Closing single CF tags like XML/XHTML
Can anybody direct me to an official statement of sorts recommending that CF developers start closing single tags like cfabort/ with an ending slash a la XML (like I just did? I've been doing it for a long while now, and I can't remember when support was first added (MX 6?) but I seem to remember thinking it was recommended and would later be required... Am I on crack? In any case, what do you prefer? I absolutely use trailing slashes on every CF tag that doesn't have its own closing, such as: cfset var = value/ cfinclude template=file.cfm/ cfabort/ cffile action=delete file=file.txt/ cfhttp action=get [etc etc]/ It makes it easier to read, in my opinion, and tools like Eclipse don't have a fit thinking that you didn't close a tag. Are there any solid arguments against this? (Other than wah, I don't like change!) I'm getting frustrated by another developer at my company who insists on removing them when editing a file I've worked on! Argh. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258319 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Closing single CF tags like XML/XHTML
Christian Cantrell posted a survey about this in 2003... http://weblogs.macromedia.com/cantrell/archives/2003/05/closing_tags_wi.cfm I especially liked Samuel Neff's comments, as they echo my own beliefs (since we're all supposed to be coding in XHTML - or will eventually - which requires closing all tags, why not do it in CF for consistency?): [begin quote] I think that we are all creatures of habit. If you have a standard operating Proceedure (SOP) for any development, you should stick with it. Usuing XHTML standards when you are creating html, but not using it when CF'ing it, will only lead to confusion. It won't be long til you will have spent a week working on CF and then build a couple dozen pages in stright html and you'll forget to close your html tags. I also think having a strict standard for tags helps reinforce HTML CF development as a true structed programming exercise. Also, IMHO I think that if you are training more junion programmers, you should teach them a standard they can use throughout your apps., AND prepare them for XML-centrict issues later. [end quote] ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258324 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Closing single CF tags like XML/XHTML
Aha! I knew I read it somewhere semi-official (although I admit these are just suggestions): http://livedocs.macromedia.com/wtg/public/coding_standards/style.html Macromedia's own coding standards guide: [snip] ColdFusion source code cannot quite be written to be purely XHTML-compliant because of certain tags (cfif / cfelse, cfreturn, cfset) but you should make an effort to be as XHTML-compliant as possible ... This makes the source code more consistent (across CFML and HTML) and will also help you avoid subtle errors such as unterminated nested cfmodule calls. [/snip] ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258326 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Manually flush all cached queries?
Thank you, Raymond. (I just posted my self-followup coming to the same conclusion before your response came in.) Clearing all of the queries is exactly what I wanted to do, so problem solved. cfobjectcache action=refresh will clear ALL of them. To clear one query, rerun the query with the EXACT same settings (sql, attributes, etc) but with a timeout of zero. When I say exact same - it must be the exact same even when it comes to white space. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252386 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Manually flush all cached queries?
Self-followup: I researched a bit and came up with cfobjectcache action=clear/. It seems to do the trick, although I've just read elsewhere that it may not clear all queries. However, some is better than none for my purposes and it worked in my test just now. Anyone used it before? I had never even heard about it. Thanks, Jeff ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252385 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Manually flush all cached queries?
I fear I already know the answer to this, but is it possible? We use cachedwithin queries all over the place and want to be able to flush CF's memory when needed to reflect changes from the database immediately. Is there any way to do this other than restarting the CF service? I know you can zero out the cachedwithin times, but that doesn't seem feasible as the caches are in all sorts of CFCs and have various timeouts assigned. Thanks. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252376 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: What is the use of structFind? (CFMX)
I haven't used StructFind in a while, but one use might be if you're storing the name of the field you want to access in a variable: structFind(xStruct, variableWithFieldNameInIt); Although this ... xStruct['#variableWithFieldNameInIt#'] . works too, so I dunno. I'd bet my left leg that the compiler treats them both the same. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250871 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Messy messy messy code
I'm just coming out of a year's worth of development on a very similar project, and let me tell you... LESSONS LEARNED. Do not, do not, do not, rely on ColdFusion for heavily object-oriented CFCs that store their own data (in the CFC itself). It's just not ready. Don't get me wrong, I'm not talking about reasonable OO, but we had some consultants who were creating CFCs like pure Java classes (with lots of inheritance and override functions). After we added just one real customer, the server crashed hard (the pages took way too long to load, the memory added up and threads ran out). That said, we have since revamped a lot of the architecture and now the site flies. I would recommend: Store as many reusable CFCs as possible in the application scope, so long as they don't hold any per-request data. For your visitor tracking, I would suggest one CFC in the application scope that just manipulates session data. DON'T create and store a CFC for every visitor in session; it's a waste of memory. Cache as many queries as possible using cachedwithin. Caching queries is, consistently, in many different projects, by far the biggest performance improvement in CF I've ever encountered. Be reasonable and don't cache stuff just for the sake of it, though. Caching articles for a few minutes is fine (I only do 30 seconds on HPANA.com). I use an application-scoped CFC to grab news/article content and query cache them as needed. For your congressional database, I'd say (depending on how many rows it is) consider query caching the whole thing for up to 24 hours. Then use query-of-queries when you want to access it on a per-ZIP Code basis. A good way to look at memory is to turn on the JVM's garbage collection debugging output. You'll see from a bird's eye view how the memory grows with each request and how much garbage collection the JVM has to do when the time comes. All of this impacts performance in the end. It sounds like you already know most of what you have to do, and have the knowledge and research ability to figure out the rest. Good job! --- Jeff Guillaume Kazoomis Online Media http://www.kazoomis.com ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250873 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Top 100 ColdFusion Programmers
We just hired two CF developers and it was very, very difficult to find qualified ones. Google is definitely your friend. A quick search on a prospect's name can bring up any articles, blog posts, newsgroup/community questions and other programming affiliations. Some good indicators of skill level we found while interviewing were: (a) how long they've been a CF developer, exactly what CF technologies they have experience in, and their server background If they've been a full-time CF programmer for several years, or can demonstrate extensive use of components and other MX 6+ technology, they get a couple of points. It means they're interested in ColdFusion and have kept up with the platform changes. If they know how to administer a CF server (especially if they've delved into the JVM at all), that's even better. (b) if they know other languages This can be a good measure of if they're truly a programmer or just a scripting hack. (c) how good their SQL is We all know DBMS experience is a major part of CF/web development. If they're weak on SQL, you can bet they're probably weak on web infrastructure development as a whole. (d) what projects they've worked on When they say the majority of their work is on intranets, extranets or reporting tools, that may be an indication they're doing some pretty simple CF scripting. When they are working on external, consumer-based sites, that tells us they might have a broader impact on those sites and likely use more in-depth coding. There are others, to be sure, but these guidelines have helped us rather quickly weed out the undesirables. --- Jeff Guillaume Kazoomis Online Media http://www.kazoomis.com ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250928 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: coldfusion sql injection
Let alone the security aspect, it also improves performance by causing your database server to bind the variables before executing the query. Straight from Macromedia: http://tinyurl.com/oo49m (link to docs) - Allows the use of SQL bind parameters, which improves performance. - Ensures that variable data matches the specified SQL type. - Allows long text fields to be updated from a SQL statement. - Escapes string variables in single-quotation marks. Example: cfquery name = getEmployees dataSource = cfdocexamples SELECT * FROM employees WHERE LastName = cfqueryparam value = #LastName# cfsqltype = cf_sql_char maxLength = 17/ /cfquery In this case, cfqueryparam performs the following checks: - It ensures that LastName contains a string. - It ensures that the string is 17 characters or less. - It escapes the string with single-quotation marks so that it appears as a single value to the database. Even if a hacker passes a bad URL, it appears as follows: WHERE LastName = 'Smith DELETE FROM MyCustomerTable'. That's the thing... When is cfqueryparam REALLY necessary for security? I want to see some examples that require cfqueryparam. Russ ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250728 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Problem with URL display in browser
I'm afraid that's just how it's going to look down there on the address bar (unless the file is actually being written like that?). It doesn't affect what you're trying to achieve. I would suggest, however, that you use hyphens instead of underscores (they just look better to me.) Also keep in mind that several search engines now recognize this technique and may penalize your site accordingly if it's apparent you're attempting to blatantly spam them. (And before anyone calls me out, I know Google does this with Blogger.com and even their own official blogs, but hey, are they going to penalize themselves?) In my opinion, you shouldn't use more than four or five words using this technique in your URLs (that may even be pushing it). If you're trying to improve your search rankings, make sure you have well-written HTML title and meta keywords and description tags. At the very least, you should have keyword and description columns in your DB for every article. --- Jeff Guillaume Kazoomis Online Media http://www.kazoomis.com One of the columns in my table is called 'shortheader', which basically takes the article headline, and makes it url friendly. Therefore, 'This is a Test' becomes 'this_is_a_test' as the shortheader. This part works fine, and when displayed on page, it looks fine. However, clicking on a link, which on mouseover appears like this - http://www.mydomain.com/this_is_a_test, when the page is displayed the address bar shows as http://www.mydomain.com/this%5Fis%5Fa%5Ftest - which obviously doesn't look too good. I'm not sure if this makes a difference or not, but the linking page is being created and 'published' using cffile to create a static html page. I have another page, a cfml page, that doesn't seem to have the same effect and works as planned. Therefore, I assume the problem lies with the way cffile is creating the page. That said, looking at the raw HTML of the page cffile creates, it looks fine. Any help much appreciated! ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250752 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session issues
Let's see your isUserAuthenticated function.
(Also, you don't need to use YesNoFormat... your function should just return a
type of boolean.)
cfscript
if(YesNoFormat(Application.Security.isUserAuthenticated()) EQ No
AND trim(attributes.fuseaction) EQ personalinfo){
Application.utils.redirect(#trim(request.webroot)#/index.
cfm?fuseaction
=loginScreenreason=Your session expired.);
}else if(YesNoFormat(Application.Security.isUserAuthenticated()) EQ
No){
Application.utils.redirect(#trim(request.webroot)#/index.
cfm?fuseaction
=loginScreenreason=Your session expired. Check your email inbox for
your pin so you can login and continue your assessment.);
}
/cfscript
~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250770
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Session issues
Your framework looks good to me. If this problem just popped up out of nowhere, and you didn't make any code changes, you should probably check if there were any server configuration changes in CF Admin or IIS. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250783 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Session issues
Your framework looks good to me. If this problem just popped up out of nowhere, and you didn't make any code changes, you should probably check if there were any server configuration changes in CF Admin or IIS. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250781 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Sorting by Column Headers
The quickest fix would be to pass your search parameters on the URL instead of FORM (action=get instead of action=post from the submitting page). Then grab the current URL, minus the sort parameter, to re-use for the next output. cfset theUrl = cgi.script_name ? left(cgi.query_string, findNoCase(sortby=, cgi.query_string) - 1)/ Now: a href=#theUrl#SortBy=CategoryCategory/a .etc. This will retain the search parameters (since they're on the URL). ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250790 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Sorting by Column Headers
Storing the results in SESSION is a nifty (and fast) method, but I'd only recommend it if you know your result sets will always be relatively small. You don't want 100 people caching a resultset of, say, 10,000 rows of data. You'll run into memory issues. ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250791 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Trying to query top selling products
Here's some SQL for MS SQL Server (you're not using Access are you?): select top 10 prodName, sum(prodQty) as totalOrdered from tblOrderItems group by prodName order by 2 desc ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250801 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: coldfusion sql injection
I just make sure I always scrub user-entered data when possible, but at the very least you should use cfqueryparam to pass data into queries. --- Jeff Guillaume Kazoomis www.kazoomis.com Now, it is my belief that CF auto escapes single quotes, so sql injection into a string is not possible. I believe it's still possible if you have a number, but pass in a string, but that can be defeated by using VAL. Someone pointed me to an article from 2 years ago that describes how to do sql injection with CF: http://coldfusion.sys-con.com/read/46358.htm?CFID=472470 http://coldfusion.sys-con.com/read/46358.htm?CFID=472470CFTOKEN=B2D822C3-1 3E7-B7E0-0702115FF33798C6 CFTOKEN=B2D822C3-13E7-B7E0-0702115FF33798C6 I couldn't get the example in there to work. Other then putting in an injection string into a numeric argument, are there any other examples of doing SQL injection with ColdFusion? Russ ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250673 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
