Hi folks,
I have a situation at work where the following is occurring. We are in a Linux
based (websphere) environment running CF 8. When we try to launch the Server
Monitor, the initial screen says âColdFusion is not currently runningâ, but
it is. The context is reported as âiwsâ,
How do you send in a parenthesis () value to Verity without it throwing up?
I've tried URLEncodedFormat() and URLDecode(), neither seems to work well. An
example of a search value would be plan(b).
~|
Adobe® ColdFusion® 8
I have been searching for some explanation of
the different Types used in CFQueryParam.
understand that SCALE= is used to validate the position of decimal,
but still confused by ... FLOAT, DECIMAL, MONEY, MONEY4.
I am using CFquery INSERT
do I need to use CFQueryParam for
Hi Bob,
Check here for a list of the available options and their corresponding data
types for some major SQL providers (for some reason MySQL isn't there):
http://www.cfquickdocs.com/cf8/#cfqueryparam.
As for your question, generally using cfqueryparam is recommended for any
value that could be
I have been searching for some explanation of
the different Types used in CFQueryParam.
understand that SCALE= is used to validate the position of decimal,
but still confused by ... FLOAT, DECIMAL, MONEY, MONEY4.
These correspond with specific database field types. You'd need to
know
Bob
I have a function that sniffs out the CF data type based on the SQL
datatype. I am not sure if it is 100% as I have not tested it extensively.
But this should handle most of the MSSQL and MYSQL datatypes.
HTH
G!
http://coz.pastebin.com/f588cde23
On Thu, Apr 16, 2009 at 10:49 AM, BobSharp
This is the link to the function code in case it was not apparent from my
post... I really need to slow down. ;o)
http://coz.pastebin.com/f588cde23
G!
--
Gerald Guido
http://www.myinternetisbroken.com
http://www.cfsimple.org/
To invent, you need a good imagination and a pile of junk.
--
I've always been curious as to how cfqueryparam works. Does anyone know if
it just performs some scanning and filtering on the actual values of the
parameters passed to it or whether it somehow signals to the RDBMS that the
values are parameters to the query thereby treating an SQLI attack as an
I've always been curious as to how cfqueryparam works. Does anyone know if
it just performs some scanning and filtering on the actual values of the
parameters passed to it or whether it somehow signals to the RDBMS that the
values are parameters to the query thereby treating an SQLI attack as
Hi
is there a way to password protect a file that we zip up using cfzip
i have searched the internet and found lots of things to do with reading a zip
file that has a password on it, but nothing to do with actually setting the
password when we zip it up
thanks
I have a very strange issue and need someone to tell me im not crazy. I an
querying a database, saving the content , and writing it to an xml file. The
formatting is all perfect to the format we had testing the xml file. By the
way, flash is reading the XML. The strange part, the
Hi
i saw someone discussing the need for file permissions on files that write to
the file system, but do not understand this subject well enough to know what to
do
we have a lot of files in one of our applications that write xml and MS Excel
spreadsheets and know that we need to set file
Hi,
Sample code before I say anything about the issue..
cfform
Name:cfinput type=textname=lookup
autosuggest=cfc:cfcName.getEMPID({cfautosuggestvalue}) br /
Department:
cfselect name=userID id=userID bind=cfc:cfcName.getName({lookup})
display=userID
value=userID
bindOnLoad=false /
hi
we are trying to place 2 applications on one vps for the first time and would
like some guidance on whether there is anything we need to think about in terms
of conflicts etc...
basically i am confused as to how this works with 2 application.cfc's
each one of the applications should be
Dave Watts wrote:
it somehow signals to the RDBMS that the
values are parameters to the query thereby treating an SQLI attack as an
escaped string or something?
It builds a prepared statement. It doesn't scan or filter anything.
Thus the database knows the data is data and not
This might be a line-delimiter problem. I believe windows uses both the
return and newline characters:
\r\n
Linux based machines, on the other hand, I think only use one of the
them...\n maybe? Not sure.
--
Ben Nadel
Adobe Community Expert
Adobe Certified Advanced ColdFusion Developer
Manager
each one of the applications should be totally seperate but how does
coldfusion know
which application.cfc to use and how come they dont conflict with each other?
When you run a CF file, CF looks within the directory of that file for
Application.cfc or Application.cfm. If it doesn't find
Try wrapping the content in a cfprocessingdirective
suppresswhitespace=true
Rob
On Thu, Apr 16, 2009 at 12:56 PM, Ben Nadel b...@bennadel.com wrote:
This might be a line-delimiter problem. I believe windows uses both the
return and newline characters:
\r\n
Linux based machines, on the
is there a way to password protect a file that we zip up using cfzip
i have searched the internet and found lots of things to do with reading a
zip file that has a
password on it, but nothing to do with actually setting the password when we
zip it up
I don't think CFZIP supports that.
Richard White wrote:
basically i am confused as to how this works with 2 application.cfc's
each one of the applications should be totally seperate but how does
coldfusion know which application.cfc to use and how come they dont conflict
with each other?
As the documentation discuss in
i saw someone discussing the need for file permissions on files that write to
the file
system, but do not understand this subject well enough to know what to do
we have a lot of files in one of our applications that write xml and MS Excel
spreadsheets
and know that we need to set file
Am I correct in assuming ( after just having skimmed the topic with Google )
that to do that within CFML I'd have to drop into Java and use the MySQL
Java API to achieve that?
On Thu, Apr 16, 2009 at 10:36 AM, Dave Watts dwa...@figleaf.com wrote:
I've always been curious as to how
we have 2 different directories for both applications however will the
application scope conflict?
we use modelglue and coldspring which loads items into the application scope,
but we are noticing these are conflicting... it seems as though when we go to
one application it is overwriting the
thanks dave, it was actually based on your comments in another post that got me
thinking about this
it was in a post to do with hacking and you said that the person should look
through the site and set permissions on any file that writes to the file system.
i also want to make sure that if
Actually, it looks like as long as I managed my prepared statement naming
manually across the entire MySQL server I'd be ok to just run multiple
queries in a row ( because CF8 with MySQL breaks for me if I try more than
one statement separated by semicolons ).
So it'd play out like this, for
ok thanks will look into it
is there a way to password protect a file that we zip up using
cfzip
i have searched the internet and found lots of things to do with
reading a zip file that has a
password on it, but nothing to do with actually setting the password
when we zip it up
not if you name each application with a unique name.
We run thousands of applications on a single server, each with a
unique name, and there are no problems.
Wil Genovese
One man with courage makes a majority.
-Andrew Jackson
A fine is a tax for doing wrong. A tax is a fine for doing well.
Richard White wrote:
we have 2 different directories for both applications however will the
application scope conflict?
Ahh different issue.
ColdFusion distinguishes different applications by the application name
string. Any template, in any directory running under any application
cfc or
we have 2 different directories for both applications however will the
application scope
conflict?
Not if your applications, and the components they use, are within two
completely separate directories.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides
Update: You can actually enable multiple statements in a single query in
ColdFusion by appending allowMultiQueries=true to your datasource connection
string!
2009/4/16 David McGuigan davidmcgui...@gmail.com
Actually, it looks like as long as I managed my prepared statement naming
manually
cfzip doesn't support passwords because the underlying Java support
doesn't (at least it didn't at the time of going to press), so as Dave
says you'll need to look at using it in combination with cfexecute
Andy
2009/4/16 Richard White rich...@j7is.co.uk:
ok thanks will look into it
is
Dave,
If the application name is the same in both directories they will share
the same application scope.
-mark
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com]
And for all those reading this and using MSSQL, an inline statement would look
like this:
cfquery ...
declare @p1 nvarchar(50)
set @p1 = '#userSuppliedValue#'
select *
from tableName
where column = @p1
/cfquery
So, basically cfqueryparam is creating the Declare and Set for you.
thanks for your comments it is now seperating the 2 but the names were
different the only thing we changed was:
cfcomponent
cfset application.name = Project1/
to
cfcomponent
cfset this.name = Project1/
why would changing it from 'application' to 'this' rectify this conflict
thanks
If the application name is the same in both directories they will share
the same application scope.
Yeah, I would have thought that went without saying, but I guess not.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber
Actually, I believe cfqueryparam uses bindings, which effectively passes
parameters to the SQL engine. In your example, you are still open to SQL
injection attacks.
However, if you need to use your value several times, you can use declare /
set to define a variable in SQL, rather than using
thanks for your comments it is now seperating the 2 but the names were
different the only
thing we changed was:
cfcomponent
cfset application.name = Project1/
to
cfcomponent
cfset this.name = Project1/
why would changing it from 'application' to 'this' rectify this conflict
Within
Richard White wrote:
why would changing it from 'application' to 'this' rectify this conflict
thanks
Because it does! :-) I don't know why this is but this.name and the
equivalent cfapplication name= don't set a variable names
application.name they set a variable named
thanks for all your comments, i also read that in the documentation but it
didn't even register that this.name and application.name wouldn't be
equivalent... but it does make sense
thanks again for the help
thanks for your comments it is now seperating the 2 but the names
were different
What will happen here is that your cfc function will return the
recordset as you expect. However, the javascript that processes this
resultset for the dropdown performs its own filter - stripping out
results that don't begin with what is in the input and so the results
never show.
The widget
Ah, yes, Francois, you are correct. I forgot to mention that in addition
to creating the @var parameters (which you can see in the CF debug output),
the CFQUERYPARAM also ensures that you don't get '; BAD SQL INJECTION'
stuff getting through into your SET @p1 = '#myUserVar#' expression.
:::It builds a prepared statement. It doesn't scan or filter anything.
You could build a prepared statement yourself.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Are you sure? When I pass a string into a cfqueryparam of type cf_sql_integer
I get the error: Invalid data etc for
Just a little thing to add here is that I believe you should
parametize all values in your query, whether user generated or
constant values or whatever. This is not for security but performance.
So:
SELECT fu
FROM bar
WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# /
AND live =
Yes he is sure. And he is correct. With a prepared statement, an array
of values is sent to the db along with a query string that looks like
SELECT * FROM fu WHERE bar = ?. In preparing the statement, each
value has to be added to the array using a type specific method (in
java). Therefore CF is
Dominic, you are right that there are exceptions from a performance
perspective ... can't remember who blogged about that in detail? See Simon
Horwith's for one example:
http://www.horwith.com/index.cfm/2009/4/5/some-cf-best-practices-that-break
But you are right about the Query Plan
Roger that re execution plans Jason, that makes perfect sense.
Dominc
2009/4/16 Jason Fisher ja...@wanax.com:
LECT fu
FROM bar
WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# /
AND live = cfqueryparam cf_sql_type=cf_sql_bit value=1 /
Well from what I read today it seems like the performance is improved for
reused prepared statements, which may not be how cfqueryparam is
implemented.
Prepared statements are stored and reused by name, passing in the values for
the parameters.
So if cfqueryparam is using prepared statements
Everything but your guess is correct ;)
Dominic
2009/4/16 David McGuigan davidmcgui...@gmail.com:
Well from what I read today it seems like the performance is improved for
reused prepared statements, which may not be how cfqueryparam is
implemented.
Prepared statements are stored and
Both very good solutions, but neither is working. I tried doing a replace()
while processing, but there is nother there to replace. I tried \r\n, \r.
Didnt get an error, but got the same outcome. I also tried supressing white
space, with processing directive, same outcome. The generated
Thanks for the suggestion. I tried it, but got the same outcome.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Great idea, but could not get a replace() to work. There is nother there to
replace?
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
Any takers? I'm looking to get a RegEx to find the image URL from some HTML.
Basically, find the image url from any variation of the img tag,
regardless of what attributes are included besides the src= attribute.
Variations of the code I'm dealing with might be:
img
For those interested I have compiled all I know about this attack into a
blog post:
http://www.coldfusionmuse.com/index.cfm/2009/4/16/iframe.insertion.hack
Again, we have not specifically identified the attack but we have lots of
information and a stop gap measure :)
-Mark
Mark A. Kruger,
Are you sure? When I pass a string into a cfqueryparam of type cf_sql_integer
I get the error: Invalid data etc for CFSQLTYPE CF_SQL_INTEGER.
Which leads me to believe it is being scanned/validated before being sent to
MySQL, and also makes me wonder whether cfqueryparam even uses prepared
So if cfqueryparam is using prepared statements (which my guess would be
that it's not), cfqueryparamming all of your variable values would improve
performance because the statement itself isn't being re-sent to the RDMS on
each subsequent query, only the values. But if it's not, it could
Here you go:
http://barneyb.com/r/image_src.cfm
I'm even wearing my i know regular expressions shirt today. ;)
cheers,
barneyb
On Thu, Apr 16, 2009 at 12:29 PM, Che Vilnonis ch...@asitv.com wrote:
Any takers? I'm looking to get a RegEx to find the image URL from some HTML.
Basically, find
I can't speak for MySQL, but in MSSQL, every query (not just prepared
statements) is processed into a Query Plan before processing. The server then
caches as many of these QPs as possible, so that repeated calls to the same
'query definition' do not have the overhead of having to re-generate
THANK YOU
~Che
-Original Message-
From: Barney Boisvert [mailto:bboisv...@gmail.com]
Sent: Thursday, April 16, 2009 3:40 PM
To: cf-talk
Subject: Re: Regex 2 Get Image URL...
Here you go:
http://barneyb.com/r/image_src.cfm
I'm even wearing my i know regular expressions shirt
I have a calendar that works properly for what it was designed for. What
I would like to do is have each date linked to the appropriate date on
our master events calendar.
This is the portion of the code that displays the current date and is
linked to the week's events on the master
Ah, thanks guys! What I didn't realize is that you can use unnamed /
unstored prepared statements through the driver. That makes so much more
sense now. So ColdFusion uses dynamically prepared statements which are
implemented in the JDBC driver, which is a totally different ballgame from
using
Hey Thanks Mark, I learnt a bit more about it from reading your article and
found more info on it last night when (as you stated) 9:00 rolled around...
I have been running a process monitor program that tracks file changes to
see what process/program is actually changing the files, and it was
Not sure what you're looking for Steve ... just the syntax for adding your
'dayview' value to the URL string? Also, as a side note, you can get rid of
most of those # signs ... The following will add your computed date to the URL
string in a 'safe' format, passing it as a variable called
Nevermind, you can totally hack cfquery! Woot. Thanks for all the help.
On Thu, Apr 16, 2009 at 1:59 PM, David McGuigan davidmcgui...@gmail.comwrote:
Ah, thanks guys! What I didn't realize is that you can use unnamed /
unstored prepared statements through the driver. That makes so much more
If so, does that mean my only option is writing a custom tag to simulate
cfquery and having it handle all of that stuff the same way cfquery does? (
Retrieve the datasource info from the adminapi, create and manage the
connection, call all of these execution methods and then translate their
Sounds interesting :). Give all the googlers a bone and drop us a link
or an explanation...
2009/4/16 David McGuigan davidmcgui...@gmail.com:
Nevermind, you can totally hack cfquery! Woot. Thanks for all the help.
~|
Adobe®
Aweome Nate... I'm going to add this as an adendum to my post...
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: ALL [mailto:thegreat...@gmail.com]
Sent: Thursday, April 16, 2009 3:06 PM
To: cf-talk
For some time, I have created PDF documents using the cfdocument tag,
building the content with information pulled from a database, then saved as
a PDF via cfdocument. No problems.
However, a client and I decided we wanted to have a little more control over
the format of the document, so we
For some time, I have created PDF documents using the cfdocument tag,
building the content with information pulled from a database, then saved as
a PDF via cfdocument. No problems.
However, a client and I decided we wanted to have a little more control over
the format of the document, so we
I think you escape in Verity with \.
It is in the docs though. I'm certain of that.
On Thu, Apr 16, 2009 at 10:26 AM, Joe None drue...@comcast.net wrote:
How do you send in a parenthesis () value to Verity without it throwing up?
I've tried URLEncodedFormat() and URLDecode(), neither seems
Anyone remember this article?
http://coldfusion.sys-con.com/node/45569
Lets you drop down into Java and pull out the field types that your db
reports back to the JDBC driver.
Its neat on the surface, but too expensive on resources to use on the
fly. Plus you have to put the for-real username
So my real issue was that I wanted to super dynamically assemble the SQL and
then either execute it or do a variety of other things with it ( which I
won't go into ).
If you try to use cfqueryparam outside of a containing cfquery, ColdFusion
breaks.
So,
cfsavecontent
...cfqueryparam...
However, a client and I decided we wanted to have a little more control over
the format of the document, so we created a PDF form in Acrobat Pro. I'm
using cfpdfform and cfpdfformparams to dynamically populate the form fields
from the database. The resulting filled-in form is then saved with
A few ideas:
1. Set the ftp security to only allow
connections from specific IP addresses. If the
user has a dynamic ip, then use his entire
range.. better than letting the entire world in
2. Your blog shows why I said to Michael to
reformat the drive and reinstall everything when
he was
should i understand the cfcontent tag?
Yes. CFCONTENT lets you use CF to serve non-CF files. If you put files
in the web server's directories, and serve them directly, you can't
easily control access to those files from within your CF application.
Dave Watts, CTO, Fig Leaf Software
74 matches
Mail list logo
