Copy link to clipboard
Copied
After doing some research and working on CF 2016 there is one problem that I found. My Insert/Update queries converts ; to ; when I try to save this character in database table. Then if I pull data from the table to display on the screen this is how data looks: Test;
before I saved data looked like this: Test;
. I'm wondering if there is a way to fix this when outputting data or prevent CF to convert this character? If anyone have experienced the same issue please let me know. Thanks
Copy link to clipboard
Copied
Assuming the data is coming from a form submission, are you doing anything to sanitize the data (any EncodeForXXX () ) or XXXEncode() calls)?
What database are you using? Are you using <cfqueryparam> around your values in your insert/update statements?
Copy link to clipboard
Copied
I do not use any special encode functions. Microsoft SQL 2008 database we use. I have cfqueryparam around all fields. This specific field is textarea. Here is example of my update statement:
UPDATE Diagnostics
SET
hs_test = <cfqueryparam value="#FORM.frmhs_test#" cfsqltype="cf_sql_varchar" maxlength="1000" null="#yesNoFormat(!len(FORM.frmhs_test))#" />
WHERE hs_id = <cfqueryparam value="#FORM.frmhs_id#" cfsqltype="cf_sql_integer" />
Copy link to clipboard
Copied
I suspect that CF might be receiving the data from the browser in a slightly different way. This still might be a CF issue, depending on how you're collecting that data, but what you're seeing are Unicode numeric character references:https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
Numeric character reference - Wikipedia https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
In other words, the way you represent a semicolon in XML is to replace it with "&#" plus the numeric reference plus ";". So, I'm guessing that you might be receiving data from the browser as XML maybe?
Dave Watts, CTO, Fig Leaf Software
Copy link to clipboard
Copied
I use JQuery on the front end to collect and send the data. Here is code example:
var formData = $('#'+frmID).serialize();
$.ajax({
type: 'POST',
encoding:"UTF-8",
url: 'Components/App.cfc?method='+frmID,
data: formData,
dataType: 'json'
}).done(function(obj){
//response
}
}).fail(function(jqXHR, textStatus, errorThrown){
alert("Error: "+errorThrown);
});
I have checked console.log(formData) and ; is presented as %3B that is UTF-8 translation for this character. After that I just sent the ; without serialize and still gets converted in cffunction to ;. My cffunction has return-format set to JSON but I do not think that is the problem. I'm very confused and not sure at what point this symbol is converted.
Copy link to clipboard
Copied
Here is working example that I created and converts semi column to $#59 after form is passed to ColdFusion function:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=10; IE=11" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Test Page</title>
<script type="text/javascript" src="JQuery/jquery-3.2.1.min.js"></script>
<script type="text/javascript" src="JQuery/jquery-ui.js"></script>
</head>
<body>
<div id="myContainer">
<form name="myForm" id="myForm" method="POST" action="#" class="frmSubmitData">
<fieldset>
<legend>Test Form</legend>
<div>
<span style="display: inline-block; vertical-align:top; font-weight:bold;">Name:</span>
<input type="text" name="my_name" id="my_name" value="" maxlength="50" required />
</div>
<div>
<span style="display: inline-block; vertical-align:top; font-weight:bold;">Comments:</span>
<textarea name="my_comments" id="my_comments" row="2" cols="55" required></textarea>
</div>
<div>
<input type="submit" name="frmSubmit" id="frmSubmit" value="Submit" />
</div>
</fieldset>
</form>
</div>
<script>
$('.frmSubmitData').on('submit', function(e){
e.preventDefault();
var formData = $('#myForm').serialize();
console.log(formData);
$.ajax({
type: 'POST',
encoding:"UTF-8",
url: 'Components/myTest.cfc?method=testForm',
data: formData,
dataType: 'json'
}).done(function(obj){
if(obj.STATUS === 200){
console.log(obj.FORMDATA);
}else{
alert('Error');
}
}).fail(function(jqXHR, textStatus, errorThrown){
alert("Error: "+errorThrown);
});
});
</script>
</body>
</html>
Coldfusion file:
<cfcomponent>
<cfsetting enablecfoutputonly="yes" showdebugoutput="no" requesttimeout="3600">
<cffunction name="testForm" access="remote" output="true" returnformat="JSON">
<cfmail to="mdraca@gwaea.org" from="mdraca@gwaea.org" subject="Test Form Scope" type="text">
<cfloop collection="#form#" item="theField">
<cfoutput>#theField# = #form[theField]#<br></cfoutput>
</cfloop>
</cfmail>
<cfset fnResults = StructNew()>
<cfset fnResults.message = "Record successfully saved.">
<cfset fnResults.status = "200">
<cfset fnResults.formdata = #FORM#>
<cfreturn fnResults>
</cffunction>
</cfcomponent>
Copy link to clipboard
Copied
What you get can be problematic. In ColdFusion, "Test;" may give you an error because of the unescaped #.
Use cfqueryparam to insert (form) data to the database.