Re: flex2gateway randomly unresponsive
Hi Nick, I have the same issue, it happens sometimes when I call a remoteObject (flex + cfc) and it's very anoying... Have you figured it out ? I would be glad to know if there's a fix. Have a good day, Aubry We have to date encountered no fix for this, nor has anyone found a cause. Kinda puts a crimp in any plans to use Flex as a production platform. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329618 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Scheduled Task Running twice
We just moved our ColdFusion 8 Ent to a new server and now our scheduled tasks are running twice. One right after the other. We physically disconnected the old server from the network and the jobs are still running twice. Any ideas how this happened or how to fix it? Thanks, Jeff ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329619 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Scheduled Task Running twice
We had this problem a long time ago and I don't remember the exact details, but it happened after an upgrade if I remember correctly. The problem, I believe, was that we had 2 versions of CF running that were each running the tasks. I disabled the older CF service and all was well again. So I guess I'm recommending that you look at your services and make sure there is only 1 CF service running. On Wed, Jan 13, 2010 at 10:39 AM, Jeffrey Pratte jpra...@ullico.com wrote: We just moved our ColdFusion 8 Ent to a new server and now our scheduled tasks are running twice. One right after the other. We physically disconnected the old server from the network and the jobs are still running twice. Any ideas how this happened or how to fix it? Thanks, Jeff ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329620 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
(ot) SQL Guru Needed
Hello. Any SQL Guru up for a challenge? I've inherited a wacky database that I need to pull info from. I'm trying to pull a range of prices for a specific product. I'd like to simply the two queries below (which work), possibly using sub-queries or some other SQL trick. Any ideas? cfset pid = 11444 cfquery name=getOptions datasource=#dsn# select optID fromproductOptions where productID = cfqueryparam value=#pid# cfsqltype=cf_sql_integer order by optID /cfquery cfset optIDList = valueList(getOptions.optid) cfquery name=q datasource=#dsn# Select min(optprice) as minprice, max(optprice) as maxprice fromoptions where optID in (cfqueryparam value=#optIDList# cfsqltype=cf_sql_integer list=Yes) /cfquery cfoutput cfif q.minprice eq q.maxprice#dollarFormat(q.minprice)#cfelse#dollarFormat(q.minprice)# - #dollarFormat(q.maxprice)#/cfif /cfoutput Thanks, CV ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329621 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: (ot) SQL Guru Needed
What about a basic join? SELECT MIN(optPrice) AS minPrice, MAX(optPrice) AS MaxPrice FROMproductOptions po INNER JOIN options o ON o.optID = po.optID WHERE productID = cfqueryparam value=#pid# cfsqltype=cf_sql_integer ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329622 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: (ot) SQL Guru Needed
How about this: Select min(optprice) as minprice, max(optprice) as maxprice fromoptions where optID in (select optID fromproductOptions where productID = cfqueryparam value=#pid# cfsqltype=cf_sql_integer) On Wed, Jan 13, 2010 at 11:02 AM, Che Vilnonis ch...@asitv.com wrote: Hello. Any SQL Guru up for a challenge? I've inherited a wacky database that I need to pull info from. I'm trying to pull a range of prices for a specific product. I'd like to simply the two queries below (which work), possibly using sub-queries or some other SQL trick. Any ideas? cfset pid = 11444 cfquery name=getOptions datasource=#dsn# select optID fromproductOptions where productID = cfqueryparam value=#pid# cfsqltype=cf_sql_integer order by optID /cfquery cfset optIDList = valueList(getOptions.optid) cfquery name=q datasource=#dsn# Select min(optprice) as minprice, max(optprice) as maxprice fromoptions where optID in (cfqueryparam value=#optIDList# cfsqltype=cf_sql_integer list=Yes) /cfquery cfoutput cfif q.minprice eq q.maxprice#dollarFormat(q.minprice)#cfelse#dollarFormat(q.minprice)# - #dollarFormat(q.maxprice)#/cfif /cfoutput Thanks, CV ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329623 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: (ot) SQL Guru Needed
Bangs head on desk... Needs more coffee... Don't know why I tried to overcomplicate things, but that seems to work. Thanks! CV -Original Message- From: Leigh [mailto:cfsearch...@yahoo.com] Sent: Wednesday, January 13, 2010 11:08 AM To: cf-talk Subject: Re: (ot) SQL Guru Needed What about a basic join? SELECT MIN(optPrice) AS minPrice, MAX(optPrice) AS MaxPrice FROMproductOptions po INNER JOIN options o ON o.optID = po.optID WHERE productID = cfqueryparam value=#pid# cfsqltype=cf_sql_integer ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329624 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Recent SQL Injection attacks
I have been getting a lot lately... and had an interesting one. One computer was hammering my server. They were trying a dictionary attack on one of my forms, in addition to trying sql injection on every dynamic page. Strangely, the IP address of the attacker, 204.238.82.17, was from the USA. It was a security company. I called them and asked what they were doing. They said a security audit! They said they had permission. Turns out they were hired to test a website that is one letter off from my domain name and they made a mistake. They stopped immediately. At least they told me I passed:) My ftp server has also been getting dictionary attacks from Amsterdam 95.154.246.98.. luckily my ftp sites are set up to allow only certain ip addresses. At 08:14 PM 1/12/2010, you wrote: Didn't know about that IP. Thanks They got in through some code that was written literally 10 years ago on one of the clients forgotten sites. I've fixed up the cfquery tags and added my anti-injection code to the whole dir. Thanks -- ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329625 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Stored Procedure throwing error in CF but ran successfully
I have run into a unique situation, the first time in my 10 years of using CF. I have a pseudo-fusebox app, and I have an act page we'll call it: act_process.cfm it calls 2 qry files that in turn call one stored proc each. When the act page runs, I have checked the database and all the procs ran and updated the necessary data and inserted the necessary records. However coldfusion throws an error saying that the first proc failed due to a primary key constraint. The 1st proc is the only one that does inserts. I am using ColdFusion 8, and the database is SQL 2008. The error is: [Macromedia][SQLServer JDBC Driver][SQLServer]Violation of PRIMARY KEY constraint 'PK_mypkname'. Cannot insert duplicate key in object 'dbo.tableA'. Any help would be appreciated. Thanks, Ali ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329626 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Stored Procedure throwing error in CF but ran successfully
The best way to troubleshoot this issue if it is reproducible is to start a SQL Server Profiler trace to observe exactly what the database is doing. Maybe the CF code is running twice, the first is working and the second is failing. -Mike Chabot On Wed, Jan 13, 2010 at 2:40 PM, Ali Awan aawa...@gmail.com wrote: I have run into a unique situation, the first time in my 10 years of using CF. I have a pseudo-fusebox app, and I have an act page we'll call it: act_process.cfm it calls 2 qry files that in turn call one stored proc each. When the act page runs, I have checked the database and all the procs ran and updated the necessary data and inserted the necessary records. However coldfusion throws an error saying that the first proc failed due to a primary key constraint. The 1st proc is the only one that does inserts. I am using ColdFusion 8, and the database is SQL 2008. The error is: [Macromedia][SQLServer JDBC Driver][SQLServer]Violation of PRIMARY KEY constraint 'PK_mypkname'. Cannot insert duplicate key in object 'dbo.tableA'. Any help would be appreciated. Thanks, Ali ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329627 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Scheduled Task Running twice
If you disable the scheduled task on the new server does it run once or never? The most common problem I have seen with these observed symptoms is that the scheduled task is running somewhere else, such as on an old server, a staging server, a dev server, or a second pair in a cluster. Good luck, Mike Chabot On Wed, Jan 13, 2010 at 10:56 AM, Steve Milburn scmilb...@gmail.com wrote: We had this problem a long time ago and I don't remember the exact details, but it happened after an upgrade if I remember correctly. The problem, I believe, was that we had 2 versions of CF running that were each running the tasks. I disabled the older CF service and all was well again. So I guess I'm recommending that you look at your services and make sure there is only 1 CF service running. On Wed, Jan 13, 2010 at 10:39 AM, Jeffrey Pratte jpra...@ullico.com wrote: We just moved our ColdFusion 8 Ent to a new server and now our scheduled tasks are running twice. One right after the other. We physically disconnected the old server from the network and the jobs are still running twice. Any ideas how this happened or how to fix it? Thanks, Jeff ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329628 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Stored Procedure throwing error in CF but ran successfully
Mike, Thanks for responding. Another thing I forgot to mention is that when I run the procedure in SQL Server directly it runs without error. Also, and this is sporadic. When I run the stored proc in coldfusion by itself, by doing an Exec statment in a CFQuery. Sometimes it runs without error. The best way to troubleshoot this issue if it is reproducible is to start a SQL Server Profiler trace to observe exactly what the database is doing. Maybe the CF code is running twice, the first is working and the second is failing. -Mike Chabot ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329629 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Scheduled Task Running twice
On Wed, Jan 13, 2010 at 10:39 AM, Jeffrey Pratte jpra...@ullico.com wrote: We just moved our ColdFusion 8 Ent to a new server and now our scheduled tasks are running twice. One right after the other. We physically disconnected the old server from the network and the jobs are still running twice. Any ideas how this happened or how to fix it? You mention moving to Enterprise... If you installed it as multi-instance, and you have created more than one instance, those tasks will get carried over to each instance you create base don the first. In other words, if you setup the task in the cfusion instance and then used that cfusion instance to create a new instance, both will have the task in them. -Cameron -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: camer...@gmail.com ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329630 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFFILE move is copying
Well, here's a wrinkle: This line (same as before) doesn't delete the file in the source: cffile action=move source=#arguments.stConfig.ftpFileLocations.pending##local.qFiles.name# destination=#arguments.stConfig.ftpFileLocations.badFiles##local.qFiles.name# / This line (different destination, same source) DOES delete the course file: cffile action=move source=#arguments.stConfig.ftpFileLocations.pending##local.qFiles.name# destination=#arguments.stConfig.ftpFileLocations.archived##local.qFiles.name# / The only difference between arguments.stConfig.ftpFileLocations.badFiles and arguments.stConfig.ftpFileLocations.archived is the name of the specific folder (same parent folders, etc.). It almost seems like it would be a permissions issue on the badFiles folder, but wouldn't that only affect whether the file could be written to THAT folder, not deleting it from the source? On Tue, Jan 12, 2010 at 4:06 PM, Scott Brady dsbr...@gmail.com wrote: I don't think permissions or other processes would be an issue. This is on my local machine, and I haven't had problems before. Now, I'm doing a cffile delete and it's not even throwing an error if the file doesn't exist (which it should, right?). Maybe I'll restart CF and see what happens. :) On Tue, Jan 12, 2010 at 2:55 PM, b...@bradwood.com wrote: I would check permissions too. CF might have permissions to write and read, but not delete. If this was the case though, I would expect there to be an error. As a debugging measure, you could dump out the contents of a cfdirectory right after moving the file and see if the file exists. It is possible some other process is writing the file back in a minute later before you are looking. Also, trying a straight-up delete with cffile will show you if it is a delete permissions error. ~Brad Original Message Subject: Re: CFFILE move is copying From: Scott Brady dsbr...@gmail.com Date: Tue, January 12, 2010 3:46 pm To: cf-talk cf-talk@houseoffusion.com That's probably it -- though, I guess I'd expect an error to result. I guess I can try deleting after the move -- not a solution, but it might tell me if the file is locked. (It's just a text file, so not much should be locking it) Scott On Tue, Jan 12, 2010 at 2:24 PM, Dave Watts dwa...@figleaf.com wrote: Well, a move is basically just a copy followed by a delete. So maybe CF can't delete the file? Maybe it's locked by CF itself, preventing it from being deleted. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329631 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Scheduled Task Running twice
I was never able to satisfactorily solve the problem on our server. It didn't happen with every scheduled task on the server, only one, and even if we changed the time that the task ran, it didn't matter. It would run once and then immediately run again. We just ended up setting a cron job to run the task instead of the scheduled task in CF. Jen Perkins McVicker Adobe Certified ColdFusion Developer Phone/Fax: (925) 757-1839 jen.mcvic...@gmail.com -Original Message- From: Jeffrey Pratte [mailto:jpra...@ullico.com] Sent: Wednesday, January 13, 2010 7:40 AM To: cf-talk Subject: Scheduled Task Running twice We just moved our ColdFusion 8 Ent to a new server and now our scheduled tasks are running twice. One right after the other. We physically disconnected the old server from the network and the jobs are still running twice. Any ideas how this happened or how to fix it? Thanks, Jeff ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329632 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Recent SQL Injection attacks
How do you guys monitor these attacks? The webserver logs? -Original Message- From: Al Musella, DPM [mailto:muse...@virtualtrials.com] Sent: Wednesday, January 13, 2010 12:34 PM To: cf-talk Subject: Re: Recent SQL Injection attacks I have been getting a lot lately... and had an interesting one. One computer was hammering my server. They were trying a dictionary attack on one of my forms, in addition to trying sql injection on every dynamic page. Strangely, the IP address of the attacker, 204.238.82.17, was from the USA. It was a security company. I called them and asked what they were doing. They said a security audit! They said they had permission. Turns out they were hired to test a website that is one letter off from my domain name and they made a mistake. They stopped immediately. At least they told me I passed:) My ftp server has also been getting dictionary attacks from Amsterdam 95.154.246.98.. luckily my ftp sites are set up to allow only certain ip addresses. At 08:14 PM 1/12/2010, you wrote: Didn't know about that IP. Thanks They got in through some code that was written literally 10 years ago on one of the clients forgotten sites. I've fixed up the cfquery tags and added my anti-injection code to the whole dir. Thanks -- ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Recent SQL Injection attacks
I wrote an IIS log parser which can not only parse the IIS logs to a DB but when the url params are over a certain size or has certain key words, it'll flag it as a problem to look at later. Unfortunately, the attack was on a clients site and we knew about it when the page display was compromised. The logs were only good after the fact. This attack didn't use the standard declare statement but it did have a longer than normal request string. Cleaning it out wasn't much of a problem once it was identified. I've added another bit of text to my injection scanner code but... I'm going through query after query on his site which will take me a while to recode. I'm going to have to dig up my auto-query-param code that I wrote for someone many years ago and get it up to date. More work and less rest. :( -- Michael On Wed, Jan 13, 2010 at 4:11 PM, Chad Gray cg...@careyweb.com wrote: How do you guys monitor these attacks? The webserver logs? -Original Message- From: Al Musella, DPM [mailto:muse...@virtualtrials.com] Sent: Wednesday, January 13, 2010 12:34 PM To: cf-talk Subject: Re: Recent SQL Injection attacks I have been getting a lot lately... and had an interesting one. One computer was hammering my server. They were trying a dictionary attack on one of my forms, in addition to trying sql injection on every dynamic page. Strangely, the IP address of the attacker, 204.238.82.17, was from the USA. It was a security company. I called them and asked what they were doing. They said a security audit! They said they had permission. Turns out they were hired to test a website that is one letter off from my domain name and they made a mistake. They stopped immediately. At least they told me I passed:) My ftp server has also been getting dictionary attacks from Amsterdam 95.154.246.98.. luckily my ftp sites are set up to allow only certain ip addresses. At 08:14 PM 1/12/2010, you wrote: Didn't know about that IP. Thanks They got in through some code that was written literally 10 years ago on one of the clients forgotten sites. I've fixed up the cfquery tags and added my anti-injection code to the whole dir. Thanks -- ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329634 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Recent SQL Injection attacks
using cfformprotect i am doing an exercise whereby loggin each offending IP address in a table. next to each IP i am recording the number of times they reoffend. i am then using a block script (found from this site i think?)... !--- blacklist ip addresses --- cfset fName = getDirectoryFromPath(getCurrentTemplatePath()) blacklist.txt / cfif isDefined(url.updateapp) or NOT isDefined(application.blacklist) cfset application.blacklist = / cfif FileExists(fName) cftry cffile action=read file=#fName# variable=application.blacklist charset=utf-8 / cfcatch/cfcatch /cftry /cfif /cfif cfif ListFind(application.blacklist, cgi.remote_addr, Chr(13)Chr(10)) cflocation addtoken=false url=/blacklist.html / cfabort / /cfif cfif FindNoCase(DECLARE, cgi.query_string) OR FindNoCase(CAST, cgi.query_string) OR FindNoCase(EXEC, cgi.query_string) OR FindNoCase(DROP, cgi.query_string) OR FindNoCase(DELETE, cgi.query_string) cfif not ListFind(application.blacklist, cgi.remote_addr,Chr(13)Chr(10)) cfset application.blacklist = ListAppend(application.blacklist, cgi.remote_addr, Chr(13)Chr(10)) / cftry cffile action=write file=#fName# output=#application.blacklist# charset=utf-8 / cfcatch/cfcatch /cftry cflocation addtoken=false url=/blacklist.html / cfabort / /cfif /cfif i am updating the text file with IP addresses with multiple offences. has been interesting and i do believe i have cut down the spam/injection attacks. however the table continues to grow and i think i am losing the battle. anyway thought this may gorw some ideas... ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329635 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Stored Procedure throwing error in CF but ran successfully
The best way to troubleshoot this issue if it is reproducible is to start a SQL Server Profiler trace to observe exactly what the database is doing. -Mike Chabot Mike, I am trying this at work and do not have the admin privileges to run the SQL Server Profiler. Another interesting thing is that I created a separate page, to run the procs, and that worked. When I run the page within my specific app, it fails and throws this error. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329636 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Stored Procedure throwing error in CF but ran successfully
If you don't have access to SQL profiler, find someone who does to help you or request permissions. You can't be expected to do your job without a full tool-set. Also, the debugging feature of a product such as SeeFusion when using the JDBC URL wrappers can be invaluable and easier to use than SQL profiler (though not nearly as in-depth). What's the chance the processing page (and the proc) is getting run twice? Put in something like a cfmail after the proc runs so you will know every time it runs. Also, how many insert statements are in the proc? Unlike CF, SQL's default behavior is to continue execution after an error and unless you are using transactions properly some of the statements might be running fine, while others are erroring. ~Brad Original Message Subject: Re: Stored Procedure throwing error in CF but ran successfully From: Ali Awan aawa...@gmail.com Date: Wed, January 13, 2010 3:43 pm To: cf-talk cf-talk@houseoffusion.com The best way to troubleshoot this issue if it is reproducible is to start a SQL Server Profiler trace to observe exactly what the database is doing. -Mike Chabot Mike, I am trying this at work and do not have the admin privileges to run the SQL Server Profiler. Another interesting thing is that I created a separate page, to run the procs, and that worked. When I run the page within my specific app, it fails and throws this error. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329637 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Recent SQL Injection attacks
Fast question. Has anyone seen an injection attack that used a field other than an integer? I've written a fast RegEx for use in Homesite (or any other regex using editor) that will find any query that has numeric 'looking' variables that are not in a cfqueryparam. While I have to change every variable not in a cfqueryparam, I'm trying to get the numerics first. Thanks -- Michael ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329638 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Recent SQL Injection attacks
Michael, Yes... Certain types of installations of MySQL are subject to character injection attacks. http://www.coldfusionmuse.com/index.cfm/2008/2/22/sql-injection-on-a-charact er-field Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Michael Dinowitz [mailto:mdino...@houseoffusion.com] Sent: Wednesday, January 13, 2010 5:34 PM To: cf-talk Subject: Re: Recent SQL Injection attacks Fast question. Has anyone seen an injection attack that used a field other than an integer? I've written a fast RegEx for use in Homesite (or any other regex using editor) that will find any query that has numeric 'looking' variables that are not in a cfqueryparam. While I have to change every variable not in a cfqueryparam, I'm trying to get the numerics first. Thanks -- Michael ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329639 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
hosting
Yeah, this is kinda off topic, but.. Someone, I think it was Sean Corfield had mentioned a really inexpensive ColdFusion hosting provider. GoDaddy is driving me nuts. I think it started with an A but the name escapes me.. -- Scott Stewart IT Consultant/ColdFusion Developer 4405 Oakshyre Way Raleigh, NC 27616 (919) 874-6229 ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329640 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: hosting
If really inexpensive is what you're after, check out http://www.hostingatoz.com On Wed, Jan 13, 2010 at 3:55 PM, Scott Stewart sstwebwo...@bellsouth.netwrote: Yeah, this is kinda off topic, but.. Someone, I think it was Sean Corfield had mentioned a really inexpensive ColdFusion hosting provider. GoDaddy is driving me nuts. I think it started with an A but the name escapes me.. -- Scott Stewart IT Consultant/ColdFusion Developer 4405 Oakshyre Way Raleigh, NC 27616 (919) 874-6229 ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329641 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: hosting
I can attest to this. Except for one ticket that took 5 months or so to fix, they have always been prompt and helpful setting up service. On Wed, Jan 13, 2010 at 3:57 PM, Charlie Griefer charlie.grie...@gmail.com wrote: If really inexpensive is what you're after, check out http://www.hostingatoz.com On Wed, Jan 13, 2010 at 3:55 PM, Scott Stewart sstwebwo...@bellsouth.netwrote: Yeah, this is kinda off topic, but.. Someone, I think it was Sean Corfield had mentioned a really inexpensive ColdFusion hosting provider. GoDaddy is driving me nuts. I think it started with an A but the name escapes me.. -- Scott Stewart IT Consultant/ColdFusion Developer 4405 Oakshyre Way Raleigh, NC 27616 (919) 874-6229 ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329642 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Recent SQL Injection attacks
There's a project for that. I can't remember what it is off-hand, but I'm 100% sure there's a cfqueryparam-er.cfc out there, which does this. Maybe this one? : http://qpscanner.riaforge.org/ I think there's at least one or two more too. I should really make a note of them somewhere... It would be a good addition to codecop, too. :denny -- Time and memory are true artists; they remould reality nearer to the heart's desire. John Dewey On Wed, Jan 13, 2010 at 4:34 PM, Michael Dinowitz wrote: Fast question. Has anyone seen an injection attack that used a field other than an integer? I've written a fast RegEx for use in Homesite (or any other regex using editor) that will find any query that has numeric 'looking' variables that are not in a cfqueryparam. While I have to change every variable not in a cfqueryparam, I'm trying to get the numerics first. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329643 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: hosting
+1 for really inexpensive and they've been swell. Not a single complaint here! If it's just for playing around, someone has free hosting on cf9-- I think I just saw it come across here recently, can't remember the location tho. hostingatoz has been fine, just fine. Thanks Charlie! I'm pretty sure you were the one who turned me onto them, a couple years ago. :den -- To find out what one is fitted to do, and to secure an opportunity to do it, is the key to happiness. John Dewey On Wed, Jan 13, 2010 at 5:00 PM, Phillip Vector wrote: I can attest to this. Except for one ticket that took 5 months or so to fix, they have always been prompt and helpful setting up service. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329644 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Recent SQL Injection attacks
Maybe this one? : http://qpscanner.riaforge.org/ The other main one is http://www.webapper.com/blog/index.php/2008/7/22/ColdFusion-SQL-Injection I think a mash up or two might have cropped up in the past year too. ~Brad ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329645 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Recent SQL Injection attacks
The qpscanner is ok in general but I want something that will only get me numeric variables that are not in a cfqueryparam. The RegEx does that while putting the results in a single click position for me to edit immediately. My old cfqueryparam scanner allows for auto-insertion of cfqueryparam tags for variables, but the UI is nowhere near as good as qpscanner. I'll provide the rough regex I'm using as soon as I can so that anyone can use it, include it into an app, etc. -- Michael On Wed, Jan 13, 2010 at 7:11 PM, denstar valliants...@gmail.com wrote: There's a project for that. I can't remember what it is off-hand, but I'm 100% sure there's a cfqueryparam-er.cfc out there, which does this. Maybe this one? : http://qpscanner.riaforge.org/ I think there's at least one or two more too. I should really make a note of them somewhere... It would be a good addition to codecop, too. :denny ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329646 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Recent SQL Injection attacks
Mark, Thanks. The client is on MS SQL so doing the numbers first looks like a good idea for him. Always good to prioritize work. -- Michael On Wed, Jan 13, 2010 at 6:39 PM, Mark Kruger mkru...@cfwebtools.com wrote: Michael, Yes... Certain types of installations of MySQL are subject to character injection attacks. http://www.coldfusionmuse.com/index.cfm/2008/2/22/sql-injection-on-a-charact er-field ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329647 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Stored Procedure throwing error in CF but ran successfully
Brad, Thanks for the helpful suggestions. In terms of numbers of inserts, well it's an insert statement within a cursor loop. There's 305 records being added so it loops 305 times and does an insert. As I mentioned in my last post. When I take my execution page out of the pseudo-fusebox app and run it separately, it works perfectly each time. So what I did was add an application counter in the original app on the query page, and yes it was calling it multiple times for no reason. So fine, I figured, I'd just put an IF statement around the stored proc. However, what I found was that the error was happening even if my counter was 1 or 0, meaning that the first time through, it was still getting a primary key constraint error. So, I have determined that internally, either the CF server or the JDBC driver or some way in which the cfstoredproc is being handled, is executing the stored procedure in SQL multiple times. Even if I have a SQL Profiler, it's not going to help in telling me how to stop that. And if that is true, then how come ColdFusion handles it differently when I pull that CF page out of that app, and run it by itself? Ali ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329648 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: hosting
I've used atoz before, and it was just an aweful experience all around. I'd vote no to atoz. Mark On Thu, Jan 14, 2010 at 11:19 AM, denstar valliants...@gmail.com wrote: +1 for really inexpensive and they've been swell. Not a single complaint here! If it's just for playing around, someone has free hosting on cf9-- I think I just saw it come across here recently, can't remember the location tho. hostingatoz has been fine, just fine. Thanks Charlie! I'm pretty sure you were the one who turned me onto them, a couple years ago. :den -- To find out what one is fitted to do, and to secure an opportunity to do it, is the key to happiness. John Dewey On Wed, Jan 13, 2010 at 5:00 PM, Phillip Vector wrote: I can attest to this. Except for one ticket that took 5 months or so to fix, they have always been prompt and helpful setting up service. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329649 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Stored Procedure throwing error in CF but ran successfully
On Wed, Jan 13, 2010 at 5:58 PM, Ali Awan wrote: And if that is true, then how come ColdFusion handles it differently when I pull that CF page out of that app, and run it by itself? If that's the case, you know that it's not ColdFusion itself causing the error. I don't think queries are var scoped by default-- do you perhaps have another query by that name getting processed prior? Maybe try adding cfset var yourQueryName = / before your query? Sounds like a scope problem to me, FWIW. :deN -- Without some goals and some efforts to reach it, no man can live. John Dewey ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329650 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Stored Procedure throwing error in CF but ran successfully
Firstly, install MS Fiddler and examine the HTTP requests being sent from your browser when you click whatever button or link loads the processing page. All too many times I have seen a form with a submit button AND a JavaScript onclick that are working together to submit the form more than once. Again, a product such as SeeFusion will also make it easier to see if the proc is running twice as part of the same request or once in two separate requests. If the request is only being sent from your browser once, than step through the fuse action begin called and examine your CF debugging to see how many times everything is being called. I'm sure there's a logical explanation somewhere but you're the only one that can do the leg work to find it. You don't by chance have your cfstoredproc call in a custom tag do you? Self-closing tag calls like cf_myproc / used to run twice- once with executionmode=start and once for end.1 As far as the SQL error-- what is the data type of you primary key field and how are you generating the primary key values? As far as the fact that the proc would error on either the 0 or 1 is mostly meaningless and up to chance if the problem is a concurrency issue. If the proc cannot allow a concurrent execution, it will be up to the luck of the draw as to which one errors first. ~Brad ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329651 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Can application scope gateways/DAOs returning an array of Objects?
So, I'm relatively new to OO in ColdFusion, and I'm banging my head against one issue in particular. Let's say I've got a DAO or Gateway object in my APPLICATION scope that needs to return a collection of beans, I'm having trouble understanding the need to VAR scope all internally used variables when I've got a dynamic number of objects being returned. That's not very clear, so let's say this is the function in question: cffunction name=getContacts access=public returntype=Contact[] cfset returnArray = ArrayNew() cfset q_Contacts = cfquery name=q_Contacts SELECT * FROM Contacts /cfquery cfloop query=q_Contacts cfset thisContact = createObject('component', 'Contact').init(...insert init info here...) cfset ArrayAppend(returnArray, thisContact) /cfloop cfreturn returnArray /cffunction So, my concern is with the inability to create the Contact objects in the VAR scope since I don't know how many I'll be creating before hand. If I do it like this (i.e. without the VAR on the createObject), am I setting myself up problems? If so, how should I handle this? Thanks again, and I hope it's not to ridiculous a question. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329652 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Can application scope gateways/DAOs returning an array of Objects?
Hi Jonathon, There's only one thisContact variable, which is being reused each time through the loop. So all you need to do is put: cfset var thisContact = right at the start. There's an indeterminate number of values that are passing through that one variable on their way into the array, but it's still one variable. And of course var scope returnArray and q_Contacts as well. If you're on CF9 things may a little different in that you may not need to explicitly var scope, but I'll let the CF9 gurus pick that one up. Jaime On Thu, Jan 14, 2010 at 4:26 PM, Jonathan Price jonat...@imakehthissound.com wrote: So, I'm relatively new to OO in ColdFusion, and I'm banging my head against one issue in particular. Let's say I've got a DAO or Gateway object in my APPLICATION scope that needs to return a collection of beans, I'm having trouble understanding the need to VAR scope all internally used variables when I've got a dynamic number of objects being returned. That's not very clear, so let's say this is the function in question: cffunction name=getContacts access=public returntype=Contact[] cfset returnArray = ArrayNew() cfset q_Contacts = cfquery name=q_Contacts SELECT * FROM Contacts /cfquery cfloop query=q_Contacts cfset thisContact = createObject('component', 'Contact').init(...insert init info here...) cfset ArrayAppend(returnArray, thisContact) /cfloop cfreturn returnArray /cffunction So, my concern is with the inability to create the Contact objects in the VAR scope since I don't know how many I'll be creating before hand. If I do it like this (i.e. without the VAR on the createObject), am I setting myself up problems? If so, how should I handle this? Thanks again, and I hope it's not to ridiculous a question. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329653 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Can application scope gateways/DAOs returning an array of Objects?
If you're on CF9 things may a little different in that you may not need to explicitly var scope, If you are on CF9, use the local scope as it is inherently varred: cfset local.returnArray = [] ... cfset local.thisContact = createObject('component', 'Contact').init(...insert init info here...) cfset ArrayAppend(local.returnArray, local.thisContact) If you are not on CF9, I could recommend still getting in the habit of pretending there is a local scope and putting cfset var local = {} at the top of your method. Just make sure you reference all of your local variables as local.varName and this will ensure that multiple people hitting that code at the exact same time will all have their own special versions of each of those variables and no one will be overwriting another. ~Brad ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329654 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Can application scope gateways/DAOs returning an array of Objects?
Right, I tried this but it behaved weirdly - as thought the ArrayAppend were passing just a pointer to the one object each time so that after appending all my objects, the array was full replicas of whichever object was loaded last instead of a bunch of different objects. To clarify, here's some code: CFFUNCTION name=getPrograms_a access=public returntype=Array CFINVOKE method=getPrograms_q returnvariable=q_programs /CFINVOKE CFSET a_programs = ArrayNew(1) CFSET o_program = createObject('component', '#REQUEST.cfcPathDot#.Program') CFLOOP query=q_programs CFSET o_program.setProgramID(programID = q_programs.ProgramID) CFSET APPLICATION.programDAO.read(o_program) CFSET ArrayAppend(a_programs, o_program) /CFLOOP CFRETURN a_programs /CFFUNCTION So, when I call this function, I get an array back that has seven objects as I'd expect (as there are 7 programs in the database). However, each object in the array has the same values in it. If I do a dump of the of the o_program object just before the append in the above function, I see the different programs displayed individually as I'd expect. But when I look at the Array that's returned in the calling page, I see seven identical programs. Thanks again for the help Hi Jonathon, There's only one thisContact variable, which is being reused each time through the loop. So all you need to do is put: cfset var thisContact = right at the start. There's an indeterminate number of values that are passing through that one variable on their way into the array, but it's still one variable. And of course var scope returnArray and q_Contacts as well. If you're on CF9 things may a little different in that you may not need to explicitly var scope, but I'll let the CF9 gurus pick that one up. Jaime On Thu, Jan 14, 2010 at 4:26 PM, Jonathan Price jonat...@imakehthissound.com wrote: ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329655 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Can application scope gateways/DAOs returning an array of Objects?
Yeah, we're on CF8 for better or worse. So I redid the previous function to look like this: CFFUNCTION name=getPrograms_a access=public returntype=Array CFSET VAR local = {} CFINVOKE method=getPrograms_q returnvariable=q_programs CFSET local.a_programs = ArrayNew(1) CFLOOP query=q_programs CFSET local.o_program = createObject('component', '#REQUEST.cfcPathDot#.Program').init(programID = q_programs.ProgramID) CFSET ArrayAppend(local.a_programs, local.o_program) /CFLOOP CFRETURN local.a_programs /CFFUNCTION And I'm getting the correct info back now. Last two questions. 1) should I not worry about running 'createObject' on the same local.o_program structure member everytime? It's not completely obvious to me how 'local' magic is working. And is there not a memory leak issue with running createObject on every iteration? 2) Should my previous version have worked? I don't mind doing this 'local' trick everywhere, but I am curious about why the original wasn't working properly. Thanks! If you're on CF9 things may a little different in that you may not need to explicitly var scope, If you are on CF9, use the local scope as it is inherently varred: cfset local.returnArray = [] ... cfset local.thisContact = createObject('component', 'Contact').init(...insert init info here...) cfset ArrayAppend(local.returnArray, local.thisContact) If you are not on CF9, I could recommend still getting in the habit of pretending there is a local scope and putting cfset var local = {} at the top of your method. Just make sure you reference all of your local variables as local.varName and this will ensure that multiple people hitting that code at the exact same time will all have their own special versions of each of those variables and no one will be overwriting another. ~Brad ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329656 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Can application scope gateways/DAOs returning an array of Objects?
CF copies objects by reference. Each time you changed the object in the loop, you updated each previous reference. You could use duplicate() to put a copy into the array. mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2010/1/14 Jonathan Price jonat...@imakehthissound.com: 2) Should my previous version have worked? I don't mind doing this 'local' trick everywhere, but I am curious about why the original wasn't working properly. Thank ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329657 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4