Trouble getting UDF to work

Report · Sep 17, 2009

I am trying to validate a form to find HTML after it is submitted (yes, I plan to code before submission as well, but I need to get this to work first). My UDF looks like this:

<cfargument name="Qfield" type="string" required="yes">

<cfset Var dirtyParam = Arguments.Qfield>
<cfset Var QbadChar = 0>

<cfif REFind("<",dirtyParam) NEQ 0><cfset QbadChar = 1></cfif>
    <cfif REFind(">",dirtyParam) NEQ 0><cfset QbadChar = 1></cfif>
    <cfif REFind("//",dirtyParam) NEQ 0><cfset QbadChar = 1></cfif>
    <cfif REFind("c:",dirtyParam) NEQ 0><cfset QbadChar = 1></cfif>

<cfif QbadChar NEQ 0>
        <cfscript>
            WriteOutput('
                <script language="JavaScript">
                
                </script>
            ');
            WriteOutput('
                <script language="JavaScript">
                
                </script>
            ');
        </cfscript>
    </cfif>
    <cfreturn QbadChar>
</cffunction>

It is saved in a separate template and included in the applicable template at the beginning with:

I am testing it on a field called "Lessor" by calling the UDF in the same template with:

Unfortunately, it doesn't work because when I use HTML in the "Lessor" field, it goes ahead and saves it. Any ideas what I'm missing?

Report · Sep 17, 2009

The first weirdness I see is that you set your output to "no" which means that all output in the function will not be sent to response buffer.

Then you try to output javascirpt content that must be sent to the response buffer so that it will run on the client.

So I would guess that this will never happen.

Secondly you do not show it in the the code you provided, but It looks like you expect this javascript to stop the processing of the cfml. This will not happen. All the CFML will be processed bofore anything is sent back to the browser. So, the page continues to process and puts the data into a database. That is going to happen, whether or not that JavaScript is sent to the browser to do something.

What you need to do is test the string.

IF the string passess

process the data into the database, provide appropiate feedback to the user.

ELSE the string fails

don't process the data into the database, provide appropiate feedback to the user.

Report · Sep 17, 2009

Okay, I changed my UDF to:

<cfargument name="Qfield" type="string" required="yes">

<cfset Var QbadChar = 0>

<cfif REFind("<",Qfield) NEQ 0><cfset QbadChar = 1></cfif>
<cfif REFind(">",Qfield) NEQ 0><cfset QbadChar = 1></cfif>
<cfif REFind("//",Qfield) NEQ 0><cfset QbadChar = 1></cfif>
<cfif REFind("c:",Qfield) NEQ 0><cfset QbadChar = 1></cfif>

<cfreturn QbadChar>
</cffunction>

Then I assigned the result to a variable (in the processing template) like this:

And finally used the result to stop the form processing (right below the above code in the processing template) with:

<cfif passFail NEQ 0>
<cfscript>
   WriteOutput('
    <script language="JavaScript">
    
    </script>
   ');
   WriteOutput('
    <script language="JavaScript">
    
    </script>
   ');
</cfscript>
</cfif>

But not I get the error: "Variable PASSFAIL is undefined"

Report · Sep 17, 2009

<cfset passFail = #checkChars("Form.Lessor")#>

This line does not need the pound|hash characters and it can not have the quotes. I.E. it should look like this:

<cfset passFail = checkChars(Form.Lessor)>

But I don't see how this would cause the failure you say you got. It would caused to you always test the literal string "Form.Lessor" and not the value of the Form.Lessor variable, so that it will have always passed, but I would have expected it to return a value.

Can you provide the entire file? is it large? I think the code you posted should have returned a vaule.

Report · Sep 17, 2009

I corrected as you said, still get undefined error. See attached.

Report · Sep 17, 2009

For some reason, it won't let me attach the file. Here's the whole code for the template:

<cflock scope="Session" type="ReadOnly" timeout="30" throwontimeout="no">
<cfset MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",DE(""))>
<cfset MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Session.MM_UserAuthorization",DE(""))>
</cflock>
<cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("DebtUser,DebtAdmin,SystemAdmin",MM_UserAuthorization) EQ 0>
<cfset MM_referer=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
    <cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
</cfif>
<cfset MM_failureURL="noAccess.cfm?accessdenied=" & URLEncodedFormat(MM_referer)>
<cflocation url="#MM_failureURL#" addtoken="no">
</cfif>
<cfset CurrentPage=GetFileFromPath(GetBaseTemplatePath())>
<cfinclude template="Libraries/formValidation.cfm">
<cfif isdefined ("FORM.Lessor")><cfset passFail = checkChars(Form.Lessor)></cfif>
<cfif passFail NEQ 0>
<cfscript>
   WriteOutput('
    <script language="JavaScript">
    
    </script>
   ');
   WriteOutput('
    <script language="JavaScript">
    
    </script>
   ');
</cfscript>
</cfif>
<cfif IsDefined ("FORM.Lessor_ID") AND FORM.Lessor_ID NEQ "">
<cfstoredproc procedure="spLGD_Upd_DATALessors_EditLessor" datasource="LocalDebt">
<cfprocparam cfsqltype="cf_sql_integer" value="#FORM.Lessor_ID#" null="#NOT len(trim(Form.Lessor_ID))#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Lessor#" null="#NOT len(trim(Form.Lessor))#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Address1#" null="#NOT len(trim(Form.Address1))#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Address2#" null="#NOT len(trim(Form.Address2))#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.City#" null="#NOT len(trim(Form.City))#">
<cfprocparam cfsqltype="cf_sql_char" value="#FORM.State#" null="#NOT len(trim(Form.State))#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Zip#" null="#NOT len(trim(Form.Zip))#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Phone#" null="#NOT len(trim(Form.Phone))#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.eMail#" null="#NOT len(trim(Form.eMail))#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Fax#" null="#NOT len(trim(Form.Fax))#">
<cfprocparam cfsqltype="cf_sql_text" value="#FORM.Comments#" null="#NOT len(trim(Form.Comments))#">
<cfprocparam cfsqltype="cf_sql_timestamp" value="#FORM.Last_Update#">
<cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Updated_By#">
    </cfstoredproc>
    <cflocation url="leaseCodes.cfm" addtoken="NO">
<cfelseif IsDefined ("Form.Lessors") AND Form.Lessors NEQ "">
    <cfstoredproc procedure="spLGD_Sel_DATALessors_RSbyLessorID" datasource="LocalDebt">
<cfprocparam cfsqltype="cf_sql_integer" value="#Form.Lessors#">
     <cfprocresult name="rs_Lessors">
</cfstoredproc>
<cfelse>
<cflocation url="leaseCodes.cfm">
</cfif>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<LINK REL="SHORTCUT ICON" HREF="WebK.ico">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>DLGDB: Edit Lessor</title>
<link href="styles/basic.css" rel="stylesheet" type="text/css" media="screen"/>

<body>
<div id="wrapper">
    <div id="header"><img src="images/header_blue.png" alt="Header blue" width="738"/>
        </div>
    <div id="titlebar"><img src="images/dlgBranding.jpg" alt="DLG Header Image" width="738"/>
        </div>
    <div id="maincontent">
       <div id="nav">
      <ul id="navbar" class="MenuBarHorizontal">
        <li><a href="#" class="MenuBarItemSubmenu">Home</a>
     <ul>
          <li><a href="http://dlg.ky.gov">DLG Home</a></li>
          <li><a href="index.cfm">DLGDB Home</a></li>
     </ul></li>
     <li><a href="#" class="MenuBarItemSubmenu">Entities</a>
       <ul>
         <li><a href="citySearch.cfm">Cities</a></li>
                  <li><a href="countySearch.cfm">Counties</a></li>
                  <li><a href="specDistSearch.cfm">Special Dist.</a></li>
                  <li><a href="agencySearch.cfm">Agencies</a></li>
    </ul>
              </li>
     <li><a href="#" class="MenuBarItemSubmenu">Debt</a>
       <ul>
         <li><a href="bondSearch.cfm">Bond Maint.</a></li>
                  <li><a href="bondCodes.cfm">Bond Codes</a></li>
                  <li><a href="leaseSearch.cfm">Lease Maint.</a></li>
                  <li><a href="leaseCodes.cfm">Lease Codes</a></li>
    </ul>
              </li>
              <li><a href="#" class="MenuBarItemSubmenu">Financials</a>
    <ul>
                   <li><a href="#">Cities</a></li>
                   <li><a href="countyFinancialUpload.cfm">Counties</a></li>
     <li><a href="specDistFinancials.cfm">Special Dist.</a></li>
    </ul>
              </li>
   <li><a href="#">Training</a></li>
   </ul>
    </div>
      <p> </p>
      <h1>Edit Lessors </h1>
      <p> </p>
       <p>Please make any changes to the Lessor and click "SUBMIT".</p>
       <form id="frmEditLessor" name="frmEditLessor" method="post" action="">
           <table width="100%" border="0" cellpadding="3" cellspacing="0" id="tblLessors">
                <tr>
                  <td width="12%"class="tdLabel"><div align="left">Lessor</div></td>
                  <td colspan="3"><div align="left">
                    <input name="Lessor" type="text" class="tdTextExtraLong" id="Lessor" value="<cfoutput>#rs_Lessors.Lessor#</cfoutput>" tabindex="1" />
                  </div></td>
                <td></td>
                <td></td>
                </tr>
                <tr>
                  <td width="12%"class="tdLabel"><div align="left">Address1</div></td>
                  <td width="30%"><div align="left">
                    <input name="Address1" type="text" class="tdTextLong" id="Address1" value="<cfoutput>#rs_Lessors.Address1#</cfoutput>" tabindex="2"/>
                  </div>                  </td>
                  <td width="12%" class="tdLabel"><div align="left">Phone</div></td>
                  <td width="45%"><div align="left">
                    <input name="Phone" type="text" class="tdTextShort" id="Phone" value="<cfoutput>#rs_Lessors.Phone#</cfoutput>" tabindex="7"/>
                  </div></td>
                </tr>
                <tr>
                  <td class="tdLabel"><div align="left">Address2</div></td>
                  <td><div align="left">
                    <input name="Address2" type="text" class="tdTextLong" id="Address2" value="<cfoutput>#rs_Lessors.Address2#</cfoutput>" tabindex="3"/>
                  </div></td>
                  <td class="tdLabel"><div align="left">eMail</div></td>
                  <td><div align="left">
                    <input name="email" type="text" class="tdTextLong" id="email" value="<cfoutput>#rs_Lessors.email#</cfoutput>" tabindex="8"/>
                  </div></td>
                </tr>
                <tr>
                  <td class="tdLabel"><div align="left">City</div></td>
                  <td><div align="left">
                    <input name="City" type="text" class="tdTextShort" id="City" value="<cfoutput>#rs_Lessors.City#</cfoutput>" tabindex="4"/>
                  </div></td>
                  <td class="tdLabel"><div align="left">Fax</div></td>
                  <td><div align="left">
                    <input name="Fax" type="text" class="tdTextShort" id="Fax" value="<cfoutput>#rs_Lessors.Fax#</cfoutput>" tabindex="9"/>
                  </div></td>
                </tr>
                <tr>
                  <td class="tdLabel"><div align="left">State/Zip</div></td>
                  <td><div align="left">
                    <input name="State" type="text" class="tdTextExtraShort" id="State" value="<cfoutput>#rs_Lessors.State#</cfoutput>" tabindex="5"/>
                    <input name="Zip" type="text" class="tdTextExtraShort" id="Zip" value="<cfoutput>#rs_Lessors.Zip#</cfoutput>" tabindex="6"/>
                  </div></td>
                  <td class="tdLabel"><div align="left">Comments</div></td>
                  <td><div align="left">
                    <input name="Comments" type="text" class="tdTextLong" id="Comments" value="<cfoutput>#rs_Lessors.Comments#</cfoutput>" tabindex="10"/>
                  </div></td>
                </tr>
                <tr>
                  <td class="tdLabel"> </td>
                  <td> </td>
                  <td><input name="Lessor_ID" type="hidden" id="Lessor_ID" value="<cfoutput>#rs_Lessors.Lessor_ID#</cfoutput>" />
                    <input name="Last_Update" type="hidden" id="Last_Update" value="<cfoutput>#DateFormat(Now(),'mm/dd/yyyy')#</cfoutput>" />
                  <input name="Updated_By" type="hidden" id="Updated_By" value="<cfoutput>#cgi.remote_addr#</cfoutput>" /></td>
                  <td><div align="center">
                    <input type="submit" name="button" id="button" value="SUBMIT" />
                  </div></td>
                </tr>
              </table>
       </form>
       <p> </p>
   </div>
   <div id="footer" style="background: url(images/footer_blue.png)" width="738">
     <div id="siteMap"><a href="http://kentucky.gov/policy/privacy.htm">Privacy</a> | <a href="http://kentucky.gov/policy/security.htm">Security</a> | <a href="http://kentucky.gov/policy/accessibility.htm">Accessibility</a> | <a href="contact.cfm">Contact Us</a> | <a href="logout.cfm">Logout</a>
        </div>
     <div id="copyRight">Copyright © 2008-<cfoutput>#year(now())#</cfoutput> Todd Kirby
        </div>
</div>
</div>
<script type="text/javascript">

</script>
</body>
</html>

Report · Sep 17, 2009

See the entire file helps.

I now see you are doing your processing at the head of your display page. That means that the first time the page is shown, the form has not been processed. So the <cfif isdefined ("FORM.Lessor")><cfset passFail = checkChars(Form.Lessor)></cfif> line will be false and passFail will not be set. Then the very next line looks for passFail.

EITHER

Wrap the entire <cfif passFail NEQ 0> block inside of the <cfif isdefined...></cfif> block so that it only gets run when the form is submitted.

OR

Create a default value of PassFail equal to 0 to be used when the page is first displayed and the form has not yet been submitted.

Report · Sep 17, 2009

I set the entire "passfail NEQ" block inside the "isdefined" block:

<cfinclude template="Libraries/formValidation.cfm">
<cfif isdefined ("FORM.Lessor")>
<cfset passFail = checkChars(Form.Lessor)>
<cfif passFail NEQ 0>
<cfscript>
   WriteOutput('
    <script language="JavaScript">
    
    </script>
   ');
   WriteOutput('
    <script language="JavaScript">
    
    </script>
   ');
</cfscript>
</cfif>
</cfif>

So now the page runs, but it still lets me save HTML characters in the field "Lessors"

Report · Sep 17, 2009

The <cfstoredProc...> tag is what puts the information into the database.

What is the relationship of the <cfstoredProc...> tag to the <cfiif passFail NEQ 0> block? How would this relationship determine when the strored procedure is run and when it is not run.

Remember what I said in my first post. A JavaScript history.back() function is not going to have any affect on the server where the CFML is running. All the CFML that is to be run will be ran before any HTML or JavaScript is sent to the client where they will run.

Report · Sep 18, 2009

Thanks Ian, once I restructured the "if...else" statements it worked. I'm still having trouble with the Javascript not running, but at least it will save good entries and not save bad entries. I may try passing an error variable in coldfusion and forget about the Javascript.

Adobe Community

Trouble getting UDF to work

1 Correct answer