Re: CFForm Integer Validation Allowing Commas
I would never dream of abandoning ColdFusion over one bug or feature that I didn't like. It is still, by far and away, my favorite platform for creating web applications. I will continue, as I have in the past, singing it's praises to colleagues and co-workers. In fact, I have convinced my previous two employers to switch from other platforms to ColdFusion, and I will continue to do so if I have the opportunity in the future. I was just pissed off to discover that the bulit-in client-side validation now functions in a way that I think is illogical, especially since it affects a bunch of my old code. I've cooled off a bit now and have convinced myself that I'll be better off writing my own custom validation wherever necessary. However, if anyone from Adobe is reading this, I would still say that this is something that definitely needs to be revisited for the next major release of CF. I should also add that aside from the telephone, numeric, integer, and float validation functions, I have not run into any issues. I will continue to use elements, as they are often an extremely useful shortcut for mundane JavaScript code. - Justin >That was one hell of a rant. I started using Perl as my first web dynamic >language back in college. That being said and for everyone who feels the >pain of Perl, you will be in regex hell for your stay in Hotel Perl Mod. >What I did get from Perl was the positive side of regex, I use regex to >validate cfform controls. > >I agree with the usage of commas, but I have plenty of financial clients >that will disagree with you on the integer. Commas are just a >presentational way of showing large numbers more legibly. I do not advocate >allowing the entering of number and I provide both client side and server >side validation for any user entered information. > >Your complaint is valid, but there are plenty of ways to go around it. > >I do not expect the CF language to have a validation, function or tag that >will magically solve every issue. What I do expect and CF has always >provided is the ability to combine all of the features of CF to accomplish >them. CF has so many ways to approach a solution that people can get lost >in translation. > >I hope that you do not use a cfform validation as your reason to leave the >realm of ColdFusion. ColdFusion is still the easiest way to achieve a lot >in a short amount of time. > >Teddy > > >On 9/5/06, Justin Holzer <[EMAIL PROTECTED]> wrote: >> ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252314 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFForm Integer Validation Allowing Commas
That was one hell of a rant. I started using Perl as my first web dynamic language back in college. That being said and for everyone who feels the pain of Perl, you will be in regex hell for your stay in Hotel Perl Mod. What I did get from Perl was the positive side of regex, I use regex to validate cfform controls. I agree with the usage of commas, but I have plenty of financial clients that will disagree with you on the integer. Commas are just a presentational way of showing large numbers more legibly. I do not advocate allowing the entering of number and I provide both client side and server side validation for any user entered information. Your complaint is valid, but there are plenty of ways to go around it. I do not expect the CF language to have a validation, function or tag that will magically solve every issue. What I do expect and CF has always provided is the ability to combine all of the features of CF to accomplish them. CF has so many ways to approach a solution that people can get lost in translation. I hope that you do not use a cfform validation as your reason to leave the realm of ColdFusion. ColdFusion is still the easiest way to achieve a lot in a short amount of time. Teddy On 9/5/06, Justin Holzer <[EMAIL PROTECTED]> wrote: > > How is "1,235" considered an integer? I know that ColdFusion is a lossely > typed language, but what CF programmer is writing code like = 1,234 /> ? > > Not only is it wrong to validate numeric input with commas, it's > counter-intuitive, illogical, and just plain insecure. If the programmer > wishes the user to be able to enter commas, that's fine, but it should > certainly not be the default behavior, especially when the validation did > not work that way prior to MX 7. I don't understand why the person/people > who developed these most recent validation functions did not think > programmers would not want the numeric data to be something that could be > stuck straight into a SQL query as a numeric data type. Commas should be an > exception, not the rule. Add a new validation function called > "numberWithCommas" or something like that, but why break something that > works just fine? > > What's even worse, is the number validation functions will allow an > arbitrary number of commas at arbitrary positions. So the user can enter > "1,,2,,,35" and it will validate just fine. This is because > whoever wrote the validation JavaScript (located in cfform.js) decided it > would be a wise idea to strip the commas, and other special characters, from > the input string before validating it. However, these characters are not > stripped from the user's actual input, so the JavaScript is validating > something different that was actually typed. I don't see how you can call > this anything but a bug. > > I've been a huge fan and supporter of ColdFusion since I started using it > in version 5. However, this recent discovery has caused me to lose a lot of > faith, because data validation that is something that I fell can not be > overlooked in the slightest, as it apparently has been in MX 7. I for one, > will be using custom regular expressions, until Adobe either issues a fix > for the validation functions, or the new version of CF is released, and I > would suggest that everyone else do the same, as that current numeric > validation functions pose a serious security risk and allow users to easily > crash your application if you do not know what to expect. > > As a footnote, I've also had issues with the validate="telephone" function > as well. I would suggest for anyone that extensively uses the validation > feature in elements, to write their own custom regular expressions > for as many of the validation types as possible. Of course, you could also > make changes to the cfform.js script, but that probablly isn't the wisest > idea for a long-term solution. > > Regards, > > Justin Holzer > > >I was gonna say, I thought an Int was just a whole number, meaning no > >fractions or decimals correct? > > > >Commas should be allowed past that shouldn't they? > > > >> > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252189 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFForm Integer Validation Allowing Commas
How is "1,235" considered an integer? I know that ColdFusion is a lossely typed language, but what CF programmer is writing code like ? Not only is it wrong to validate numeric input with commas, it's counter-intuitive, illogical, and just plain insecure. If the programmer wishes the user to be able to enter commas, that's fine, but it should certainly not be the default behavior, especially when the validation did not work that way prior to MX 7. I don't understand why the person/people who developed these most recent validation functions did not think programmers would not want the numeric data to be something that could be stuck straight into a SQL query as a numeric data type. Commas should be an exception, not the rule. Add a new validation function called "numberWithCommas" or something like that, but why break something that works just fine? What's even worse, is the number validation functions will allow an arbitrary number of commas at arbitrary positions. So the user can enter "1,,2,,,35" and it will validate just fine. This is because whoever wrote the validation JavaScript (located in cfform.js) decided it would be a wise idea to strip the commas, and other special characters, from the input string before validating it. However, these characters are not stripped from the user's actual input, so the JavaScript is validating something different that was actually typed. I don't see how you can call this anything but a bug. I've been a huge fan and supporter of ColdFusion since I started using it in version 5. However, this recent discovery has caused me to lose a lot of faith, because data validation that is something that I fell can not be overlooked in the slightest, as it apparently has been in MX 7. I for one, will be using custom regular expressions, until Adobe either issues a fix for the validation functions, or the new version of CF is released, and I would suggest that everyone else do the same, as that current numeric validation functions pose a serious security risk and allow users to easily crash your application if you do not know what to expect. As a footnote, I've also had issues with the validate="telephone" function as well. I would suggest for anyone that extensively uses the validation feature in elements, to write their own custom regular expressions for as many of the validation types as possible. Of course, you could also make changes to the cfform.js script, but that probablly isn't the wisest idea for a long-term solution. Regards, Justin Holzer >I was gonna say, I thought an Int was just a whole number, meaning no >fractions or decimals correct? > >Commas should be allowed past that shouldn't they? > >> ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:252165 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFForm Integer Validation Allowing Commas
In CF MX 6.1, commas were not allowed on cfinput validation="integer". In CF MX 7.0.2, you can have commas. Unless you preserve the commas by storing them as a varchar in a database, they are typically removed when inserted into the database for you. Teddy On 8/30/06, Loathe <[EMAIL PROTECTED]> wrote: > > I was gonna say, I thought an Int was just a whole number, meaning no > fractions or decimals correct? > > Commas should be allowed past that shouldn't they? > > > -Original Message- > > From: Dave Watts [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 30, 2006 10:42 AM > > To: CF-Talk > > Subject: RE: CFForm Integer Validation Allowing Commas > > > > > > > I have a CFINPUT tag using the validate="integer" attribute > > > and this is allowing commas in the input field to get past > > > the validation. Of course I can add my own additional code to > > > reject the commas, but I didn't think I had to, I thought > > > that was what the integer validation was for. Is this by > > > design? Why would anyone want this to be acceptable behavior? > > > > 1,234,567 is a valid integer value, I think. > > > > Dave Watts, CTO, Fig Leaf Software > > http://www.figleaf.com/ > > > > Fig Leaf Software provides the highest caliber vendor-authorized > > instruction at our training centers in Washington DC, Atlanta, > > Chicago, Baltimore, Northern Virginia, or on-site at your location. > > Visit http://training.figleaf.com/ for more information! > > > > > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251481 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: CFForm Integer Validation Allowing Commas
I was gonna say, I thought an Int was just a whole number, meaning no fractions or decimals correct? Commas should be allowed past that shouldn't they? > -Original Message- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 30, 2006 10:42 AM > To: CF-Talk > Subject: RE: CFForm Integer Validation Allowing Commas > > > > I have a CFINPUT tag using the validate="integer" attribute > > and this is allowing commas in the input field to get past > > the validation. Of course I can add my own additional code to > > reject the commas, but I didn't think I had to, I thought > > that was what the integer validation was for. Is this by > > design? Why would anyone want this to be acceptable behavior? > > 1,234,567 is a valid integer value, I think. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251480 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFForm Integer Validation Allowing Commas
I tested it as well. The only thing that I can see is that it is sueful for is financial data which will have comma delimeted values like 1,000,000. If you do not like the commas, I suggest change the validate to "regex" and then put ina regular expression that only allows numbers. Teddy On 8/30/06, Steve Moore <[EMAIL PROTECTED]> wrote: > > I have a CFINPUT tag using the validate="integer" attribute and this is > allowing commas in the input field to get past the validation. Of course I > can add my own additional code to reject the commas, but I didn't think I > had to, I thought that was what the integer validation was for. Is this by > design? Why would anyone want this to be acceptable behavior? > > Steve Moore > > ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251479 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: CFForm Integer Validation Allowing Commas
> I have a CFINPUT tag using the validate="integer" attribute > and this is allowing commas in the input field to get past > the validation. Of course I can add my own additional code to > reject the commas, but I didn't think I had to, I thought > that was what the integer validation was for. Is this by > design? Why would anyone want this to be acceptable behavior? 1,234,567 is a valid integer value, I think. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251478 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CFForm Integer Validation Allowing Commas
I have a CFINPUT tag using the validate="integer" attribute and this is allowing commas in the input field to get past the validation. Of course I can add my own additional code to reject the commas, but I didn't think I had to, I thought that was what the integer validation was for. Is this by design? Why would anyone want this to be acceptable behavior? Steve Moore ~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251475 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
