
henry ho wrote: Which DB would you choose (MSSQL Express / Apache Derby) for a small (4gb, with only 10 simultaneous connections) intranet CF App? Of the choices you present I would choose MS SQL Express. Derby is either a hassle to install, or you need to run it embedded in CF which I do not consider a good idea. IIRC there were also some issues with autocommit and clobs, so make sure you test that early in the cycle if you do go in that directory. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301399 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: XML Question
Instead of you need to use the XmlText attribute of each of your xml elements to get at the item's string. So: Values ( '#MyXML.UserInfoListResult.Users.UserInfo[I].Username.xmlText#', '#MyXML.UserInfoListResult.Users.UserInfo[I].Password.xmlText#', '#MyXML.UserInfoListResult.Users.UserInfo[I].Firstname.xmlText#', '#MyXML.UserInfoListResult.Users.UserInfo[I].LastName.xmlText#' etc. HTH Dominic -- Blog it up: http://fusion.dominicwatson.co.uk ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301400 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: XML Question
Sorted it. I should have been referencing, for example: #MyXML.UserInfoListResult.Users.UserInfo[I].Username.XmlText# -Original Message- From: Jenny Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: 16 March 2008 19:23 To: CF-Talk Subject: RE: XML Question ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301401 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: DB choice for small Intranet site
As far as saying Apache Derby being slow just because it is on top of Java is pretty baseless and making blanket statements like that are just about as bad as saying ColdFusion sucksand is slow because MySpace crashes all the time. As much a blanket a statement as I also like it cos its' not Microsoft ;) I'd vote for MS SQL Express for the simple fact that you say that you have up till now only worked with MSSQL Server. There will be no big surprises that take you days to resolve and no agony setting up as I assume you have been through most of that if at all. This will save YOU money (assuming you're not being paid by the hour), and it won't bite you in the ass performance wise (unless you write a shocking database :p) Dominic -- Blog it up: http://fusion.dominicwatson.co.uk ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301402 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: DB choice for small Intranet site
On Sun, Mar 16, 2008 at 3:27 PM, Jochem van Dieten [EMAIL PROTECTED] wrote: denstar wrote: On Sun, Mar 16, 2008 at 8:21 AM, Russ [EMAIL PROTECTED] wrote: This is the first I'm hearing of Apache Derby, and although I'm sure it's a nice project, it's written in Java, which means it will be slower then MSSQL Just because it's java doesn't mean it's got to be slow. :] For some types of applications it does mean that. May I suggest Java Support for Data-Intensive Systems: Experiences Building the Telegraph Dataflow System? http://citeseer.ist.psu.edu/cache/papers/cs/23120/http:zSzzSzgist.cs.berkeley.eduzSz~mashahzSzjava-paperzSzpaper.pdf/shah01java.pdf Freak'n Jochem. =] Hard paper to read, but excellent sounding suggestions. What, no Postgres recommendation? LOL. -Denny -- postgres roxorz, btw ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301403 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Totally OT: Do you see what I see
Go to the following URL, http://www.nytimes.com/pages/business/index.html?adxnnl=1adxnnlx=1205702297-fQQvcu4oQALgFskrYAVixw Look at the center area of the page, Multimedia, do you see a clear 'flaw'? To the purists, I'm sorry. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301404 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Extra Level of Security Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am just about ready to go live with a new application that will allow School Districts to Delay/Close School for a day. Then have the raw data sent to the Media so it can be displayed at the bottom of the screen through the Character Generator. I am wondering if anyone has any experience with tying a Coldfusion/Apache Application into a Hardware Token like what PayPal is using. Or if anyone has another idea that would work. I am researching this type of security along with Client Digital Certificates however I need it to be as easy as possible for the End User. Comments / Suggestions -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH3bWa3GqPAgBSy90RAm0RAJ0aABtjLOm94QklVoQMgs8Sxc3wygCfb3ge p2avK2n2eDZRQtnkyelLGIM= =bYTL -END PGP SIGNATURE- ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301405 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: AjaxCFC question
Ioannis,
I'm not sure you can do that, but, could you extend your cfc's? This might
work --
in your component2.cfc cfcomponent extends=pathtocfc.component1
in your component3.cfc: cfcomponent extends=pathtocfc.component2
-- Josh
- Original Message -
From: Ioannis Papanikolaou [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Sunday, March 16, 2008 1:47 PM
Subject: AjaxCFC question
Hello to everyone familiar with ajaxCFC,
My component file component.cfc start getting too big and difficult to
manage (loads of functions there). Is there any way I could define more
than one components on the config of the index page. For example at the
moment I have:
_ajaxConfig = { '_cfscriptLocation':'component.cfc',
'_jsscriptFolder':'/js',
'debug':false};
Can I do :
_ajaxConfig = { '_cfscriptLocation':'component1.cfc, component2.cfc,
component3.cfc',
'_jsscriptFolder':'/js',
'debug':false};
thanx in advance
Ioannis
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301406
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
CFDiv not binding properly?
Okay, this one is not making any sense at all to me - it *has* to be a
setting issue but I can't seem to find anything to help.
I have a CFDiv tag - cfdiv id=File bind=url:showfiles.cfm?user=#userid# /
Inside the CFDiv I have a pop-up window that allows the user to edit
or add files. This works just fine and includes the following line of
code at the end of the upload page:
script type=javascript
window.opener.ColdFusion.navigate('showfiles.cfm?user=#form.userid#,
'File');
window.close();
/script
In my development area, a win 2003 box with CF8 dev. everything works fine.
When I upload to staging, the initial page loads fine but when the
ColdFusion.Navigate calls and the window closes all I get is that nice
Loading animation.
I've enabled the AJAX debugging and the GET is being sent but it does
not report any data being returned.
Anyone have any ideas on this?
Thanks!
Hatton
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301407
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Quickbooks Merchant Services Integration?
I have a client with a Quickbooks Merchant Account and I am needing to get a ColdFusion shopping cart setup and integrated with the QBMS API. I have worked with PayPal and Authorize.NET in the past, but after going through the QBMS documentation, I am either missing something, or they have done their best to make this as hard as possible. Has anybody ever work with the QBMS API before, and if so, care to offer any tips, tricks, or experiences? Thanks -- Jeff ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301408 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFDiv not binding properly?
Is the pop-up window a cfwindow or a new browser window?
Okay, this one is not making any sense at all to me - it *has* to be a
setting issue but I can't seem to find anything to help.
I have a CFDiv tag - cfdiv id=File bind=url:showfiles.cfm?user=#userid# /
Inside the CFDiv I have a pop-up window that allows the user to edit
or add files. This works just fine and includes the following line of
code at the end of the upload page:
script type=javascript
window.opener.ColdFusion.navigate('showfiles.cfm?user=#form.userid#,
'File');
window.close();
/script
In my development area, a win 2003 box with CF8 dev. everything works fine.
When I upload to staging, the initial page loads fine but when the
ColdFusion.Navigate calls and the window closes all I get is that nice
Loading animation.
I've enabled the AJAX debugging and the GET is being sent but it does
not report any data being returned.
Anyone have any ideas on this?
Thanks!
Hatton
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301409
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
