ColdFusion 2016 converts special characters?

Report · Jan 30, 2018

After doing some research and working on CF 2016 there is one problem that I found. My Insert/Update queries converts ; to &#59 when I try to save this character in database table. Then if I pull data from the table to display on the screen this is how data looks: Test; before I saved data looked like this: Test;. I'm wondering if there is a way to fix this when outputting data or prevent CF to convert this character? If anyone have experienced the same issue please let me know. Thanks

Report · Jan 30, 2018

Assuming the data is coming from a form submission, are you doing anything to sanitize the data (any EncodeForXXX () ) or XXXEncode() calls)?

What database are you using? Are you using <cfqueryparam> around your values in your insert/update statements?

Report · Jan 30, 2018

I do not use any special encode functions. Microsoft SQL 2008 database we use. I have cfqueryparam around all fields. This specific field is textarea. Here is example of my update statement:

UPDATE Diagnostics SET hs_test = <cfqueryparam value="#FORM.frmhs_test#" cfsqltype="cf_sql_varchar" maxlength="1000" null="#yesNoFormat(!len(FORM.frmhs_test))#" /> WHERE hs_id = <cfqueryparam value="#FORM.frmhs_id#" cfsqltype="cf_sql_integer" />

Report · Jan 31, 2018

I suspect that CF might be receiving the data from the browser in a slightly different way. This still might be a CF issue, depending on how you're collecting that data, but what you're seeing are Unicode numeric character references:https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references

Numeric character reference - Wikipedia https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references

In other words, the way you represent a semicolon in XML is to replace it with "&#" plus the numeric reference plus ";". So, I'm guessing that you might be receiving data from the browser as XML maybe?

Dave Watts, CTO, Fig Leaf Software

Report · Jan 31, 2018

I use JQuery on the front end to collect and send the data. Here is code example:

var formData = $('#'+frmID).serialize(); $.ajax({ type: 'POST', encoding:"UTF-8", url: 'Components/App.cfc?method='+frmID, data: formData, dataType: 'json' }).done(function(obj){ //response } }).fail(function(jqXHR, textStatus, errorThrown){ alert("Error: "+errorThrown); });

I have checked console.log(formData) and ; is presented as %3B that is UTF-8 translation for this character. After that I just sent the ; without serialize and still gets converted in cffunction to &#59. My cffunction has return-format set to JSON but I do not think that is the problem. I'm very confused and not sure at what point this symbol is converted.

Report · Jan 31, 2018

Here is working example that I created and converts semi column to $#59 after form is passed to ColdFusion function:

<!DOCTYPE html>

<html>

<head>

</head>

<body>

<div>

</div>

<div>

<span style="display: inline-block; vertical-align:top; font-weight:bold;">Comments:</span>

</div>

<div>

</div>

</fieldset>

</form>

</div>

$('.frmSubmitData').on('submit', function(e){

e.preventDefault();

var formData = $('#myForm').serialize();

console.log(formData);

$.ajax({

type: 'POST',

encoding:"UTF-8",

url: 'Components/myTest.cfc?method=testForm',

data: formData,

dataType: 'json'

}).done(function(obj){

if(obj.STATUS === 200){

console.log(obj.FORMDATA);

}else{

alert('Error');

}

}).fail(function(jqXHR, textStatus, errorThrown){

alert("Error: "+errorThrown);

});

</script>

</body>

</html>

Coldfusion file:

<cfoutput>#theField# = #form[theField]#<br></cfoutput>

</cfloop>

</cfmail>

</cffunction>

</cfcomponent>

Report · Feb 05, 2018

What you get can be problematic. In ColdFusion, "Test;" may give you an error because of the unescaped #.

Use cfqueryparam to insert (form) data to the database.

Adobe Community

ColdFusion 2016 converts special characters?