>>Heh. If it's a drop down, I wouldn't bother with a regex:
I wouldn't even bother with any verification at all.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad
>>what makes Dr and Prof special, compared to the hundreds of other
similar ones?
According to the typographic code, there are rules about abreviations.
For common words as Doctor, Mister, etc, there are may ways to abreviate
them, but
only one complies with rules and is considered as correct.
>>Looks to me as though it is blocking SQL injection attacks
It doesn't block anything, it SENDS SQL injection attacks!
MY application blocked it. ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic rel
>>Not as I know, anyway, one cannot rely on user agents which can be faked
so easily.
Just to illustrate this, as I was writing my last message, I just
received a notice from my server
reporting a new bad bot detected.
its user agent is "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
FunWeb
>>is there a good bot/bad bot list?
Not as I know, anyway, one cannot rely on user agents which can be faked
so easily.
Personally, I let just a few known bots in, based on the IP address, the
only parameter that
cannot be faked.
For every other request, I have some tools that analyze automati
>>My only thought on that is to detect the fact that they are a spider
(not sure how to do that though) and not implement security in that case.
Oups, not a good idea. There are mainly two sorts of spiders: good bots
(ie:google)
and bad bots (ie: those looking for mail addresses to spam)
In nei
>>Here's my question.do you store 12" in the database, or 12"
Does it matter?
Use '12"' what's the problem?
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad
>>Yes, I know scoping my variables is a
good thing now and I will from now on when needed. But honestly, it so
rarely comes up as an issue
Right. A good practice to avoid trouble if you don't scope is at least
to use different
names for variables in different scopes, especially with queries.
The
>>Replace(FAQ.Question, '$$UserCount$$', usercount, "ALL")
It may also be an question of upper/lower case.
Are you sure you always have "UserCount" ?
If not, use replaceNoCase() instead.
>>just doesn't show any usercount.
Does it show any '$$UserCount$$' then ?
~~~
>>So why isn't this working then?
>>
>>
You're not using # signs correctly :
# sign should be used only inside http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313740
Subscription: http://www.houseoffusio
>>When processing this form I need to check for the existence of any of the
check boxes.
Yeah, this is really a design problem in HTML, the name of an unchecked
checkbox is not passed
by the browser in the HTTP protocol.
IMHO some default value would pretty useful, ie:
Personnaly, I've develop
>>I wish there was some way to counter attack!!! H
Well, based on the fact that attacks come from infected PC which even
ignore they were infected,
it would be pretty useless to counter-attack the IP address from which
the attack came.
BUT, all theses attacks tend to inject spammy links to
>>I've tried several methods to get this code into an array with
the filename as the first array element and the description as the
second array element
May be you don't need to go that far in creating an array.
Just create a single array the way you did it, with both the file name
and the descr
>>But It looks something strange to me
Then you must be a sane and well-balanced person ;-)
>> and I quit.
Believe me, that was your best decision ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic rele
>>Or a browser that adheres to the standard?
C'mon, we are in a developer forum here, any developer should be concern
by the way their application behaves on the client side, and like it or not,
about 80% of client use Explorer.
~~~
>>I really really wish that someone would come up with a standard that
will work in every browser.
In my experience:
1. option tag cannot include any HTML child;
2. option style only support color, no background, no bold, italic or so.
>>Looked at a few examples online, none of which were very impresive.
Need something direct and simple... any ideas?
It would certainly help to understand what you are looking for if you
could give us the addresses for these examples.
~~~
>>Are nested loops allowed in fusebox 5?
I'm not sure I understand your question:
Fusebox is not a language, just a framework, and as such has no mean to
allow
loops or not.
Fusebox relies on the ColdFusion language, and yes, CF allows nested loops.
~
>>Here's the problem -
One of the reasons I stopped using CFFORM more than10 years ago
and developed my own tags and JS validation... ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get
>>lcase(form.First_Name)
First of all, you could avoid calling the lcase function 6 times on the
same expression:
store lcase(form.First_Name) once for all in one variable, and use this
variable in your tests.
But this is just a general consideration.
What you need here is some regExp, ie
>>I thought maybe the Yes/No column was throwing it
This is also my guess.
Yes may be recognized by Access when the query is submitted directly,
but it is not standard SQL and the JDBC driver will interpret it as a
column name.
Try INT_PARTRETURNED = 1 instead (don't include "instead" in the que
>>Also, the [] is an invalid constrict in coldfusion.
well, if appconfig.code_name is an empty string, then
[appconfig.code_name] will be equivalent to [], which "is an invalid
constrict in coldfusion".
If I were you, I'll really make sure appconfig.code_name is not an empty
string ;-)
Just tr
>>The variable application. ends with a "." character.
This looks to me like appconfig.code_name is an empty string.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http:
>>Yes, I did that when you recommended it. It just didn't show
the syntax for using the commands.
Ok, like in most DOS programs, if you type ?command,
you get details about a command, ie: ?extract or ?password
~|
Adobe® ColdFus
>>Finally found an old online pkzip 2.5 manual.
Good.
Note that you can also:
- open Windows Explorer,
- find your PKZIP25.exe file,
- double clic on it to execute,
This open a console window, enter ?
and you have a list of all commands and options.
~~
OK, I looked in the documentation, and can confirm the syntax for the
password option:
-password=bsz3xuYD
See the = sign in the command.
If there is a space after "password", the the program will read the
password from the console.
~~~
>>Extracting files from .ZIP:
This means PKZIP started correctly and found the zip file, but the
extraction is not over,
probably because the console program is waiting for the password to be
entered.
It looks like the password parameter is used to zip a file, but not for
unzipping.
You may h
>>Ideas?
First, I would check if the file
e:\inetpub\webroot\real_estate_data\smlc\daily_downloads\zip_files\extract_log.txt
has been created and, if yes, if it contains any message errors.
Also make sure you have no line breaks inside the arguments parameter string
For other parameters in PKZI
>>I need to convert those values to days and add them up.
Ok, but to add them up to WHICH date ?
Or do you consider every month to be 30 days and every year to be 365
days in general?
If yes, then just use dateAdd ("d", form.years*365 + form.months*30 +
form.days, dateToBeAdded)
~~~
>>I should have clarified that I am not passing a date such as
mm/dd/. The year dropdown contains the values 1-5 that the user can
select, the month is 1-11, and the days are 1-30. What I am trying to do
is for example, when if a user selects 2 years 2 months 2 days then I
need to convert
>>you only need wipe that directory clean and
everything will start being regenerated.
Very brilliant indeed.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.do
>>Any oppinion is appreciated.
Well, IMO, the big idea of thumbnails is to show many images roughly and
in the same page,
so that the user can choose only the one in want in large format.
Having to read and downsize 10 or 20 or more images is not really
compatible with this purpose.
The images
>>Would you mind sharing an example of how you use CFExecute
and the bat file to process a certain list of files?
I just reopen the file were I use it, and I see that I don't use the bat
file anymore, this was in version 1.0.
Now I pass the parameter directly through CFEXECUTE:
This example d
>>is there a way to use the password with cfzip action="unzip" ?
Personally, I create and CFEXECUTE a bat file which runs a 10 years old
version of PKZIP.
It supports compression/decompresssion and passwords and still works
pretty well.
~~~
>>Is there some way I can use cfhttp to access the files listed
on the web page and download them?
No, in order to use CFFTP, you need some FTP account on the aimed server.
>>I click on the link and it takes me to a page in the browser that
lists the files I need.
Ok, then you do have the name
>>using
so regExp.
I mean *some* regExp.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.hou
>>The question would really just apply to files.
Well, it DOES depend on how you want and can finally get the file.
Is the file on YOUR server, or somewhere else.
Is the file accessible through HTTP, FTP ?
If the file is not on your server, surely you cannot use CFdirectory.
If you only have HTT
>>How can I use wildcard characters in a file path?
In a file path for what ?
If it is for an HTTP request, the answer is no.
If it is for CFFILE, it is still no.
Using wild cards could mean that several files could be returned, and
both HTTP and CFFILE can deal with only one file at a time.
How
>>Because browsers weren't designed to allow you to do that.
Again, this is not a reason they could not be upgraded to do it.
Browsers were not designed to support tables and CSS either, now they do.
~|
Adobe® ColdFusion® 8 sof
>>I'll bet if I asked all of my
clients to zip up a folder of folders, only 10% would know
how to do it without in-depth instruction.
Then you have a problem.
All depends on the kind of application you have and the kind of clients
who are using it.
~
>>If they're still clicking and selecting then it isn't more risk per
se, but
creates issues in usability for the user. If they're not careful they could
theoretically upload their entire My Documents folder without realizing it
when they intended to send one file.
Right, but the browser could
>>Because that isn't what HTTP was ever designed to do. They made a whole
protocol just to handle this: FTP.
I think this kind of argument is completely obsolete now.
Both HTTP and FTP were designed to allow exchanges between computers
made by computer scientists.
Now, at least for HTTP, their r
>>Sometimes clients want to load 20 photos or more of a property
and they complain about having to select each photo individually.
Exact, one should be able to upload "every thing like *.jpg in a
directory, or select several files in it.
I've implemented another solution were clients can send a
>>and all they would need
to do was submit the form.
Not even, this could be done in an onload event ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doublec
>>Is there some way to pre-fill a filefield value?
Forget it.
Imagine it was possible, then a page could get directly some very
sensitive files
like your system files, or address book...
~|
Adobe® ColdFusion® 8 software 8 is th
>>how does the
CFC measure the height and width of text
without resorting to an image
Any decent text/Image processing library will provide some function to
calculate
the physical length of a string given a specific font and size.
And I'm pretty sure Ray's CFC is using a decent library.
~~~
>>Does FoxPro have case-sensitive column names?
It could be an issue with table names, since tables are actually files,
but not for columns.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
>>Does anyone else know of any other ways?
Plenty of them, but no one is better ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;20374891
>>they are back.
Yeah, here too.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
~
>>Not as far as technique, but it was much larger in scale than most of us
have experience before.
By the way, are you still getting hits from this attack?
I don't see any anymore.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/cust
>>Going through 136+ posts seems a bit too much, many thanks.
Arn't you affraid to get even more if you start another thread again? ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to t
>>I hate to drag this out further
Me too...
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
~~
>>Tables were intended to display tabular data.
Correct, then if you want a list to be displayed as a tabular data, use
a TABLE.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this ad
>>then HTML tables are best
used for database type information.
No doubt about that.
But the question here is "should I use a table to output a list
if I want it to look like a table", my answer is definitely YES.
The only purpose on HTML is to define the layout of a page.
If your layout requires
>>So even if I'm only saving a few characters, it's better than using a
TABLE.
Provided you know how to do it.
If you have to ask other people, then you are creating your own problem,
just for saving a few characters...
>>Besides...TABLEs are for tabular data. Sure you CAN put other stuff into
>>this isn't really tabular data. It's simply a list of links.
This distinction is completely academic and irrelevant.
The purpose of a table in HTML has never be to display data exclusively,
but anything.
HTML is a formating language, not a database facility.
When you display things so they look
>>So it's a little lighter, codewise, plus ULs and LIs are MEANT to display
lists of things while tables are not.
Frankly, I don't see your point.
ULs and LIs are meant to display lists, right, but what you want to do
is not a list,
it is a TABLE, so why not use a table ?
--
__
>>ULs and LIs are better for search engine optimization.
???
>>Plus they're better semantic code.
???
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
>>I'm looking to output a series of ULs and LIs in a 3 column fashion
Why ULs? Isn't this more a table case?
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECT
>>I want to loop through a directory in my codebase and return a list
of href tags
This could be easily handled by CF_Reextract.
You can get all your hrefs in a query using simple regExps.
See http://www.contentbox.com/claude/customtags/REextract/testREextract.cfm
--
__
>> I have a very simple batch file
Don't forget that the default directory used by the bat file is not the
one the bat file resides,
but the on from which it is run. In this occurrence, it is the CF directory.
Then you may have to set the working directory from inside the bat file
itself.
--
>>I have a client whos old site (in ASP) is converting over to our CF
storefront. We have the old ID values for their products and have
stored them alongside the new ID values for the new store.
If you are not running other ASP applications on this server, you could
also set IIS to send ASP re
>>Then 20-30 minutes later he would show up again with a different IP.
How do you know it was the same guy ?
May be it was the same bot doing the same thing, but these bots are just
like viruses,
they spread anywhere.
--
___
REUSE CODE! Use custom tags;
See
>>very few bots accept cookies. I've never actually seen one that does,
but I have read it is possible to write one that will.
If you use CF to write the bot, for instance ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/cus
>>100 IPs is hardly any RAM. I'd use 10k entries, just as a starting
number and
scale down if it really becomes an issue.
Another approach would be to store also the date the IP was entered in
the list,
and remove it after a certain number of days.
--
___
R
>>I'm a little bermused as to why you'd create such a response guys.
Just to make sure I give a chance to a legitimate user, in case my
robot detection was a bit too strong.
For instance, I also have a test based on the number of HTTP request per
second
in order to discriminate robots from human
>>"Your system appears to be infect with a bot and it is
currently banned from access this site..."
The cherry on the sundae ;-)
In this page, I even have a form so the user can give his address and
claim his innocence ;-)
--
___
REUSE CODE! Use custom tags;
>>I was hoping to find an elegant solution that stored the Ips in the
application scope for the length of the session timeout and then gracefully
removed the banned Ips once the session timed out.
How about doing this:
- Create a server scope array or list (if you have several sites), or
just in
>>I'd like to know how I can stop the requests from ever hitting the
web-server.
If you detect the attack at the first request, and block the IP, the bot
will
not even get the first page, will not see all links in it, and will not
search your entire server.
--
>>Claude, could you possibly share your code that stores the bad IP
addresses
for a period of time to prevent these useless http requests? Thanks, CV.
Well, I'd be happy to, but it is a rather complete and complicated system.
It works for all sites/domains on the CF server, uses a database, and
>>Tuesday night received about 20 thousands instances (not an
exaggeration). Slowing down now for us, but, heh, it's early.
This is were banning IPs at the first attempt will reduce this pollution.
If the attack is detected at the first attempt, and the address banned,
the statistics will show on
>>blocking specific IP addresses won't
get you very far here, because it's a random.
blocking IP addresses won't prevent injection in your database if it is
not protected,
but if an attack is detected the very first attempt, it will save
thousands of useless HTTP
requests on your sites, because
>>Various people have been warning in the last few weeks that this sort of
scatter gun approach that started with ASP-based sites is now migrating to
ColdFusion powered ones.
And it is growing up.
Yesterday, my bad bot closed the door to about 50 attacks, and this
morning I have 60 reported.
Usu
>>I am afraid your right we might have to do a re-install.
If restarting CF fails, and BEFORE reinstalling CF, one could try to
restart the server.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send
>>Serve the docs using cfcontent and secure the folder from direct
access using your webserver.
and if you can't create a secure folder, rename your files to .cfm,
store them in a special folder, add some Application.cfm that will
prevent direct access, and restore the original file name whe
>>switch () in java allows constants to be used in case. I wish cf did too.
CF does allow constants in case. Do you actually mean "java allows
VARIABLES in case"?
If yes, then no, like CF, Java allows only constantExpressions in case.
--
___
REUSE CODE! Use
>>I feel it is ridiculous.. What is the reasoning behind this if it si
true?
The reasoning is that is allows for a more efficient alternative to the
general case
if(expression1 == value1 ) ... elseif(expression2 == value2) ...
elseif(expression3 == value3) ...construct,
in the particular case
>>I changed
>>document.getElementById("character").innerHTML=xmlHttp.responseText;
>>to..
>>document.getElementById("character").value=xmlHttp.responseText;
This will not show anything, since the element "character" is a div, it
has no value.
Only input element have values.
So all what t
>>almost anyone who can use the computer can add 3+5
Some people can even do it without using a computer ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECT
>>I hear constantly how Microsoft is evil
the best answer I got in this category is about Thunderbird's buggy message
pane not able to add a scroll bar:
"message pane is total mess of a code nobody want to touch."
Apparently Open source nerds have redesigned the way panels are handled,
cause Wind
>>that's a little bit of irony there
I do not see anything but truth ;-)
And there is no irony here ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
>>Simple hack might be to have a 'hidden field' on your form that
concats the 4 fields into 1 field with a specified delimeter. This way
you are passing one var with all 4 lines. When it returns from the
paypal side, you can 'parse' the data into four lines again using the
specified delimete
Just put this style in the first or for your new page:
STYLE="page-break-before: always;"
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
>>Anyone have any experience with Google Checkout or any other
companies that
I should look into?
Yes, good question.
I have the feeling that if a significant number of developers here are
complaining about Paypal,
it may be just because Paypal having been around for such a long time,
there a
>>Did you just say you should NEVER do something?
With a wink, yes I did ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
~
>>If you run this piece of code the first value will be 6.2, second
will be a
NO and then toString will result in 6.199.
This is neither a CF bug, neither a Java behavior.
This is a normal behavior in digital computers and the way real numbers
are stored.
If #c# seems to be output c
>>I have to hand it to Claude - he definitely has confidence
Well, unless ODBC and JDBC have some function to enable/disable multi
statements,
It would certainly be much trouble to implement this in CF.
I've checked rapidly in the ODBC docs, and I don't see any reference to
multi statement.
An
>>That is more a function of the db.
Exact, and I don't see how CF could prevent from multiple execution.
It should compile the SQL code for that, and it does not.
Unless ODBC/JDBC drivers have a function to disable it.
--
___
REUSE CODE! Use custom tags;
See
>> how about changing cfquery so that by default, only ONE sql
>>statment can be sent. Let us override that with a parameter in
>>cfquery or a cfprocessing driective type of thing in our
application.cfm..
Pretty good idea.
>>I doubt many people use multiple sql statements in one cfquery,
>>it's safe to say that avoiding "*" is a good idea,
Now that's the kind of statement I prefer: "a good idea",
better than *always* or *never* :-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send an
>>If you don't really care
I don't really care measuring the difference it makes, because it must
certainly be marginal,
and it is not because I don't care the difference it can made that I cannot
make a comment about it.
--
___
REUSE CODE! Use custom tags;
S
>>When your database executes a SQL statement, it generates an
execution plan
that best fits that statement and it caches that plan in memory for later
use.
Ok, this is another example where CFQP is useful, as the doc says.
But if the query is not likely to be executed often, which is the case
>>Not if you use MySQL. That DBMS allows for an alternative way to escape
those with a backslash.
Ok, then lets say that CFQP should alway be used with MySQl...
>>.. and you haven't turned off MySQL's default ways of escaping those
ticks
... IF you have not turn off MySQL's default ways of e
>>Closing the apostrophe is exactly how SQL injection occurs with text
field
Ok, you got it!
BUT CFQUERY will escape that apostophe anyway, so that the SQL injection
will
just be part of the string stored in the field either you use CFQP or not.
--
___
REUS
>>Jeez, and value="URL.TryToHackThis" should be value="#URL.TryToHackThis#"
so you see that CFQP is not that easy to use ;-))
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this a
>>ANY string passed into cfqueryparam cannot be executed as SQL:
Is it really possible to get an SQL statement executed from a string for
a text field
without closing the string first with an apostrophe?
--
___
REUSE CODE! Use custom tags;
See http://www.con
>>So you know that it *always* prevents SQL injection in a standard
query (select, update or delete).
Really? Can you give an example of injection that will be prevented?
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tags
>>I'm not saying Captcha is bad, but I hate running into it on a site
myself,
Same with me.
I've always wonder if some bot really ever used some character
recognition system
so that it is necessary to distort text so badly.
Another thing that bugs me about captcha is that in case you entered
>>It shouldn't make a difference if the SELECT * is in a cfquery
I see.
A very particular situation though. It will not prevent me from using
SELECT * when
I need all fields. This is more efficient than list all of them.
On the opposite, using SELECT * just to get a record count is the worse
ca
>>In our case, what
happened was that we dropped a column that hadn't been in use for awhile,
and everything broke because of the SELECT * and cfqueryparam.
It may be a silly question, but why a SELECT * will brake because an
unused column
was dropped?
--
__
201 - 300 of 2718 matches
Mail list logo
