9 Replies Latest reply on Sep 18, 2009 6:01 AM by Blue Chrome

    Trouble getting UDF to work

    Blue Chrome Level 1

      I am trying to validate a form to find HTML after it is submitted (yes, I plan to code before submission as well, but I need to get this to work first).  My UDF looks like this:

       

      <cffunction name="checkChars" output="no" returntype="numeric">

       

      <!--- define arguments --->
          <cfargument name="Qfield" type="string" required="yes">

       

      <!--- define variable(s) --->
          <cfset Var dirtyParam = Arguments.Qfield>
          <cfset Var QbadChar = 0>

       

      <!--- check to see if HTML exists in Qfield --->
          <cfif REFind("<",dirtyParam) NEQ 0><cfset QbadChar = 1></cfif>
          <cfif REFind(">",dirtyParam) NEQ 0><cfset QbadChar = 1></cfif>
          <cfif REFind("//",dirtyParam) NEQ 0><cfset QbadChar = 1></cfif>
          <cfif REFind("c:",dirtyParam) NEQ 0><cfset QbadChar = 1></cfif>

       

      <!--- If HTML exists, notify user and return to previous page --->
          <cfif QbadChar NEQ 0>
              <cfscript>
                  WriteOutput('
                      <script language="JavaScript">
                      <!--
                      alert("The data submitted in your form contains unallowable characters, please remove all non-alphanumeric characters.")
                      //-->
                      </script>
                  ');
                  WriteOutput('
                      <script language="JavaScript">
                      <!--
                      history.back()
                      //-->
                      </script>
                  ');
              </cfscript>
          </cfif>
          <cfreturn QbadChar>
      </cffunction>

       

      It is saved in a separate template and included in the applicable template at the beginning with:

       

      <cfinclude template="Libraries/formValidation.cfm">

       

      I am testing it on a field called "Lessor" by calling the UDF in the same template with:

       

      <cfif isdefined ("FORM.Lessor")><cfset #checkChars("Form.Lessor")#></cfif>

       

      Unfortunately, it doesn't work because when I use HTML in the "Lessor" field, it goes ahead and saves it.  Any ideas what I'm missing?

        • 1. Re: Trouble getting UDF to work
          ilssac Level 5

          The first weirdness I see is that you set your output to "no" which means that all output in the function will not be sent to response buffer.

           

          Then you try to output javascirpt content that must be sent to the response buffer so that it will run on the client.

           

          So I would guess that this will never happen.

           

          Secondly you do not show it in the the code you provided, but It looks like you expect this javascript to stop the processing of the cfml.  This will not happen.  All the CFML will be processed bofore anything is sent back to the browser.  So, the page continues to process and puts the data into a database.  That is going to happen, whether or not that JavaScript is sent to the browser to do something.

           

          What you need to do is test the string.

           

          IF the string passess

          process the data into the database, provide appropiate feedback to the user.

           

          ELSE the string fails

          don't process the data into the database, provide appropiate feedback to the user.

          1 person found this helpful
          • 2. Re: Trouble getting UDF to work
            Blue Chrome Level 1

            Okay, I changed my UDF to:

             

            <cffunction name="checkChars" output="yes" returntype="numeric">

            <!--- define arguments --->
            <cfargument name="Qfield" type="string" required="yes">

            <!--- define variable(s) --->
            <cfset Var QbadChar = 0>

            <!--- check to see if HTML exists in Qfield --->
            <cfif REFind("<",Qfield) NEQ 0><cfset QbadChar = 1></cfif>
            <cfif REFind(">",Qfield) NEQ 0><cfset QbadChar = 1></cfif>
            <cfif REFind("//",Qfield) NEQ 0><cfset QbadChar = 1></cfif>
            <cfif REFind("c:",Qfield) NEQ 0><cfset QbadChar = 1></cfif>

            <!--- return 1 if field contains HTML, 0 if clean --->
            <cfreturn QbadChar>
            </cffunction>

             

            Then I assigned the result to a variable (in the processing template) like this:

             

            <cfif isdefined ("FORM.Lessor")><cfset passFail = #checkChars("Form.Lessor")#></cfif>

            And finally used the result to stop the form processing (right below the above code in the processing template) with:

             

            <cfif passFail NEQ 0>
            <cfscript>
               WriteOutput('
                <script language="JavaScript">
                <!--
                alert("Your form contains HTML, please remove unalowable characters and resubmit")
                //-->
                </script>
               ');
               WriteOutput('
                <script language="JavaScript">
                <!--
                history.back()
                //-->
                </script>
               ');
              </cfscript>
            </cfif>

            But not I get the error: "Variable PASSFAIL is undefined"

            • 3. Re: Trouble getting UDF to work
              ilssac Level 5
              <cfset passFail = #checkChars("Form.Lessor")#>

              This line does not need the pound|hash characters and it can not have the quotes.  I.E. it should look like this:

              <cfset passFail = checkChars(Form.Lessor)>

              But I don't see how this would cause the failure you say you got.  It would caused to you always test the literal string "Form.Lessor" and not the value of the Form.Lessor variable, so that it will have always passed, but I would have expected it to return a value.

               

              Can you provide the entire file? is it large?  I think the code you posted should have returned a vaule.

              1 person found this helpful
              • 4. Re: Trouble getting UDF to work
                Blue Chrome Level 1

                I corrected as you said, still get undefined error.  See attached.

                • 5. Re: Trouble getting UDF to work
                  Blue Chrome Level 1

                  For some reason, it won't let me attach the file.  Here's the whole code for the template:

                   

                  <cflock scope="Session" type="ReadOnly" timeout="30" throwontimeout="no">
                    <cfset MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",DE(""))>
                    <cfset MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Session.MM_UserAuthor ization",DE(""))>
                  </cflock>
                  <cfif MM_Username EQ "" OR MM_UserAuthorization EQ "" OR ListFind("DebtUser,DebtAdmin,SystemAdmin",MM_UserAuthorization) EQ 0>
                    <cfset MM_referer=CGI.SCRIPT_NAME>
                    <cfif CGI.QUERY_STRING NEQ "">
                      <cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
                    </cfif>
                    <cfset MM_failureURL="noAccess.cfm?accessdenied=" & URLEncodedFormat(MM_referer)>
                    <cflocation url="#MM_failureURL#" addtoken="no">
                  </cfif>
                  <cfset CurrentPage=GetFileFromPath(GetBaseTemplatePath())>
                  <cfinclude template="Libraries/formValidation.cfm">
                  <cfif isdefined ("FORM.Lessor")><cfset passFail = checkChars(Form.Lessor)></cfif>
                  <cfif passFail NEQ 0>
                  <cfscript>
                     WriteOutput('
                      <script language="JavaScript">
                      <!--
                      alert("Your form contains HTML, please remove unalowable characters and resubmit")
                      //-->
                      </script>
                     ');
                     WriteOutput('
                      <script language="JavaScript">
                      <!--
                      history.back()
                      //-->
                      </script>
                     ');
                    </cfscript>
                  </cfif>
                  <cfif IsDefined ("FORM.Lessor_ID") AND FORM.Lessor_ID NEQ "">
                  <cfstoredproc procedure="spLGD_Upd_DATALessors_EditLessor" datasource="LocalDebt">
                    <cfprocparam cfsqltype="cf_sql_integer" value="#FORM.Lessor_ID#" null="#NOT len(trim(Form.Lessor_ID))#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Lessor#" null="#NOT len(trim(Form.Lessor))#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Address1#" null="#NOT len(trim(Form.Address1))#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Address2#" null="#NOT len(trim(Form.Address2))#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.City#" null="#NOT len(trim(Form.City))#">
                    <cfprocparam cfsqltype="cf_sql_char" value="#FORM.State#" null="#NOT len(trim(Form.State))#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Zip#" null="#NOT len(trim(Form.Zip))#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Phone#" null="#NOT len(trim(Form.Phone))#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.eMail#" null="#NOT len(trim(Form.eMail))#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Fax#" null="#NOT len(trim(Form.Fax))#">
                    <cfprocparam cfsqltype="cf_sql_text" value="#FORM.Comments#" null="#NOT len(trim(Form.Comments))#">
                    <cfprocparam cfsqltype="cf_sql_timestamp" value="#FORM.Last_Update#">
                    <cfprocparam cfsqltype="cf_sql_varchar" value="#FORM.Updated_By#">
                      </cfstoredproc>
                      <cflocation url="leaseCodes.cfm" addtoken="NO">
                  <cfelseif IsDefined ("Form.Lessors") AND Form.Lessors NEQ "">   
                      <cfstoredproc procedure="spLGD_Sel_DATALessors_RSbyLessorID" datasource="LocalDebt">
                    <cfprocparam cfsqltype="cf_sql_integer" value="#Form.Lessors#">
                       <cfprocresult name="rs_Lessors">
                  </cfstoredproc>
                  <cfelse>
                  <cflocation url="leaseCodes.cfm">
                  </cfif>
                  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
                  <html xmlns="http://www.w3.org/1999/xhtml">
                  <head>
                  <LINK REL="SHORTCUT ICON" HREF="WebK.ico">
                  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
                  <title>DLGDB: Edit Lessor</title>
                  <link href="styles/basic.css" rel="stylesheet" type="text/css" media="screen"/>
                  <!--[if IE]><link href="styles/ie_hacks.css" rel="stylesheet" type="text/css" media="screen"/><![EndIf]-->

                  <style type="text/css">
                  <!--
                  @import url("styles/professional.css");
                  -->
                  </style>
                  <script src="SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
                  <link href="SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" />
                  <link href="styles/print_friendly.css" rel="stylesheet" type="text/css" media="print" />
                  <style type="text/css">
                  <!--
                  .style1 {
                  color: #666666;
                  font-weight: bold;
                  }
                  -->
                  </style>
                  </head>

                  <body>
                  <div id="wrapper">
                      <div id="header"><img src="images/header_blue.png" alt="Header blue" width="738"/>
                          </div>
                      <div id="titlebar"><img src="images/dlgBranding.jpg" alt="DLG Header Image" width="738"/>
                          </div>
                      <div id="maincontent">
                         <div id="nav">   
                        <ul id="navbar" class="MenuBarHorizontal">
                          <li><a href="#" class="MenuBarItemSubmenu">Home</a>
                       <ul>
                            <li><a href="http://dlg.ky.gov">DLG Home</a></li>
                            <li><a href="index.cfm">DLGDB Home</a></li>
                       </ul></li>
                       <li><a href="#" class="MenuBarItemSubmenu">Entities</a>
                         <ul>
                           <li><a href="citySearch.cfm">Cities</a></li>
                                    <li><a href="countySearch.cfm">Counties</a></li>
                                    <li><a href="specDistSearch.cfm">Special Dist.</a></li>
                                    <li><a href="agencySearch.cfm">Agencies</a></li>
                      </ul>
                                </li>
                       <li><a href="#" class="MenuBarItemSubmenu">Debt</a>
                         <ul>
                           <li><a href="bondSearch.cfm">Bond Maint.</a></li>
                                    <li><a href="bondCodes.cfm">Bond Codes</a></li>
                                    <li><a href="leaseSearch.cfm">Lease Maint.</a></li>
                                    <li><a href="leaseCodes.cfm">Lease Codes</a></li>
                      </ul>
                                </li>
                                <li><a href="#" class="MenuBarItemSubmenu">Financials</a>
                      <ul>
                                     <li><a href="#">Cities</a></li>
                                     <li><a href="countyFinancialUpload.cfm">Counties</a></li>
                       <li><a href="specDistFinancials.cfm">Special Dist.</a></li>
                      </ul>
                                </li>
                     <li><a href="#">Training</a></li>
                     </ul>
                      </div>
                        <p> </p>
                        <h1>Edit Lessors </h1>
                        <p> </p>
                         <p>Please make any changes to the Lessor and click &quot;SUBMIT&quot;.</p>
                         <form id="frmEditLessor" name="frmEditLessor" method="post" action="">
                             <table width="100%" border="0" cellpadding="3" cellspacing="0" id="tblLessors">
                                  <tr>
                                    <td width="12%"class="tdLabel"><div align="left">Lessor</div></td>
                                    <td colspan="3"><div align="left">
                                      <input name="Lessor" type="text" class="tdTextExtraLong" id="Lessor" value="<cfoutput>#rs_Lessors.Lessor#</cfoutput>" tabindex="1" />
                                    </div></td>
                                  <td></td>
                                  <td></td>
                                  </tr>
                                  <tr>
                                    <td width="12%"class="tdLabel"><div align="left">Address1</div></td>
                                    <td width="30%"><div align="left">
                                      <input name="Address1" type="text" class="tdTextLong" id="Address1" value="<cfoutput>#rs_Lessors.Address1#</cfoutput>" tabindex="2"/>
                                    </div>                  </td>
                                    <td width="12%" class="tdLabel"><div align="left">Phone</div></td>
                                    <td width="45%"><div align="left">
                                      <input name="Phone" type="text" class="tdTextShort" id="Phone" value="<cfoutput>#rs_Lessors.Phone#</cfoutput>" tabindex="7"/>
                                    </div></td>
                                  </tr>
                                  <tr>
                                    <td class="tdLabel"><div align="left">Address2</div></td>
                                    <td><div align="left">
                                      <input name="Address2" type="text" class="tdTextLong" id="Address2" value="<cfoutput>#rs_Lessors.Address2#</cfoutput>" tabindex="3"/>
                                    </div></td>
                                    <td class="tdLabel"><div align="left">eMail</div></td>
                                    <td><div align="left">
                                      <input name="email" type="text" class="tdTextLong" id="email" value="<cfoutput>#rs_Lessors.email#</cfoutput>" tabindex="8"/>
                                    </div></td>
                                  </tr>
                                  <tr>
                                    <td class="tdLabel"><div align="left">City</div></td>
                                    <td><div align="left">
                                      <input name="City" type="text" class="tdTextShort" id="City" value="<cfoutput>#rs_Lessors.City#</cfoutput>" tabindex="4"/>
                                    </div></td>
                                    <td class="tdLabel"><div align="left">Fax</div></td>
                                    <td><div align="left">
                                      <input name="Fax" type="text" class="tdTextShort" id="Fax" value="<cfoutput>#rs_Lessors.Fax#</cfoutput>" tabindex="9"/>
                                    </div></td>
                                  </tr>
                                  <tr>
                                    <td class="tdLabel"><div align="left">State/Zip</div></td>
                                    <td><div align="left">
                                      <input name="State" type="text" class="tdTextExtraShort" id="State" value="<cfoutput>#rs_Lessors.State#</cfoutput>" tabindex="5"/>
                                      <input name="Zip" type="text" class="tdTextExtraShort" id="Zip" value="<cfoutput>#rs_Lessors.Zip#</cfoutput>" tabindex="6"/>
                                    </div></td>
                                    <td class="tdLabel"><div align="left">Comments</div></td>
                                    <td><div align="left">
                                      <input name="Comments" type="text" class="tdTextLong" id="Comments" value="<cfoutput>#rs_Lessors.Comments#</cfoutput>" tabindex="10"/>
                                    </div></td>
                                  </tr>
                                  <tr>
                                    <td class="tdLabel"> </td>
                                    <td> </td>
                                    <td><input name="Lessor_ID" type="hidden" id="Lessor_ID" value="<cfoutput>#rs_Lessors.Lessor_ID#</cfoutput>" />
                                      <input name="Last_Update" type="hidden" id="Last_Update" value="<cfoutput>#DateFormat(Now(),'mm/dd/yyyy')#</cfoutput>" />                                 
                                    <input name="Updated_By" type="hidden" id="Updated_By" value="<cfoutput>#cgi.remote_addr#</cfoutput>" /></td>
                                    <td><div align="center">
                                      <input type="submit" name="button" id="button" value="SUBMIT" />
                                    </div></td>
                                  </tr>
                                </table>
                         </form>
                         <p> </p>
                     </div>
                     <div id="footer" style="background: url(images/footer_blue.png)" width="738">
                       <div id="siteMap"><a href="http://kentucky.gov/policy/privacy.htm">Privacy</a> | <a href="http://kentucky.gov/policy/security.htm">Security</a> | <a href="http://kentucky.gov/policy/accessibility.htm">Accessibility</a> | <a href="contact.cfm">Contact Us</a> | <a href="logout.cfm">Logout</a>
                          </div>
                       <div id="copyRight">Copyright &copy; 2008-<cfoutput>#year(now())#</cfoutput> Todd Kirby
                          </div>
                  </div> 
                  </div>
                  <script type="text/javascript">
                  <!--
                  var MenuBar1 = new Spry.Widget.MenuBar("navbar", {imgDown:"SpryAssets/SpryMenuBarDownHover.gif", imgRight:"SpryAssets/SpryMenuBarRightHover.gif"});
                  //-->
                  </script>
                  </body>
                  </html>

                  • 6. Re: Trouble getting UDF to work
                    ilssac Level 5

                    See the entire file helps.

                     

                    I now see you are doing your processing at the head of your display page.  That means that the first time the page is shown, the form has not been processed.  So the <cfif isdefined ("FORM.Lessor")><cfset passFail = checkChars(Form.Lessor)></cfif> line will be false and passFail will not be set.  Then the very next line looks for passFail.

                     

                    EITHER

                     

                    Wrap the entire <cfif passFail NEQ 0> block inside of the <cfif isdefined...></cfif> block so that it only gets run when the form is submitted.

                     

                    OR

                     

                    Create a default value of PassFail equal to 0 to be used when the page is first displayed and the form has not yet been submitted.

                    • 7. Re: Trouble getting UDF to work
                      Blue Chrome Level 1

                      I set the entire "passfail NEQ" block inside the "isdefined" block:

                       

                      <cfinclude template="Libraries/formValidation.cfm">
                      <cfif isdefined ("FORM.Lessor")>
                      <cfset passFail = checkChars(Form.Lessor)>
                      <cfif passFail NEQ 0>
                        <cfscript>
                         WriteOutput('
                          <script language="JavaScript">
                          <!--
                          alert("Your form contains HTML, please remove unalowable characters and resubmit")
                          //-->
                          </script>
                         ');
                         WriteOutput('
                          <script language="JavaScript">
                          <!--
                          history.back()
                          //-->
                          </script>
                         ');
                        </cfscript>
                      </cfif>
                      </cfif>

                       

                      So now the page runs, but it still lets me save HTML characters in the field "Lessors"

                      • 8. Re: Trouble getting UDF to work
                        ilssac Level 5

                        The <cfstoredProc...> tag is what puts the information into the database.

                         

                        What is the relationship of the <cfstoredProc...> tag to the <cfiif passFail NEQ 0> block?  How would this relationship determine when the strored procedure is run and when it is not run.

                         

                        Remember what I said in my first post.  A JavaScript history.back() function is not going to have any affect on the server where the CFML is running.  All the CFML that is to be run will be ran before any HTML or JavaScript is sent to the client where they will run.

                        • 9. Re: Trouble getting UDF to work
                          Blue Chrome Level 1

                          Thanks Ian, once I restructured the "if...else" statements it worked.  I'm still having trouble with the Javascript not running, but at least it will save good entries and not save bad entries.  I may try passing an error variable in coldfusion and forget about the Javascript.