Copy link to clipboard
Copied
I need to be able to accept the number sign # in my form field for address, ie apt #3. When a # is submitted with my form, I get an error. How do I allow the # to be included for this field?
<cfinput style="WIDTH: 247px" size="30" type="text" name="shipaddress" value="" required="yes" message="You must enter your address">
Well...you don't say what you found (it would really help if you didn't assume we had telepathy...), but let's pretend it was urlEncodedFormat() you discovered. Because that'd be the right function to use 😉
So... having discovered that, have you read the docs for it? http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7bdf.html
Have you just googled it to see any other examples in use?
Do you understand how CF functions work / are used (this might seem like a
...Copy link to clipboard
Copied
When a # is submitted with my form, I get an error.
Okay, and what did the error say? When you get an issue like this, try and break it down to the smallest possible case people can test. As it's just a quickie, I knocked up this page:
<!--- test.cfm --->
<cfdump var="#form#">
<cfform>
<cfinput style="WIDTH: 247px" size="30" type="text" name="shipaddress" value="" required="yes" message="You must enter your address">
</cfform>
And when I put in "#3" and submit, it appears in my form scope just fine. I'm using CF9, so unless there are operational differences between my version and yours (which I doubt on something so small) the problem lies elsewhere. The hash symbol can cause issues (as it's a "reserved character" almost) so depending on how you're written your processing code it could cause problems.
Go through your code stripping it out line by line until you find the problem line.
O.
Copy link to clipboard
Copied
When a # is submitted with my form, I get an error.
Okay, and what did the error say?
Just to add my 2p here. Every time one is thinking of making a post here about an error they are getting: give us the error message.
And before posting here: read the posting guidelines:
http://forums.adobe.com/thread/607238
Which are a distillation of this:
http://www.catb.org/~esr/faqs/smart-questions.html
To get back to the main question here though. There is absolutely no special action one needs to take to allow a # sign in a form field value. # signs have a special meaning in CFML source code (so could possibly need escaping in some situations), but not form submissions.
--
Adam
Copy link to clipboard
Copied
There is absolutely no special action one needs to take to allow a # sign in a form field value. # signs have a special meaning in CFML source code (so could possibly need escaping in some situations), but not form submissions.
My thinking is possibly there's an evaluate() being used, in which case it could cause problems and potentially need escaping.
Copy link to clipboard
Copied
My thinking is possibly there's an evaluate() being used, in which case it could cause problems and potentially need escaping.
Guessing is fun, isn't it?
--
Adam
Copy link to clipboard
Copied
I LOVE GUESSING!
Copy link to clipboard
Copied
The form collecting the address is on my shopping cart and is working fine, I ran the test code you provided.
The data from the form is then inserted into a database.
intodb.cfm
INSERT INTO people(firstname,lastname,email,address,city,state,country,zip,phone,shipfirst,shiplast,shipaddress,shipcity,shipstate,shipzip,shipcountry,lastfour,frequency,cases,ccmo,ccyr,cctype,dater,cfid,cftoken)
VALUES('#shipfirst#','#shiplast#','#email_addr#','#shipaddress#','#shipcity#','#shipstate#','#shipcountry#','#shipzip#','#phone#','#shipfirst#','#shiplast#','#shipaddress#','#shipcity#','#shipstate#','#shipzip#','#shipcountry#','#lastfour#','#frequency#','#cases#','#ccmo#','#ccyr#','#cctype#','#DateFormat("#Now()#", "yyyy-mm-dd")# #TimeFormat("#Now()#", "hh:mm:sstt")#','#session.cfid#','#session.cftoken#')
<cflocation url="sale2.cfm?shipmethod=#shipmethod#&shipcost=#shipcost#&shipfirst=#shipfirst#&shiplast=#shiplast#&shipaddress=#shipaddress#&shipcity=#shipcity#&shipstate=#shipstate#&shipzip=#shipzip#&shipcountry=#shipcountry#&country=#shipcountry#&phone=#phone#&email_addr=#email_addr#&ccnum=#ccnum#&ccmo=#ccmo#&ccyr=#ccyr#&cctype=#cctype#&ordertotal=#ordertotal#&disc=#disc#">
Then on sale2.cfm.
<cfsavecontent variable="strXML">
<?xml version="1.0" standalone="yes"?>
<SaleRequest>
<CustomerData>
<Email>#email_addr#</Email>
<BillingAddress>
<Address1>#shipaddress#</Address1>
<FirstName>#shipfirst#</FirstName>
<LastName>#shiplast#</LastName>
<City>#shipcity#</City>
<State>#shipstate#</State>
<Zip>#shipzip#</Zip>
<Country>#shipcountry#</Country>
<Phone>#phone#</Phone>
</BillingAddress>
I receive this error, assuming it is the EMAIL_ADDR variable because it is the first one:
Copy link to clipboard
Copied
Sorry for the bold in the post above, not sure how that happened and it was not intentional.
Copy link to clipboard
Copied
Sorry for the bold in the post above, not sure how that happened and it was not intentional.
You will quickly learn how much this forum's software absolutely bites.
--
Adam
Copy link to clipboard
Copied
OK, so look @ the URL in the address bar when you land on sale2.cfm.
Ask yourself the question:
* what does a # mean in a URL? If you don't know... google.
Second question:
* if a URL parameter value has a character in it that's a "reserved character", how does one "escape" it?
Another observation:
You oughtn't be hard-coding your dynamic values into your SQL string in your DB insert. You should be passing them as parameters. This, however, has nothing to do with your current predicament.
I also kinda wonder why you're doing your form processing in two different requests: one to write to the DB, one to do something with this XML you're creating. Of course there could be a good reason for it...
--
Adam
Copy link to clipboard
Copied
I have been looking into how to "escape" a reserved character for the shipaddress. I now understand how the function works, but not sure how to implement it. Do I add this to my url below or do I need to add the function to the code before it runs the url?
<cflocation url="sale2.cfm?shipmethod=#shipmethod#&shipcost=#shipcost#&shipfirst= #shipfirst#&shiplast=#shiplast#&shipaddress=#shipaddress#&shipcity=#shipcity#&shipstate=#shipstate#&shipzip=#shipzip#&shipcountry=#shipcount ry#&country=#shipcountry#&phone=#phone#&email_addr=#email_addr#&ccnum= #ccnum#&ccmo=#ccmo#&ccyr=#ccyr#&cctype=#cctype#&ordertotal=#ordertotal #&disc=#disc#">
Copy link to clipboard
Copied
Right, well first up why do you need to pass all those through the URL bar? What happens if someone changes it? Why not just pass the id you just inserted, then re-query the other side?
Some browsers have an URL-length limit, so you want to be careful about that.
Copy link to clipboard
Copied
This is an old shopping cart that was created long before me and this is how it was setup. I guess someone could change the URL, but once the order is placed, the user doesn't see these itermediary pages, just goes straight to a thank you page.
Copy link to clipboard
Copied
You should still consider all the suggestions made on this thread. If you are not convinced that you should, see what happens when any of the form fields contain an apostrophe.
Copy link to clipboard
Copied
I definitely will consider them and thank you for your input. I am worried about making too many changes to the cart and being in a worse situation with the cart not working properly than I am now with the #. Just at the moment we need to handle the # issue. The apostrophe goes through without an error.
Copy link to clipboard
Copied
I definitely will consider them and thank you for your input. I am worried about making too many changes to the cart and being in a worse situation with the cart not working properly than I am now with the #. Just at the moment we need to handle the # issue. The apostrophe goes through without an error.
You do have a separate dev / test & production environments, yeah?
--
Adam
Copy link to clipboard
Copied
Yes. I was hoping to fix the # in the shipaddress, then look into these other areas of concern in the future. I don't want to start too many things at once. Could you suggest how I should use the escape function in my code?
Copy link to clipboard
Copied
Well...you don't say what you found (it would really help if you didn't assume we had telepathy...), but let's pretend it was urlEncodedFormat() you discovered. Because that'd be the right function to use 😉
So... having discovered that, have you read the docs for it? http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7bdf.html
Have you just googled it to see any other examples in use?
Do you understand how CF functions work / are used (this might seem like a stupid question, but the wording of your post earlier makes me unsure... but ti could just be the wording... or my reading thereof).
Basically if you have a value in a URL which contains characters that are meaningful to the URL (like &, =, %, #, etc), you need to use urlEncodedFormat to convert the characters into a URL-safe encoded representation of them.
So if you had this value "here's a # sign" that you wanted to put in a URL, you'd need to use urlEncodedFormat() to escape it:
http://yourdomain.com/path/to/file.cm?param=#urlEncodedFormat("here's a # sign")#
Basically anything user-entered needs to be escaped, because you cannot predict what a user will enter...
--
Adam
Copy link to clipboard
Copied
Thank you very much for all of your help. The problem has been resolved and I will be working on the other issues as well.
Copy link to clipboard
Copied
In addition to Adam's comments, this:
#DateFormat("#Now()#", "yyyy-mm-dd")# #TimeFormat("#Now()#", "hh:mm:sstt")#',
is either really bad or simply unnecessary. Date and Time format return strings. If your dater field is text, that's really bad. If the field is a datetime, the formatting is unnecessary. You can simply pass now() to the db, or use the db function that returns the current date and time.
Next, instead of passing all those variables in the url, you can create a session variable of the form. Then you simply refer to the session variables when you create your xml document.
Finally, you will get better performance if you scope your variables. In other words, use #form.shipfirst# instead of #shipfirst#.