Re: Compare Strings
> So... what rules are you working with? Are you saying that any > leading/trailing zeros should be ignored? > > If so, rereplace(string1, '^0*|0*$', '', 'all') should remove > leading/trailing zeros. H. Bit inefficient matching with * - that means you're always matching the positions ^ and $ whether there are any leading/trailing zeros or not. ^0+|0+$ would be better - only replacing when zeroes exist. It's a small change, but if this comparison is only part of a larger loop, it might have an impact. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321385 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Compare Strings
On Tue, Apr 7, 2009 at 12:12 AM, Pranathi Reddy wrote: > I am comparing two strings and if I have 2 strings > String1: 0010as1 > String2: 10as1 > I should get an output that these two strings are equal. > If I use Trim,LTrim,Rtrim, compare().. what ever I use I am getting that > strings are not equal... how do I compare these types of strings and display > that these strings are equal. So... what rules are you working with? Are you saying that any leading/trailing zeros should be ignored? If so, rereplace(string1, '^0*|0*$', '', 'all') should remove leading/trailing zeros. So if you have: #compareNoCase(rereplace(string1, '^0*|0*$', '', 'all'), rereplace(string2, '^0*|0*$', '', 'all'))# should return 0 (no differences in the compareNoCase()) -- I have failed as much as I have succeeded. But I love my life. I love my wife. And I wish you my kind of success. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321384 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Compare Strings
Dear All, I have a very qucik question... I am comparing two strings .. my strings will be of kind ... 0012asqw00 or 1230 or 0001 etc..., I am comparing two strings and if I have 2 strings String1: 0010as1 String2: 10as1 I should get an output that these two strings are equal. If I use Trim,LTrim,Rtrim, compare().. what ever I use I am getting that strings are not equal... how do I compare these types of strings and display that these strings are equal. Thanks, Pranathi. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321383 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Twitter oAuth
Anyone here have any experience with oAuth? Or better yet with Twitter's oAuth implementation? I'm just not making any headway. I've downloaded this: http://oauth.riaforge.org/ But there's very little documentation on the CF oAuth side or on the Twitter side. Anyone ever get oAuth to work? I don't really know where to start. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321382 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Verity Search results - invalid characters displayed?
Joe None wrote: > Do you know what encoding is used for Word's funky characters? depends on the language it's using but most likely windows-1252 which is a *superset* of latin-1/iso-8859-1 (and is the cause of a lot of the encoding problems most folks see) though you can probably "just use unicode"©. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321381 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Simple text to image?
Thanks, I'll check it out. >Hmm I tried it and it dosn't seam to line wrap. The 220 and 300 are >actually x and Y co-ords. It's been a long time since I had to use >this. > >I'd follow up on Rays suggestion here: >http://www.bennadel.com/resources/demo/imageutils/demos/index.cfm and >http://www.bennadel.com/resources/demo/imageutils/demos/drawtextarea.cfm > >As this looks like exactly what your after. > >Paul. > >On Fri, Apr 3, 2009 at 1:33 PM, D >> ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321380 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Question about hack
> In that case, you can no longer trust the host, or it's > host (if it's visualised). In the latter case, all other > guests on the same box are also suspect. I've not heard of a remote exploit that can climb out of a VM. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321379 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Question about hack
> So, I guess one question is whether an XSS type > hack can result in code being added to a file on the > web server. No, not by itself. The WebDAV that Mosh mentioned, that's a likely culprit. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321378 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Question about hack
> Hi there. We've just seen a hack attempt that we > haven't seen before and I wanted to get feedback. > > The symptom is that some script code is inserted at > the bottom of certain pages (e.g. index.cfm). The > script (which has been scrubbed) looks like this: > > > The script downloads malware, which we obviously > want to prevent. We're trying to determine how it's > getting in their, whether through an old site with > inadequate code or the OS or something else. Any > thoughts? > > This is on a server running IIS 6 / CF7. My first thought is, if this script has actually been written to your .cfm files, this is a successful hack, not a hack attempt. My second thought is, why are these files writeable in the first place? In the vast majority of CF apps, neither the CF user account nor the IIS user account needs write permission to your CF files. Finally, I'm not aware of any specific worm that does this exact thing. Nor am I aware of any IIS issue that would allow this. My guess is that you have some CF application that allows writes to the filesystem; perhaps one of the CF sample apps? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321377 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Question about hack
Nick: In addition to FTP, etc., check to see if you have WebDAV enabled on your server. It's an extension of HTTP that allows people to remotely author files on a website. A couple of years back, a client of mine had their site modified with WebDAV and, upon further review, every site on that server that had an index.cfm file had had that file modified to include the malicious code. HTH -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 Email: mosh.teitelb...@evoch.com WWW: http://www.evoch.com/ > -Original Message- > From: Nick Gleason [mailto:n.glea...@citysoft.com] > Sent: Monday, April 06, 2009 2:19 PM > To: cf-talk > Subject: Question about hack > > > Hi there. We've just seen a hack attempt that we haven't seen before > and I > wanted to get feedback. > > The symptom is that some script code is inserted at the bottom of > certain > pages (e.g. index.cfm). The script (which has been scrubbed) looks > like > this: > > > The script downloads malware, which we obviously want to prevent. > We're > trying to determine how it's getting in their, whether through an old > site > with inadequate code or the OS or something else. Any thoughts? > > This is on a server running IIS 6 / CF7. > > Thanks in advance, > > Nick > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321376 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
(ot) looking for a good freelance Web Designer
Hi Folks! I hope it's ok to post this here; I know it's off-topic. But I just know many of you here must work with talented designers. I am looking for a good freelancer who excels at that Web 2.0 look for a particular project. Any suggestions? -- Cheers! Michael David ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321375 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Question about hack
And if your CFML templates have been changed, it is possible that malware has been installed on the server itself (via cfexecute). In that case, you can no longer trust the host, or it's host (if it's visualised). In the latter case, all other guests on the same box are also suspect. Tom Chiverton Developer Tel: +44 0161 618 5032 Fax: +44 0161 618 5099 tom.chiver...@halliwells.com 3 Hardman Square, Manchester, M3 3EB www.Halliwells.com This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office together with a list of those non members who are referred to as partners. We use the word partner to refer to a member of the LLP, or an employee or consultant with equivalent standing and qualifications. Regulated by the Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.Halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321374 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Question about hack
Nick, it is *POSSIBLE* for your actual index.cfm files to be modified via SQL injection (xp_cmdshell on MS SQL Server), but it is highly doubtful. I can't think of a scenario where XSS could actually affect files on your server since that is a client-based attack. The XSS attack would need to be coupled with a server-side vulnerability. I would focus directly on all of your FTP access, Windows file sharing access, and telnet/remote desktop connections. If you using shared hosting, your problem just got a lot harder to track down. Also, for the record-- it is possible for an attacker to modify cfm files on your server if you have a piece of your application that allows users to upload files to the server (like images or attachments) and these files are placed in a web accessible location where they could be accessed via a URL and executed. (imagine uploading a .cfm file with a few cffile tags in it...) The probability of this sort of attack is smaller than the chances of someone brute-forcing your FTP login though. Like I said before, change ALL your passwords, and check your logs. If this is a publicly accessible server, it should be behind a firewall blocking ALL ports not absolutley necessary (like 80 and 443) ~Brad Original Message Subject: RE: Question about hack From: "Nick Gleason" Date: Mon, April 06, 2009 3:10 pm To: cf-talk Brad, Many thanks for your response. We'll take a look at those things. It appears that the code is in the actual index.cfm pages on the web server. There are some old sites on this server that may be vulnerable, so that is a theory. However, I would expect that kind of vulnerability to result in a database injection, which is not what we are seeing. So, I guess one question is whether an XSS type hack can result in code being added to a file on the web server. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321373 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Finding values not in a list
Charlie! You did it!!! Dahnke! ¡Gracias! Thank you! Thank you! Thank you!!! It's taken me all day to get this right. Thank goodness, I'm self-employed or I'd be looking for a new place to sit down to work. Dave > -Original Message- > From: Charlie Griefer [mailto:charlie.grie...@gmail.com] > Sent: Monday, April 06, 2009 1:13 PM > To: cf-talk > Subject: Re: Finding values not in a list > > > > On Mon, Apr 6, 2009 at 11:02 AM, Dave Long > wrote: > > > > So far, I am unable to find any other syntax for comparing > the second > > query results to the list. Can anyone advise me? > > look into the valueList() function for getting a > comma-delimited list of values from a query column. > > Your IN values need to be enclosed in parentheses: > > AND MLS_Number NOT IN (#valueList(GetRecord.MLS_number)#) > > ... and you'll also want to cfqueryparam that: > > AND MLS_Number NOT IN ( value="#valueList(GetRecord.MLS_number)#" > cfsqltype="cf_sql_integer" list="true" />) > > -- > I have failed as much as I have succeeded. But I love my > life. I love my wife. And I wish you my kind of success. > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321372 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Per-application custom tag paths ( Application.cfc )
This is how I does it (in Application.CFC): I don't see any difference. Maybe trying this and see if it works for you. I took this out of a *working* demo. On Mon, Apr 6, 2009 at 4:30 PM, David McGuigan wrote: > > Ben Forta was like, "Yo, this.customtagpaths / listAppend( > this.customtagpaths, newPath )." > http://www.forta.com/blog/index.cfm/2007/4/24 > > But then the Adobe documentation's all like, this.customtagpath ( singular > ) > > http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=AppEvents_01.html > > Either way, neither of those combinations are working for me. > > Beyond not enabling per-application settings in the administrator, is there > something else that could break this mechanism? I'm even testing it with a > single full hard path that I can paste into Windows Explorer and will take > me to the correct directory. > > But it cannot find my tags. My poor, sweet tags. All of my other > per-application settings are working for this app. Any ideas? > > ... I don't know how involved the CFIDE folder is in the process, but it > might be worth noting that my CFIDE ( and ColdFusion install ) is somewhere > completely separate from this application/siteroot/customtagsfolder. > Basically > ColdFusion: drive:/serverware/cf8/ > CFIDE: drive:/serverware/cf8/webroot/cfide/ > This app: drive:/webroot/appX/ > > Note: My CFIDE folder is in a separate folder than where the WEB-INF > directory is, which is cf8/wwwroot/ > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321371 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Never Ending Program?
Why *not* use a CF scheduled task that runs every minute or so? You could also use a database trigger that runs when a date/time record is inserted into the respective table. -Original Message- From: Robert Harrison [mailto:rob...@austin-williams.com] Sent: Monday, April 06, 2009 2:07 PM To: cf-talk Subject: Never Ending Program? I need to write a routine that executes various actions based on user entered dates/times. The dates/times to act would be listed in a data base. I really don't see a way to use the Scheduled Tasks page for this as that seems more in tune to batch processing type stuff. The only way I can think of doing this is to write a never ending program that keeps checking to see if an action is ready to kick off. Is there a better way to handle this? Thanks Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or. It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321370 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Question about hack
It's an iframe injection hack. It will insert a hidden frame into any
index.* page it finds.
Some urls entries inserted are 'ggleleadsense.biz/?click=*',
'mediahousenameshopfilm.cn/in.cgi?income29'
Change FTP passwords...
-Original Message-
From: Nick Gleason [mailto:n.glea...@citysoft.com]
Sent: Monday, April 06, 2009 4:28 PM
To: cf-talk
Subject: RE: Question about hack
William,
That's a great post - we're re-reading it now. However, this situation
seems to be code in the index.cfm page, not something being appended
from
the db. So, I'm not sure if that post will be relevant in this case.
Thoughts?
N
> -Original Message-
> From: William [mailto:will...@seiter.com]
> Sent: Monday, April 06, 2009 3:50 PM
> To: cf-talk
> Subject: RE: Question about hack
>
>
> Do a search on this list for 'exec('
> There was a big todo about this last summer. Probably in
> your database
>
>
>
> -Original Message-
> From: Nick Gleason
> Sent: Monday, April 06, 2009 2:19 PM
> To: cf-talk
> Subject: Question about hack
>
>
> Hi there. We've just seen a hack attempt that we haven't
> seen before and I wanted to get feedback.
>
> The symptom is that some script code is inserted at the
> bottom of certain pages (e.g. index.cfm). The script (which
> has been scrubbed) looks like
> this:
>
>
> The script downloads malware, which we obviously want to
> prevent. We're trying to determine how it's getting in
> their, whether through an old site with inadequate code or
> the OS or something else. Any thoughts?
>
> This is on a server running IIS 6 / CF7.
>
> Thanks in advance,
>
> Nick
>
>
>
>
>
>
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321369
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Per-application custom tag paths ( Application.cfc )
Ben Forta was like, "Yo, this.customtagpaths / listAppend( this.customtagpaths, newPath )." http://www.forta.com/blog/index.cfm/2007/4/24 But then the Adobe documentation's all like, this.customtagpath ( singular ) http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=AppEvents_01.html Either way, neither of those combinations are working for me. Beyond not enabling per-application settings in the administrator, is there something else that could break this mechanism? I'm even testing it with a single full hard path that I can paste into Windows Explorer and will take me to the correct directory. But it cannot find my tags. My poor, sweet tags. All of my other per-application settings are working for this app. Any ideas? ... I don't know how involved the CFIDE folder is in the process, but it might be worth noting that my CFIDE ( and ColdFusion install ) is somewhere completely separate from this application/siteroot/customtagsfolder. Basically ColdFusion: drive:/serverware/cf8/ CFIDE: drive:/serverware/cf8/webroot/cfide/ This app: drive:/webroot/appX/ Note: My CFIDE folder is in a separate folder than where the WEB-INF directory is, which is cf8/wwwroot/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321368 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Finding values not in a list
Thanks everyone, but I must be trying to accomplish the impossible with our version 5 CF server. None of these suggestions has worked. I guess we're just going to have to write down which listings we've processed. Thanks again. > -Original Message- > From: Yuliang Ruan [mailto:yuliangr...@hotmail.com] > Sent: Monday, April 06, 2009 2:53 PM > To: cf-talk > Subject: Re: Finding values not in a list > > > > > > >Next I created a list from the first query: > > > > > > > > > > > > > > This code does NOT produce a list. this only sets the list > variable to the current record's MLS_number. the correct > code to create a list of all the MLS_numbers in the current > recordset would be: > > > > > > or equiv: > > > > >Then I tried to create a list of unprocessed listings from > the other DB > >by comparing the MLS_Number to the list: > > > > > > > > SELECT MLS_Number > >FROM Residential > >WHERE List_Firm = #FirmID# AND MLS_Number NOT IN #list# > >ORDER BY MLS_Number > > > > > > > SELECT MLS_Number > FROM Residential > WHERE List_Firm = cfsqltype="CF_SQL_INTEGER" value="#FirmID#"> AND MLS_Number > NOT IN () > ORDER BY MLS_Number > > > > note the parens around the list. also swapped you over to > cfqueryparam syntax > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321367 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Question about hack
William,
That's a great post - we're re-reading it now. However, this situation
seems to be code in the index.cfm page, not something being appended from
the db. So, I'm not sure if that post will be relevant in this case.
Thoughts?
N
> -Original Message-
> From: William [mailto:will...@seiter.com]
> Sent: Monday, April 06, 2009 3:50 PM
> To: cf-talk
> Subject: RE: Question about hack
>
>
> Do a search on this list for 'exec('
> There was a big todo about this last summer. Probably in
> your database
>
>
>
> -Original Message-
> From: Nick Gleason
> Sent: Monday, April 06, 2009 2:19 PM
> To: cf-talk
> Subject: Question about hack
>
>
> Hi there. We've just seen a hack attempt that we haven't
> seen before and I wanted to get feedback.
>
> The symptom is that some script code is inserted at the
> bottom of certain pages (e.g. index.cfm). The script (which
> has been scrubbed) looks like
> this:
>
>
> The script downloads malware, which we obviously want to
> prevent. We're trying to determine how it's getting in
> their, whether through an old site with inadequate code or
> the OS or something else. Any thoughts?
>
> This is on a server running IIS 6 / CF7.
>
> Thanks in advance,
>
> Nick
>
>
>
>
>
>
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321366
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Question about hack
Brad, Many thanks for your response. We'll take a look at those things. It appears that the code is in the actual index.cfm pages on the web server. There are some old sites on this server that may be vulnerable, so that is a theory. However, I would expect that kind of vulnerability to result in a database injection, which is not what we are seeing. So, I guess one question is whether an XSS type hack can result in code being added to a file on the web server. Thoughts? N > -Original Message- > From: b...@bradwood.com [mailto:b...@bradwood.com] > Sent: Monday, April 06, 2009 3:46 PM > To: cf-talk > Subject: RE: Question about hack > > > Is the malicious string in the actual index.cfm page on the > server, or is it being output on the page when CF processes > it as part of a variable from the form/url or database? > > If the actual files on your web server have been modified, > change all your FTP and remote admin passwords immediately > and run an antivirus scan. > Also, check your FTP logs, and date/time modified on the > files to determine when and how they were modified. Run an > extended find a replaced to clean your .cfm files. > > If the string is being appended into a url or form field and > then output on the page, htmleditformat or jsstringformat all > user-entered data and read up on XSS attacks. > > If the string has been appended into your database variables > and is being output on the page that way, look for un > paramaterized SQL statements, run a queryparam scanner, > change your SQL Server login passwords, and read up on SQL > injection attacks. Update your database to remove the > malicious values. > > ~Brad > > Original Message > Subject: Question about hack > From: "Nick Gleason" > Date: Mon, April 06, 2009 1:19 pm > To: cf-talk > > > Hi there. We've just seen a hack attempt that we haven't seen > before and I wanted to get feedback. > > The symptom is that some script code is inserted at the > bottom of certain pages (e.g. index.cfm). The script (which > has been scrubbed) looks like > this: > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321365 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Never Ending Program & Single Execution
Robert, To deal with that, I will de-activate the task item while it is running and then reactivate when the task is done. Or maybe I put an is_running flag on the record such that my pseudo code is like this: * Query for tasks that are active, need to be executed (by date), and are NOT currently running. * Loop over tasks * For each: --- Update DB record for is_running = 1 --- Execute task --- Update DB record for is_running = 0 It might seem like an overhead, but once you get it working nicely, its quite nice. On Mon, Apr 6, 2009 at 3:58 PM, Robert Harrison wrote: > > > For something like this, I generally have a scheduled task for a given > application that executes every 5 minutes (or whatever is appropriate). > > I may be able to do this. Sound feasible. > > Now here's the next thought. How can I tell if a program is already running > in an application? Its possible the program could be running already on > the > next scheduled run. If that's true, I don't want to start a second > occurrence. > > How can I tell if the program is already executing and ensure only one > occurrence of the program runs? > > I don't see anything on that in the documentation, although, I may not be > looking in the right place. I looked at CFTHREAD, but that does not look > like it deals with multiple invocations of the same program. > > Thanks > > Robert B. Harrison > Director of Interactive Services > Austin & Williams > 125 Kennedy Drive, Suite 100 > Hauppauge NY 11788 > P : 631.231.6600 Ext. 119 > F : 631.434.7022 > http://www.austin-williams.com > > Great advertising can't be either/or. It must be &. > > Plug in to our blog: A&W Unplugged > http://www.austin-williams.com/unplugged > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321364 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Never Ending Program & Single Execution
> For something like this, I generally have a scheduled task for a given application that executes every 5 minutes (or whatever is appropriate). I may be able to do this. Sound feasible. Now here's the next thought. How can I tell if a program is already running in an application? Its possible the program could be running already on the next scheduled run. If that's true, I don't want to start a second occurrence. How can I tell if the program is already executing and ensure only one occurrence of the program runs? I don't see anything on that in the documentation, although, I may not be looking in the right place. I looked at CFTHREAD, but that does not look like it deals with multiple invocations of the same program. Thanks Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or. It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321363 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Question about hack
Do a search on this list for 'exec('
There was a big todo about this last summer. Probably in your database
-Original Message-
From: Nick Gleason
Sent: Monday, April 06, 2009 2:19 PM
To: cf-talk
Subject: Question about hack
Hi there. We've just seen a hack attempt that we haven't seen before and I
wanted to get feedback.
The symptom is that some script code is inserted at the bottom of certain
pages (e.g. index.cfm). The script (which has been scrubbed) looks like
this:
The script downloads malware, which we obviously want to prevent. We're
trying to determine how it's getting in their, whether through an old site
with inadequate code or the OS or something else. Any thoughts?
This is on a server running IIS 6 / CF7.
Thanks in advance,
Nick
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321362
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Question about hack
Is the malicious string in the actual index.cfm page on the server, or is it being output on the page when CF processes it as part of a variable from the form/url or database? If the actual files on your web server have been modified, change all your FTP and remote admin passwords immediately and run an antivirus scan. Also, check your FTP logs, and date/time modified on the files to determine when and how they were modified. Run an extended find a replaced to clean your .cfm files. If the string is being appended into a url or form field and then output on the page, htmleditformat or jsstringformat all user-entered data and read up on XSS attacks. If the string has been appended into your database variables and is being output on the page that way, look for un paramaterized SQL statements, run a queryparam scanner, change your SQL Server login passwords, and read up on SQL injection attacks. Update your database to remove the malicious values. ~Brad Original Message Subject: Question about hack From: "Nick Gleason" Date: Mon, April 06, 2009 1:19 pm To: cf-talk Hi there. We've just seen a hack attempt that we haven't seen before and I wanted to get feedback. The symptom is that some script code is inserted at the bottom of certain pages (e.g. index.cfm). The script (which has been scrubbed) looks like this: ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321361 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Finding values not in a list
On Mon, Apr 6, 2009 at 11:02 AM, Dave Long wrote: > > So far, I am unable to find any other syntax for comparing the second query > results to the list. Can anyone advise me? look into the valueList() function for getting a comma-delimited list of values from a query column. Your IN values need to be enclosed in parentheses: AND MLS_Number NOT IN (#valueList(GetRecord.MLS_number)#) ... and you'll also want to cfqueryparam that: AND MLS_Number NOT IN () -- I have failed as much as I have succeeded. But I love my life. I love my wife. And I wish you my kind of success. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321360 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Never Ending Program?
Robert, For something like this, I generally have a scheduled task for a given application that executes every 5 minutes (or whatever is appropriate). When it executes, it queries a datatable of tasks that need to be executed. This table can be updated manually or be data-driven (as it sounds like yours is). Usually, the table will have something like: date_last_executed date_next_executed meta_data is_active Then, I query for tasks where the taks is_active = 1 and date_next_executed < Now(). Does that help? On Mon, Apr 6, 2009 at 3:07 PM, Robert Harrison wrote: > > I need to write a routine that executes various actions based on user > entered dates/times. The dates/times to act would be listed in a data > base. > > I really don't see a way to use the Scheduled Tasks page for this as that > seems more in tune to batch processing type stuff. The only way I can > think > of doing this is to write a never ending program that keeps checking to see > if an action is ready to kick off. > > Is there a better way to handle this? > > Thanks > > > Robert B. Harrison > Director of Interactive Services > Austin & Williams > 125 Kennedy Drive, Suite 100 > Hauppauge NY 11788 > P : 631.231.6600 Ext. 119 > F : 631.434.7022 > http://www.austin-williams.com > > Great advertising can't be either/or. It must be &. > > Plug in to our blog: A&W Unplugged > http://www.austin-williams.com/unplugged > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321359 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Never Ending Program?
You can have the page use cfschedule to set up an event to go off or you can have a schedule set up to check every min. and see if something needs to happen. On Mon, Apr 6, 2009 at 12:07 PM, Robert Harrison wrote: > > I need to write a routine that executes various actions based on user > entered dates/times. The dates/times to act would be listed in a data base. > > I really don't see a way to use the Scheduled Tasks page for this as that > seems more in tune to batch processing type stuff. The only way I can think > of doing this is to write a never ending program that keeps checking to see > if an action is ready to kick off. > > Is there a better way to handle this? > > Thanks > > > Robert B. Harrison > Director of Interactive Services > Austin & Williams > 125 Kennedy Drive, Suite 100 > Hauppauge NY 11788 > P : 631.231.6600 Ext. 119 > F : 631.434.7022 > http://www.austin-williams.com > > Great advertising can't be either/or. It must be &. > > Plug in to our blog: A&W Unplugged > http://www.austin-williams.com/unplugged > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321358 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Never Ending Program?
I need to write a routine that executes various actions based on user entered dates/times. The dates/times to act would be listed in a data base. I really don't see a way to use the Scheduled Tasks page for this as that seems more in tune to batch processing type stuff. The only way I can think of doing this is to write a never ending program that keeps checking to see if an action is ready to kick off. Is there a better way to handle this? Thanks Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or. It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321357 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Never Ending Program?
I need to write a routine that executes various actions based on user entered dates/times. The dates/times to act would be listed in a data base. I really don't see a way to use the Scheduled Tasks page for this as that seems more in tune to batch processing type stuff. The only way I can think of doing this is to write a never ending program that keeps checking to see if an action is ready to kick off. Is there a better way to handle this? Thanks Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or. It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321356 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Finding values not in a list
Well, that helped... I think. I added a comma to the CFSET that creates the list: #list# Which displays: 87867, 88623, 89035, 89094, 89256, 100336, 100349, 100506, 100516, 100519, 100520, 100521, 100522, 100708, 100711, 100713, 100716, 100719, 100803, 100804, 100811, 100815, 100817, 100868, 101042, And here's the comparison query now: SELECT MLS_Number FROM Residential WHERE List_Firm = #FirmID# AND MLS_Number NOT IN ORDER BY MLS_Number But now I get this error: Error Diagnostic Information VALUE Invalid data '(list)' for CFSQLTYPE 'CF_SQL_INTEGER'. Once again, I tried adding single and doublew quotes as well as # # to the (list) in the query but still get errors. What am I overlooking/ > -Original Message- > From: Barney Boisvert [mailto:bboisv...@gmail.com] > Sent: Monday, April 06, 2009 1:09 PM > To: cf-talk > Subject: Re: Finding values not in a list > > > > IN requires parentheses to delimit the expression it is > searching within: > > NOT IN (#listOfIds#) ... > > And use CFQUERYPARAM. Really. > > cheers, > barneyb > > On Mon, Apr 6, 2009 at 11:02 AM, Dave Long > wrote: > > > > I'm trying to create a page with two lists consisting of > data from two > > different sources. The first list is a table of real estate > property > > listings that have been processed and the second is a list of > > properties > > *remaining* to be processed. > > > > First, I obtained the processed listings: > > > > > > > > SELECT MLS_number > > FROM VPT > > ORDER BY MLS_number > > > > > > > > Next I created a list from the first query: > > > > > > > > > > > > > > > > To verify that the list was actually created, I ouptut the > list to the > > screen with > > > > #list# > > > > Which produced this correct list of processed numbers: > > > > > > 87867 88623 89035 89094 89256 100336 100349 100506 100516 100519 > > 100520 100521 100522 100708 100711 100713 100716 100719 > 100803 100804 > > 100811 100815 100817 100868 101042 > > > > > > > > Then I tried to create a list of unprocessed listings from > the other > > DB by comparing the MLS_Number to the list: > > > > > > > > SELECT MLS_Number > > FROM Residential > > WHERE List_Firm = #FirmID# AND MLS_Number NOT IN #list# > > ORDER BY MLS_Number > > > > > > > > This produces the following error: > > > > ODBC Error Code = 37000 (Syntax error or access violation) > > > > > > > > [MERANT][ODBC SQL Server Driver][SQL Server]Line 3: > Incorrect syntax > > near '101042'. > > > > > > > > SQL = "SELECT MLS_Number, List_Price FROM Residential WHERE > List_Firm > > = 175 AND MLS_Number NOT IN 101042 ORDER BY MLS_Number" > > > > First of all, I'm puzzled that it displays the last MLS number > > instread of th first. Secondly, I suspect I need to have the list > > separated by commas but it throws another syntax error if I include > > them in the CFSET tag. The results do not change whether I > use single > > or double quotes or no quotes at all. > > > > So far, I am unable to find any other syntax for comparing > the second > > query results to the list. Can anyone advise me? > > > > Dave Long > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321355 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Finding values not in a list
Ummm...try this: <-- second # was missing in first query select mls_number from VPT where mls_number not in (select mls_number from residential where list_firm = #firmid#) And I realized that you're apparently not using MySQL, so this syntax may not work for you. There is another way to do this, if this doesn't work. (and don't forget cfqueryparam for #firmID#) Rick -Original Message- From: Dave Long [mailto:d...@northgoods.com] Sent: Monday, April 06, 2009 2:03 PM To: cf-talk Subject: Finding values not in a list I'm trying to create a page with two lists consisting of data from two different sources. The first list is a table of real estate property listings that have been processed and the second is a list of properties *remaining* to be processed. First, I obtained the processed listings: SELECT MLS_number FROM VPT ORDER BY MLS_number Next I created a list from the first query: To verify that the list was actually created, I ouptut the list to the screen with #list# Which produced this correct list of processed numbers: 87867 88623 89035 89094 89256 100336 100349 100506 100516 100519 100520 100521 100522 100708 100711 100713 100716 100719 100803 100804 100811 100815 100817 100868 101042 Then I tried to create a list of unprocessed listings from the other DB by comparing the MLS_Number to the list: SELECT MLS_Number FROM Residential WHERE List_Firm = #FirmID# AND MLS_Number NOT IN #list# ORDER BY MLS_Number This produces the following error: ODBC Error Code = 37000 (Syntax error or access violation) [MERANT][ODBC SQL Server Driver][SQL Server]Line 3: Incorrect syntax near '101042'. SQL = "SELECT MLS_Number, List_Price FROM Residential WHERE List_Firm = 175 AND MLS_Number NOT IN 101042 ORDER BY MLS_Number" First of all, I'm puzzled that it displays the last MLS number instread of th first. Secondly, I suspect I need to have the list separated by commas but it throws another syntax error if I include them in the CFSET tag. The results do not change whether I use single or double quotes or no quotes at all. So far, I am unable to find any other syntax for comparing the second query results to the list. Can anyone advise me? Dave Long -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321354 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Question about hack
Hi there. We've just seen a hack attempt that we haven't seen before and I wanted to get feedback. The symptom is that some script code is inserted at the bottom of certain pages (e.g. index.cfm). The script (which has been scrubbed) looks like this: The script downloads malware, which we obviously want to prevent. We're trying to determine how it's getting in their, whether through an old site with inadequate code or the OS or something else. Any thoughts? This is on a server running IIS 6 / CF7. Thanks in advance, Nick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321353 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Finding values not in a list
> >Next I created a list from the first query: > > > > > > This code does NOT produce a list. this only sets the list variable to the current record's MLS_number. the correct code to create a list of all the MLS_numbers in the current recordset would be: or equiv: >Then I tried to create a list of unprocessed listings from the other DB by >comparing the MLS_Number to the list: > > > > SELECT MLS_Number >FROM Residential >WHERE List_Firm = #FirmID# AND MLS_Number NOT IN #list# >ORDER BY MLS_Number > > SELECT MLS_Number FROM Residential WHERE List_Firm = AND MLS_Number NOT IN () ORDER BY MLS_Number note the parens around the list. also swapped you over to cfqueryparam syntax ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321352 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Finding values not in a list
On Mon, Apr 6, 2009 at 2:02 PM, Dave Long wrote: > > Also use valuelist which means you don't need to create a list first. SELECT MLS_Number FROM Residential WHERE List_Firm = #FirmID# AND MLS_Number NOT IN () ORDER BY MLS_Number -- Casey ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321351 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Finding values not in a list
IN requires parentheses to delimit the expression it is searching within: NOT IN (#listOfIds#) ... And use CFQUERYPARAM. Really. cheers, barneyb On Mon, Apr 6, 2009 at 11:02 AM, Dave Long wrote: > > I'm trying to create a page with two lists consisting of data from two > different sources. The first list is a table of real estate property > listings that have been processed and the second is a list of properties > *remaining* to be processed. > > First, I obtained the processed listings: > > > > SELECT MLS_number > FROM VPT > ORDER BY MLS_number > > > > Next I created a list from the first query: > > > > > > > > To verify that the list was actually created, I ouptut the list to the > screen with > > #list# > > Which produced this correct list of processed numbers: > > > 87867 88623 89035 89094 89256 100336 100349 100506 100516 100519 100520 > 100521 100522 100708 100711 100713 100716 100719 100803 100804 100811 100815 > 100817 100868 101042 > > > > Then I tried to create a list of unprocessed listings from the other DB by > comparing the MLS_Number to the list: > > > > SELECT MLS_Number > FROM Residential > WHERE List_Firm = #FirmID# AND MLS_Number NOT IN #list# > ORDER BY MLS_Number > > > > This produces the following error: > > ODBC Error Code = 37000 (Syntax error or access violation) > > > > [MERANT][ODBC SQL Server Driver][SQL Server]Line 3: Incorrect syntax near > '101042'. > > > > SQL = "SELECT MLS_Number, List_Price FROM Residential WHERE List_Firm = 175 > AND MLS_Number NOT IN 101042 ORDER BY MLS_Number" > > First of all, I'm puzzled that it displays the last MLS number instread of > th first. Secondly, I suspect I need to have the list separated by commas > but it throws another syntax error if I include them in the CFSET tag. The > results do not change whether I use single or double quotes or no quotes at > all. > > So far, I am unable to find any other syntax for comparing the second query > results to the list. Can anyone advise me? > > Dave Long > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321350 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Verity Search results - invalid characters displayed?
>Robert Harrison wrote: >> I tend to agree with that. You can use a replacelist to get rid of most of >> the garbage from MS Word. Add as a filter to word pasted data and it should >> work. > >or you could, you know, get encoding right. Do you know what encoding is used for Word's funky characters? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321349 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Finding values not in a list
I'm trying to create a page with two lists consisting of data from two different sources. The first list is a table of real estate property listings that have been processed and the second is a list of properties *remaining* to be processed. First, I obtained the processed listings: SELECT MLS_number FROM VPT ORDER BY MLS_number Next I created a list from the first query: To verify that the list was actually created, I ouptut the list to the screen with #list# Which produced this correct list of processed numbers: 87867 88623 89035 89094 89256 100336 100349 100506 100516 100519 100520 100521 100522 100708 100711 100713 100716 100719 100803 100804 100811 100815 100817 100868 101042 Then I tried to create a list of unprocessed listings from the other DB by comparing the MLS_Number to the list: SELECT MLS_Number FROM Residential WHERE List_Firm = #FirmID# AND MLS_Number NOT IN #list# ORDER BY MLS_Number This produces the following error: ODBC Error Code = 37000 (Syntax error or access violation) [MERANT][ODBC SQL Server Driver][SQL Server]Line 3: Incorrect syntax near '101042'. SQL = "SELECT MLS_Number, List_Price FROM Residential WHERE List_Firm = 175 AND MLS_Number NOT IN 101042 ORDER BY MLS_Number" First of all, I'm puzzled that it displays the last MLS number instread of th first. Secondly, I suspect I need to have the list separated by commas but it throws another syntax error if I include them in the CFSET tag. The results do not change whether I use single or double quotes or no quotes at all. So far, I am unable to find any other syntax for comparing the second query results to the list. Can anyone advise me? Dave Long -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321348 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Verity Search results - invalid characters displayed?
Robert Harrison wrote: > I tend to agree with that. You can use a replacelist to get rid of most of > the garbage from MS Word. Add as a filter to word pasted data and it should > work. or you could, you know, get encoding right. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321347 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Verity Search results - invalid characters displayed?
I tend to agree with that. You can use a replacelist to get rid of most of the garbage from MS Word. Add as a filter to word pasted data and it should work. '#ReplaceList(trim(mywordtext), ", ,,,,®,©,","'',...,"","",™,®,©")#', Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or. It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged -Original Message- From: Scott Stewart [mailto:sstwebwo...@bellsouth.net] Sent: Monday, April 06, 2009 11:15 AM To: cf-talk Subject: RE: Verity Search results - invalid characters displayed? Sounds like it's MS Word Smart Quotes -- Scott Stewart ColdFusion Developer 4405 Oakshyre Way Raleigh, NC 27616 (h) 919.874.6229 (c) 703.220.2835 -Original Message- From: Joe None [mailto:drue...@comcast.net] Sent: Monday, April 06, 2009 12:04 PM To: cf-talk Subject: Verity Search results - invalid characters displayed? Hello, I'm going through some testing with a Verity results page and for some reason, the data displayed from PDF's shows a lot of question marks for quotes and double quotes. I was thinking about doing a search and replace for these fields but I can't capture what they actually are, because I just see a block. Is this something I can correct by changing a character set? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321346 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Verity Search results - invalid characters displayed?
Sounds like it's MS Word Smart Quotes -- Scott Stewart ColdFusion Developer 4405 Oakshyre Way Raleigh, NC 27616 (h) 919.874.6229 (c) 703.220.2835 -Original Message- From: Joe None [mailto:drue...@comcast.net] Sent: Monday, April 06, 2009 12:04 PM To: cf-talk Subject: Verity Search results - invalid characters displayed? Hello, I'm going through some testing with a Verity results page and for some reason, the data displayed from PDF's shows a lot of question marks for quotes and double quotes. I was thinking about doing a search and replace for these fields but I can't capture what they actually are, because I just see a block. Is this something I can correct by changing a character set? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321345 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Verity Search results - invalid characters displayed?
Hello, I'm going through some testing with a Verity results page and for some reason, the data displayed from PDF's shows a lot of question marks for quotes and double quotes. I was thinking about doing a search and replace for these fields but I can't capture what they actually are, because I just see a block. Is this something I can correct by changing a character set? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321344 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How to Block Google Analytics code inside a firewall
thanks that seems to have done the trick.. On Mon, Apr 6, 2009 at 10:07 AM, Paul Ihrig wrote: > http://www DOT rittal-corp DOT com/cgivars DOT cfm > ok i and the guy next to me get* > > REMOTE_ADDR*: 63.144.103.200 > > so as long as that dosnt change i should be fine? > > > > On Mon, Apr 6, 2009 at 9:59 AM, Jason Fisher wrote: > >> >> Use cgi.remote_addr ... that will be the address of the User, rather than >> the Server. That should do it. >> >> >> >> >> ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321343 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How to Block Google Analytics code inside a firewall
http://www DOT rittal-corp DOT com/cgivars DOT cfm ok i and the guy next to me get* REMOTE_ADDR*: 63.144.103.200 so as long as that dosnt change i should be fine? On Mon, Apr 6, 2009 at 9:59 AM, Jason Fisher wrote: > > Use cgi.remote_addr ... that will be the address of the User, rather than > the Server. That should do it. > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321342 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How to Block Google Analytics code inside a firewall
Use cgi.remote_addr ... that will be the address of the User, rather than the Server. That should do it. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321341 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How to Block Google Analytics code inside a firewall
i cant seem to be able to grab a variable that is different inside building then outside. every thing resolves to the same IP when pinged. On Mon, Apr 6, 2009 at 8:13 AM, Scott Stewart wrote: > > > > Load google code > > > -- > Scott Stewart > ColdFusion Developer > 4405 Oakshyre Way > Raleigh, NC 27616 > (h) 919.874.6229 (c) 703.220.2835 > -Original Message- > From: Paul Ihrig [mailto:pih...@gmail.com] > Sent: Monday, April 06, 2009 8:09 AM > To: cf-talk > Subject: How to Block Google Analytics code inside a firewall > > > We have a chunk of code on our footer that does the normal tracking. > outside the firewall or in the real world, or site runs fine, > inside the firewall it runs poorly. > > any one care to explain how i could the code out for users inside > the > firewall.. > i have played around with the all the cgi vars i can think of... > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321340 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: How to Block Google Analytics code inside a firewall
Load google code -- Scott Stewart ColdFusion Developer 4405 Oakshyre Way Raleigh, NC 27616 (h) 919.874.6229 (c) 703.220.2835 -Original Message- From: Paul Ihrig [mailto:pih...@gmail.com] Sent: Monday, April 06, 2009 8:09 AM To: cf-talk Subject: How to Block Google Analytics code inside a firewall We have a chunk of code on our footer that does the normal tracking. outside the firewall or in the real world, or site runs fine, inside the firewall it runs poorly. any one care to explain how i could the code out for users inside the firewall.. i have played around with the all the cgi vars i can think of... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321339 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
How to Block Google Analytics code inside a firewall
We have a chunk of code on our footer that does the normal tracking. outside the firewall or in the real world, or site runs fine, inside the firewall it runs poorly. any one care to explain how i could the code out for users inside the firewall.. i have played around with the all the cgi vars i can think of... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321338 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Get request using cfhttp...possible to see the actual URL sent?
> I'm working on adding in one of the Digg APIs into an app I'm writing > and I'm having problems with it. I was wondering if there was anything > that I could inspect which would detail the full URL sent to the API. > tried posting a reply from email several times, but HoF seems to be broken... with attribute METHOD="trace" will return the requested page in FileContent variable, but not as one string - it will be broken down into several parts so you will need to parse it together... Azadi ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321337 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
