Hi,
another possibility is to use the POI Utility you can find on Ben Nadel's page :
http://www.bennadel.com/blog/865-POIUtility-cfc-Examples-For-Reading-And-Writing-Excel-Files-In-ColdFusion.htm
Greets
Stéphane
I wouldn't say it is the *best* way but this will maintain table layouts:
Hi!
Will Tomlinson wrote:
The problem we're having is, whenever he hits one of his domains we
setup in his windows hosts file, it directs you to the default apache
website. It works!
But we have virtualhost directives in the httpd.config file to
direct to C:\webRoot\somesite
What's
Another good option is jExcel integration:
http://www.cfinsider.com/index.cfm/2008/1/3/Modify-Excel-Spreadsheets-with-ColdFusion-the-easy-way
Cheers
Marco Antonio
On Tue, Oct 28, 2008 at 5:37 AM, Stephane Vantroyen [EMAIL PROTECTED] wrote:
Hi,
another possibility is to use the POI Utility
On Friday 24 Oct 2008, Mike Kear wrote:
first name and last name in the form, and click 'submit'. Then on
the fly, there's a news report using the name you just put in.
Whatever it is, the BBC go one step better with their 'Spooks' game.
Upload a head on shot of someone, mark the mouth, eyes
Hi - does anyone know of any plans to push out free DataDirect drivers
(an updated macromedia.jar) in support of Oracle 11g?
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free
Hi all,
I had an interesting request from a client and I'm not finding much info out
there on what the client needs.
Without going into too much detail (love those NDAs!), the client wants to
offer instant-approval lines of credit to Web site visitors. In essence, the
thinking is: visitor
Is it possible to pass a list of values through the url:
IE: index.cfm?a=1,2,3
thanks
sas
--
Scott Stewart
ColdFusion Developer
Office of Research Information Systems
Research amp; Economic Development
University of North Carolina at Chapel Hill
Phone:(919)843-2408
Fax: (919)962-3600
Email:
However, I can't for the life of me figure out how to get CF to pass the
password through the LDAPS connection as UTF-16LE, and with double quotes
around it.
Not sure if this UDF could help, but it's worth a quick try:
http://www.massimocorner.com/coldfusion/udf/convertCharset.zip
I work in the Merchant side of the industry. You'll need a bank that backs
the line of credit. Each bank is going to have its own underwriting rules.
Your online app would have to do whatever it takes to satisfy those
guidelines, and then give an approval based on that.
Edward A Savage Jr -
Yes, but be careful of the length of the list as browsers have limits.
Adrian
-Original Message-
From: Scott Stewart
Sent: 28 October 2008 15:39
To: cf-talk
Subject: passing a list through a url
Is it possible to pass a list of values through the url:
IE: index.cfm?a=1,2,3
thanks
On Tuesday 28 Oct 2008, Scott Stewart wrote:
IE: index.cfm?a=1,2,3
Yes. As long as it isn't too long.
--
Tom Chiverton
Helping to administratively optimize mission-critical B2C scalable
out-of-the-box e-services
This email is sent for
Thanks Adrian and Tom
sas
Scott Stewart wrote:
Is it possible to pass a list of values through the url:
IE: index.cfm?a=1,2,3
thanks
sas
--
Scott Stewart
ColdFusion Developer
Office of Research Information Systems
Research amp; Economic Development
University of North Carolina
This is what I think I was trying to get at. Moving the loop into the
thread instead of having the loop outside the thread is the part I
think I was missing. Having a generic tool to do queue management
could be quite handy.
Of course I've since realized that my particular situation is slightly
Are you looking for an actual credit-check service with an API? or are you
looking for the bank that would actually back the credit line?
For checking credit ratings, I guess you could check to see whether Experian,
Equifax, and TransUnion have APIs. Still, not sure you would be able to verify
I have a variable passed though a URL that looks like this
index.cfm?a=1,2,3
The variable a is passed to a SQL statement WHERE clause as
part of an IN operator
IE: WHERE b in (#url.a#).
How would I encapsulate url.a in a CFQueryParam properly, is this a
case where I wouldn't define the
cfqueryparam cfsqltype=cf_sql_integer value=#url.a# list=true
separator=,
Obviously you would need to change the sqltype to what your sql type is.
On Tue, Oct 28, 2008 at 10:13 AM, Scott Stewart [EMAIL PROTECTED]wrote:
I have a variable passed though a URL that looks like this
WHERE b IN ( cfqueryparam cfsqltype=CF_SQL_VARCHAR value=#url.a#
list=yes )
The list=yes parameter of CFQUERYPARAM will properly wrap the single quotes
around each list element.
-Jason
I have a variable passed though a URL that looks like this
index.cfm?a=1,2,3
The variable a is passed to a
cfqp has a list attribute.
Adrian
Building a database of ColdFusion errors at http://cferror.org/
-Original Message-
From: Scott Stewart
Sent: 28 October 2008 17:13
To: cf-talk
Subject: CFQueryParam question
I have a variable passed though a URL that looks like this
index.cfm?a=1,2,3
Try this:
cfqueryparam value=#Trim(URL.a)# cfsqltype=cf_sql_varchar
list=true /
Thanks,
Eric Cobb
Scott Stewart wrote:
I have a variable passed though a URL that looks like this
index.cfm?a=1,2,3
The variable a is passed to a SQL statement WHERE clause as
part of an IN operator
[This might sound similar to the September posting for CFDOCUMENT, but it's not]
I have servers that were originally installed with the trial edition of CF8 and
then changed to standard edition by entering our valid license numbers within
the 30 day period. That all worked fine, and the edition
What are you using for random (unique) record identifiers in MySQL? I
could use UUIDs, generated either in my CF application, or in MySQL
itself. But for a table that's never likely to have more than a few
hundred thousand records I could also just use something like a 10
character randomly
Can't you just use an AUTO_INCREMENT column? That's what they're there for.
On Tue, Oct 28, 2008 at 11:40 AM, Jim McAtee [EMAIL PROTECTED] wrote:
What are you using for random (unique) record identifiers in MySQL? I
could use UUIDs, generated either in my CF application, or in MySQL
itself.
The only thing I've noticed in using that is that you can guess the next
number.
If you have a URL string of id set to 7, I've always tried manually
typing in 6 and seeing what happens. Sometimes, 5. :)
Now, can you guess another record if the ID is 3219-D87562EFA- etc.? :)
Barney Boisvert
The list=yes parameter of CFQUERYPARAM will properly wrap the single quotes
around each list element.
That's not quite right. What it will do is create a parameter for
every element in the list and map it to the database type you supply.
Even with character data, no single quotes are used when
If you are using multiple instance, ensure that the new serial has been
entered for all of them-- i.e. not just the base instance.
~Brad
Original Message
Subject: CFCHART Developer Edition Watermark
From: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Tue,
On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote:
The only thing I've noticed in using that is that you can guess the next
number.
If you have a URL string of id set to 7, I've always tried manually
typing in 6 and seeing what happens. Sometimes, 5. :)
That's what permission
Hello everyone, this is my first post here on the Cf-Talk mailing list. Hoping
you guys can help me work through a problem I'm having.
Basically I have a page that contains a cfwindow. On a certain event, I show
the cfwindow, and navigate it to a url. On the code that's now inside of the
Are you looking for an actual credit-check service with an API? or are
you looking for the bank that would actually back the credit line?
That's a very good question. I'm not sure my client really knows which one is
needed and I have absolutely no knowledge of how this process works ... so
And you can guess my login for Gmail from my email address. But in
order to access it, you have to know my credentials. Hopefully you do
similar checks in your applications?
On Tue, Oct 28, 2008 at 12:13 PM, Phillip M. Vector
[EMAIL PROTECTED] wrote:
The only thing I've noticed in using that
Oh.. I have that as well. But take for example the UserID that I store
as a cookie to someone else based on the UserID field.
It's easy to change a cookie to a 1 and hope to get admin access.
It's harder to figure out someone elses ID. :)
and yeah, I can set it to the IP and so on, but
*nods* I do. But the extra layer of UUID is better then using auto increase.
Barney Boisvert wrote:
And you can guess my login for Gmail from my email address. But in
order to access it, you have to know my credentials. Hopefully you do
similar checks in your applications?
On Tue, Oct 28,
I've had the same issue. All I can offer is not to use prototype on the
page your cfgrid is in.
Charles Lewis wrote:
Hello everyone, this is my first post here on the Cf-Talk mailing list.
Hoping you guys can help me work through a problem I'm having.
Basically I have a page that contains
Why not just have them provide a credit card that you can keep on file. It
is already a line of credit :)
Rob
On Tue, Oct 28, 2008 at 3:26 PM, ColdFusion Developer [EMAIL PROTECTED]wrote:
Are you looking for an actual credit-check service with an API? or are
you looking for the bank that
Hey all,
In my form some values may be left empty. For example a form field named q1.
It's fine if it's empty because the user can go back and fill it in later if
they wish.
How do I get passed the q1 is not defined in Form CF error? All I want to
do is enter an empty value. How can I
Sounds like you are looking for a bank then.
ColdFusion Developer wrote:
Are you looking for an actual credit-check service with an API? or are
you looking for the bank that would actually back the credit line?
That's a very good question. I'm not sure my client really knows which one is
On Tue, Oct 28, 2008 at 12:26 PM, ColdFusion Developer
[EMAIL PROTECTED] wrote:
Are you looking for an actual credit-check service with an API? or are
you looking for the bank that would actually back the credit line?
That's a very good question. I'm not sure my client really knows which one
*nods* I do. But the extra layer of UUID is better then using auto increase.
Personally I strongly disagree with that but hey ho, each to their own
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release
Storing a credit card online is a very, VERY bad idea.
If you go that route (Which WOULD be simplier), you may want to check
out a separate company to handle the transactions. I know Shift4
(www.Shift4.com) is very good security wise (not good to work for, but
good in what they do).
But
@Jim,
If you use CF to generate a UUID, then you do *not* need to hit the DB to
verify uniqueness. Each call to createUUID() will create a unique value,
within all limits of reasonableness. So, yes, autoIncrement works as well, but
to answer your original question, createUUID() is a clean
I am pulling an RSS feed to my page using this code:
td valign=top
cfhttp url=http://www4.esu.edu/news.xml; method=get
cfset objRSS = xmlParse(cfhttp.filecontent)
cfset Item_Length = arraylen(objRSS.rss.channel.item)
cfloop index=i from=1 to=#Item_Length# step=1
p class=newsspan
WHAT You store a userId in a cookie and trust it Are you
mad??? Numbers are as inherently secure as UUIDs - they're both
simply identifiers. Authentication and authorization are where
security happens. If an application is susceptible to spin attacks
like that, I suppose that a UUID
Yeah, I don't think that logically follows at all. An id is not a
credential, it shouldn't matter if the id is easy to guess or not. The
id is the representation of the item in question. Knowing what/who the
item is shouldn't allow you to become that item.
I have no problems with using uuid's as
wrap it in a cfif so..
cfif isundefined(form.q1)
cfset form.q1 =
/cfif
Rob
On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders [EMAIL PROTECTED] wrote:
Hey all,
In my form some values may be left empty. For example a form field named
q1.
It's fine if it's empty because the user
On Tue, Oct 28, 2008 at 12:37 PM, Jason Fisher [EMAIL PROTECTED] wrote:
@Jim,
If you use CF to generate a UUID, then you do *not* need to hit the DB to
verify uniqueness. Each call to createUUID() will create a unique value,
within all limits of reasonableness. So, yes, autoIncrement
-Original Message-
From: Judah McAuley [EMAIL PROTECTED]
Sent: Tuesday, October 28, 2008 2:45 PM
To: cf-talk cf-talk@houseoffusion.com
Subject: Re: Random record identifiers in MySQL 5.0
~|
Adobe® ColdFusion® 8 software
Is that the only way?
It's a questionnaire form with 50 questions! You mean I have to do a cfif
for every question and assign it a blank value if there's no value!?
-Original Message-
From: Rob Parkhill [mailto:[EMAIL PROTECTED]
Sent: October-28-08 4:42 PM
To: cf-talk
Subject: Re:
I wonder if I used the Ext Prototype Adapter if that would do anything?
Thoughts on that?
On Tue, Oct 28, 2008 at 2:32 PM, Phillip M. Vector
[EMAIL PROTECTED] wrote:
I've had the same issue. All I can offer is not to use prototype on the
page your cfgrid is in.
Charles Lewis wrote:
Hello
Perhaps you weren't reading it clearly. Allow me to explain.
I give the UserID (in UUID form and encrypted) out when someone hits my
site.
When a user has it, I load up that profile and they log in to the site.
If a user doesn't have it, they need to log in with a username and password.
I
Well, I guess that my suggestion should have been more full bodied to say
that using a Credit Card as your line of credit would simplify the process,
and there are lots of different ways to basically build that e-commerce-ness
of a site without storing the data within your own site.
I guess what
Aha, so the client is offering direct credit: we'll let you buy up to $500 on
our site and bill you later for it or something along those lines? If that's
the case, then they don't need a bank, but they'll need some pretty robust
business rules:
a) how do you verify that the person is 'good'
The other option is to use yes and no radio buttons instead of checkboxes,
where the radio buttons default to no. That way, the field always exists,
but you still get the difference between 1 and 0. Checkbox that is unchecked
really doesn't exist in the POST, so the CFIF solution is pretty
What if I copied your cookie to my machine? I go to your site, it
checks to see if I have a cookie, I do, so it grabs the encrypted UUID
value in that cookie, checks it against your db, matches your record,
then logs me in as you.
I don't have to know the value of the UUID. It doesn't matter that
Or use radio buttons, so that your values always exist in the post method of
the form.
Rob
On Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders [EMAIL PROTECTED] wrote:
Is that the only way?
It's a questionnaire form with 50 questions! You mean I have to do a cfif
for every question and assign it a
If you managed to copy a cookie to your machine, then either 1 of 2
things happened.
1) I gave you permission to do so and therefore, I understand the
concept that I'm giving you my ID on the site basically.
2) You took it without me knowing. This would involve you accessing my
computer in
cfhttp is not neccessary here if you are using CF7 or above. Either...
cfset objRss = xmlParse(http://www4.esu.edu/news.xml;) /
...or..
cffeed action=read source=http://www4.esu.edu/news.xml; query=qry_feed /
CFFEED is CF8+ only:
A spin attack is when you manipulate some form of captured user input.
It's usually a number, so the name comes from spinning a numeric
dial. Any user input, which includes cookies, has to be validated.
If you just trust the cookie, anyone who steals the cookie can
impersonate the user. Even
I hear you, and already did that for checkboxes. But, I have text fields and
radio buttons in my form!
-Original Message-
From: Jason Fisher [mailto:[EMAIL PROTECTED]
Sent: October-28-08 4:47 PM
To: cf-talk
Subject: Re: Adding Updating empty values
The other option is to use yes and
Nope - just a single instance!
-reed
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
Wow!
All wonderful information, guys, and many different points that I'm sure my
client has not considered.
I really, really appreciate this.
I guess I'm going to have to go back to this client and hash out the exact
requirements before I can give the price estimate for this portion.
But you
The client's exact words were: I want visitors to fill out a form and
submit it and get approved for a line of credit they can use to pay for
services on my site.
The first way I read that line, is this is a company that already deals
with credit lines. If so, my first question would be How
Write a code generator for it.
fill out the form, and loop over the #Form.FIELDNAMES#
Like so
pre
cfoutput
cfloop list=#form.FIELDNAMES# index=GO
lt;cfif isundefined(form.#GO#)
lt;cfset form.q#GO# =
lt;/cfif
/cfloop
/cfoutput
/pre
On Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders [EMAIL
Well, then isDefined(form.q1) or structKeyExists(form, q1) should both be
true, whether or not q1 is blank. If you're getting the not defined error for
a text input, then something else is going on ... is there a redirect or a
layer of translation between the post and the processing or some
So how do you suggest I validate the cookie without requiring User input
(invalidating the purpose of the cookie in the first place)?
Barney Boisvert wrote:
A spin attack is when you manipulate some form of captured user input.
It's usually a number, so the name comes from spinning a numeric
Use cfparam for all of your form fields, that way they exist for
certain, and param them to an empty string (or 0 in the case of
numbers). Actually, I tend to param them all to an empty string and
then your sql query param fields will turn the empty string into an
int/numeric for you (you are
text fields are defined even if they are empty. the value is simply an
empty string.
On Tue, Oct 28, 2008 at 12:58 PM, Rick Sanders [EMAIL PROTECTED] wrote:
I hear you, and already did that for checkboxes. But, I have text fields
and
radio buttons in my form!
-Original Message-
create your cookie like this:
#userId#:#expirationDate#:#hash(userId expirationDate yourSecretKey)#
Then you can ensure the cookie came from you and that it hasn't been
manipulated, because only you can properly create the hash (because
only you know the secret key).
cheers,
barneyb
On Tue,
then it looks as though there are a lot of CFIFs in your future. of course,
if you are returning results in the format shown ie q1, q2, q3, you could
throw it all into a loop and use an Evaluate statement to build the q#
portion
Rob
On Tue, Oct 28, 2008 at 3:58 PM, Rick Sanders [EMAIL
Yup, you're right.
It's the radio buttons that are giving me the hassle!
-Original Message-
From: Charlie Griefer [mailto:[EMAIL PROTECTED]
Sent: October-28-08 5:14 PM
To: cf-talk
Subject: Re: Adding Updating empty values
text fields are defined even if they are empty. the value is
When you say You know the secret key, are you referring to the site or
the user?
Either way, how would this stop someone from copying the key and using
it on another computer?
Let's say the phrase SecretKey was the secret key.. So my cookie would
look like this..
The simplest mechanism is to only allow a cookie to be used once, and
then reset it each request. You get the cookie, ensure it's valid,
ensure the id hasn't been used before, create a new cookie, set it,
and then process the request. If the cookie isn't valid or the id has
been used, you clear
I would add the following:
Barney's solution is good but doesn't change the fact that you are
authenticating based on a piece of information that someone else can
grab (a cookie). I understand that one of your requirements is that
people not have to use a username and password to log in every
Well, I set the cookie every page load, but you are saying..
If the cookie doesn't match up with what the last Counter I used (I.e.
if the cookie shows a counterID of 5 and it should be a 6), then
redirect to the login. Right?
If that's correct, once they stop using the page, what's to prevent
When you say You know the secret key, are you referring to the site or
the user?
Sorry, I wasn't very clear. The site knows the key, so only the site
can validate the contents of cookies.
Either way, how would this stop someone from copying the key and using
it on another computer?
Yes,
The first way I read that line, is this is a company that already deals
If they do not do this, then much work and risk is ahead for you and them.
;P Thanks, Ian.
Unfortunately, it's the latter.
~|
Adobe® ColdFusion® 8
Judah McAuley wrote:
Barney's solution is good but doesn't change the fact that you are
authenticating based on a piece of information that someone else can
grab (a cookie). I understand that one of your requirements is that
people not have to use a username and password to log in every time.
How do I get passed the q1 is not defined in Form CF error? All I want
to
do is enter an empty value. How can I allow it to do that for insert
and updates?
Actually, you'd never want to have to deal with not defined errors in your
core code. That's what cfparam is for, all form fields should
I agree, but I still have to enter all the form field names in the cfparam
anyways so I'm not really gaining anything.
-Original Message-
From: Ben Forta [mailto:[EMAIL PROTECTED]
Sent: October-28-08 5:32 PM
To: cf-talk
Subject: RE: Adding Updating empty values
How do I get passed the
I've never really used the admin api until today. I'm having a problem catching
a bad login. I tried wrapping the instantiation/login in a try catch, but it
seems to be ignoring the catch. Is there any easy way to catch a bad admin api
login? I'm not seeing anything in the docs or examples I've
well, cfparam name=foo default= /
is shorter than:
cfif structkeyExists(form, 'foo')
do stuff
/cfif
especially over 50 iterations :)
On Tue, Oct 28, 2008 at 1:36 PM, Rick Sanders [EMAIL PROTECTED] wrote:
I agree, but I still have to enter all the form field names in the
cfparam
anyways
On Tue, Oct 28, 2008 at 1:36 PM, Rick Sanders [EMAIL PROTECTED] wrote:
I agree, but I still have to enter all the form field names in the cfparam
anyways so I'm not really gaining anything.
Coding templates are your friend.
But regardless, I offered a suggestion to solve this earlier in a
Try this
cfset variables.thepassword = 'your password'
cfset variables.isLoggedin =
createObject(component,cfide.adminapi.administrator).login(adminPassword=variables.thepassword)
cfdump var=#variables.isLoggedin#
The result is True or False
Wil Genovese
On Tue, Oct 28, 2008 at 3:36 PM, Dana
I've never really used the admin api until today. I'm having a problem
catching a bad login. I tried wrapping the instantiation/login in a
try catch, but it seems to be ignoring the catch. Is there any easy
way to catch a bad admin api login? I'm not seeing anything in the
docs or
here is a good method to add defaults for a form to the page you are posting to.
cfif isdefined('form.any_form_field')
cfloop index=i list=#form.fieldnames#
cfparam name=form.#i# default=
/cfloop
/cfif
NOTE: remember to remove the (name=submit) from your submit button.
This way it will not be
So are the docs wrong? Because that's not what happens.
If your cfgrid is marked as selectMode='edit', and your cfgridcolumn has
a type='boolean' (and the cell is editable, which should be the
default), then the docs say:
boolean: column displays as check box; if cell is editable, user can
Be sure that one of the radio options is checked by default.
input type=radio name=q1 value=0 checked=checked /No
input type=radio name=q1 value=1 /Yes
That way you should never get an empty radio, but the user still has to choose
yes where appropriate.
Yup, you're right.
It's the radio
Rick,
It may be time to make yourself acquainted with the wonderful world of code
generators. Here is a partial list of the various offerings. I make heavy
use of cfcgenerator and cfcblaster. I rarely create CRUD's by hand.
http://code.google.com/p/cfcgenerator/
I forgot squidhead
http://squidhead.riaforge.org/
On Tue, Oct 28, 2008 at 5:27 PM, Gerald Guido [EMAIL PROTECTED]wrote:
Rick,
It may be time to make yourself acquainted with the wonderful world of code
generators. Here is a partial list of the various offerings. I make heavy
use of
Thanks fellas. That was pretty silly. I didn't think hard enough about it I
guess haha.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
Ah! Thank you! I've been looking for resources like this! Excellent! Thank
you!
-Original Message-
From: Gerald Guido [mailto:[EMAIL PROTECTED]
Sent: October-28-08 6:27 PM
To: cf-talk
Subject: Re: Adding Updating empty values
Rick,
It may be time to make yourself acquainted with the
you can do a JDBC connect then use the drivers from your Oracle client
Here are a couple of blog posts to get your started
http://www.talkingtree.com/blog/index.cfm/2005/11/14/Oracle10gJDBCHowTo
The ironic drawback is that the Oracle drivers don't support stored
procedures which the DD drivers do. And we need that. The current
delivered drivers support just 10g.
On Tue, Oct 28, 2008 at 18:29, AJ Mercer [EMAIL PROTECTED] wrote:
you can do a JDBC connect then use the drivers from your
91 matches
Mail list logo
