19 Replies Latest reply on Jul 29, 2011 7:52 AM by KatesF21

    Error when number sign # in address field of form

    KatesF21

      I need to be able to accept the number sign # in my form field for address, ie apt #3. When a # is submitted with my form, I get an error. How do I allow the # to be included for this field?

       

      <cfinput style="WIDTH: 247px" size="30"  type="text" name="shipaddress" value="" required="yes" message="You must enter your address">

        • 1. Re: Error when number sign # in address field of form
          Owain North Level 4

          When a # is submitted with my form, I get an error.

           

          Okay, and what did the error say? When you get an issue like this, try and break it down to the smallest possible case people can test. As it's just a quickie, I knocked up this page:

           

          <!--- test.cfm --->

          <cfdump var="#form#">

          <cfform>

            <cfinput style="WIDTH: 247px" size="30"  type="text" name="shipaddress" value="" required="yes" message="You must enter your address">

          </cfform>

           

          And when I put in "#3" and submit, it appears in my form scope just fine. I'm using CF9, so unless there are operational differences between my version and yours (which I doubt on something so small) the problem lies elsewhere. The hash symbol can cause issues (as it's a "reserved character" almost) so depending on how you're written your processing code it could cause problems.

           

          Go through your code stripping it out line by line until you find the problem line.

           

          O.

          • 2. Re: Error when number sign # in address field of form
            Adam Cameron. Level 5

            When a # is submitted with my form, I get an error.

             

            Okay, and what did the error say?

             

            Just to add my 2p here.  Every time one is thinking of making a post here about an error they are getting: give us the error message.

             

            And before posting here: read the posting guidelines:

            http://forums.adobe.com/thread/607238

             

            Which are a distillation of this:

            http://www.catb.org/~esr/faqs/smart-questions.html

             

             

            To get back to the main question here though.  There is absolutely no special action one needs to take to allow a # sign in a form field value.  # signs have a special meaning in CFML source code (so could possibly need escaping in some situations), but not form submissions.

             

            --

            Adam

            • 3. Re: Error when number sign # in address field of form
              Owain North Level 4

              There is absolutely no special action one needs to take to allow a # sign in a form field value.  # signs have a special meaning in CFML source code (so could possibly need escaping in some situations), but not form submissions.

               

              My thinking is possibly there's an evaluate() being used, in which case it could cause problems and potentially need escaping.

              • 4. Re: Error when number sign # in address field of form
                Adam Cameron. Level 5

                My thinking is possibly there's an evaluate() being used, in which case it could cause problems and potentially need escaping.

                 

                Guessing is fun, isn't it?

                 

                --

                Adam

                • 6. Re: Error when number sign # in address field of form
                  KatesF21 Level 1

                  Thank you for your help. I am very new here.

                   

                  The form collecting the address is on my shopping cart and is working fine, I ran the test code you provided.

                   

                  The data from the form is then inserted into a database.

                   

                  intodb.cfm

                  INSERT INTO people(firstname,lastname,email,address,city,state,country,zip,phone,shipfirst,shiplast,s hipaddress,shipcity,shipstate,shipzip,shipcountry,lastfour,frequency,cases,ccmo,ccyr,cctyp e,dater,cfid,cftoken)
                  VALUES('#shipfirst#','#shiplast#','#email_addr#','#shipaddress#','#shipcity#','#shipstate# ','#shipcountry#','#shipzip#','#phone#','#shipfirst#','#shiplast#','#shipaddress#','#shipc ity#','#shipstate#','#shipzip#','#shipcountry#','#lastfour#','#frequency#','#cases#','#ccm o#','#ccyr#','#cctype#','#DateFormat("#Now()#", "yyyy-mm-dd")# #TimeFormat("#Now()#", "hh:mm:sstt")#','#session.cfid#','#session.cftoken#')

                   

                  <cflocation url="sale2.cfm?shipmethod=#shipmethod#&shipcost=#shipcost#&shipfirst=#shipfirst#&shiplast =#shiplast#&shipaddress=#shipaddress#&shipcity=#shipcity#&shipstate=#shipstate#&shipzip=#s hipzip#&shipcountry=#shipcountry#&country=#shipcountry#&phone=#phone#&email_addr=#email_ad dr#&ccnum=#ccnum#&ccmo=#ccmo#&ccyr=#ccyr#&cctype=#cctype#&ordertotal=#ordertotal#&disc=#di sc#">

                   

                   

                  Then on sale2.cfm.

                   

                  <cfsavecontent variable="strXML">
                  <?xml version="1.0" standalone="yes"?>
                  <SaleRequest>
                  <CustomerData>
                  <Email>#email_addr#</Email>
                  <BillingAddress>
                  <Address1>#shipaddress#</Address1>
                  <FirstName>#shipfirst#</FirstName>
                  <LastName>#shiplast#</LastName>
                  <City>#shipcity#</City>
                  <State>#shipstate#</State>
                  <Zip>#shipzip#</Zip>
                  <Country>#shipcountry#</Country>
                  <Phone>#phone#</Phone>
                  </BillingAddress>

                   

                   

                  I receive this error, assuming it is the EMAIL_ADDR variable because it is the first one:

                   

                  Variable  EMAIL_ADDR is undefined.

                  • 7. Re: Error when number sign # in address field of form
                    KatesF21 Level 1

                    Sorry for the bold in the post above, not sure how that happened and it was not intentional.

                    • 8. Re: Error when number sign # in address field of form
                      Adam Cameron. Level 5

                      OK, so look @ the URL in the address bar when you land on sale2.cfm.

                       

                      Ask yourself the question:

                      * what does a # mean in a URL?  If you don't know... google.

                       

                      Second question:

                      * if a URL parameter value has a character in it that's a "reserved character", how does one "escape" it?

                       

                      Another observation:

                      You oughtn't be hard-coding your dynamic values into your SQL string in your DB insert.  You should be passing them as parameters.  This, however, has nothing to do with your current predicament.

                       

                      I also kinda wonder why you're doing your form processing in two different requests: one to write to the DB, one to do something with this XML you're creating.  Of course there could be a good reason for it...

                       

                      --

                      Adam

                      • 9. Re: Error when number sign # in address field of form
                        Adam Cameron. Level 5

                         

                        Sorry for the bold in the post above, not sure how that happened and it was not intentional.

                         

                        You will quickly learn how much this forum's software absolutely bites.

                         

                        --

                        Adam

                        • 10. Re: Error when number sign # in address field of form
                          Dan Bracuk Level 5

                          In addition to Adam's comments,  this:

                          #DateFormat("#Now()#", "yyyy-mm-dd")# #TimeFormat("#Now()#", "hh:mm:sstt")#',

                           

                          is either really bad or simply unnecessary.  Date and Time format return strings.  If your dater field is text, that's really bad.  If the field is a datetime, the formatting is unnecessary.  You can simply pass now() to the db, or use the db function that returns the current date and time.

                           

                          Next, instead of passing all those variables in the url, you can create a session variable of the form.  Then you simply refer to the session variables when you create your xml document.

                           

                          Finally, you will get better performance if you scope your variables.  In other words, use #form.shipfirst# instead of #shipfirst#.

                          • 11. Re: Error when number sign # in address field of form
                            KatesF21 Level 1

                            I have been looking into how to "escape" a reserved character for the shipaddress. I now understand how the function works, but not sure how to implement it. Do I add this to my url below or do I need to add the function to the code before it runs the url?

                             

                            <cflocation url="sale2.cfm?shipmethod=#shipmethod#&shipcost=#shipcost#&shipfirst= #shipfirst#&shiplast=#shiplast#&shipaddress=#shipaddress#&shipcity=#shipcity#&shipstate=# shipstate#&shipzip=#shipzip#&shipcountry=#shipcount ry#&country=#shipcountry#&phone=#phone#&email_addr=#email_addr#&ccnum= #ccnum#&ccmo=#ccmo#&ccyr=#ccyr#&cctype=#cctype#&ordertotal=#ordertotal #&disc=#disc#">

                            • 12. Re: Error when number sign # in address field of form
                              Owain North Level 4

                              Right, well first up why do you need to pass all those through the URL bar? What happens if someone changes it? Why not just pass the id you just inserted, then re-query the other side?

                               

                              Some browsers have an URL-length limit, so you want to be careful about that.

                              • 13. Re: Error when number sign # in address field of form
                                KatesF21 Level 1

                                This is an old shopping cart that was created long before me and this is how it was setup. I guess someone could change the URL, but once the order is placed, the user doesn't see these itermediary pages, just goes straight to a thank you page.

                                • 14. Re: Error when number sign # in address field of form
                                  Dan Bracuk Level 5

                                  You should still consider all the suggestions made on this thread.  If you are not convinced that you should, see what happens when any of the form fields contain an apostrophe.

                                  • 15. Re: Error when number sign # in address field of form
                                    KatesF21 Level 1

                                    I definitely will consider them and thank you for your input. I am worried about making too many changes to the cart and being in a worse situation with the cart not working properly than I am now with the #. Just at the moment we need to handle the # issue. The apostrophe goes through without an error.

                                    • 16. Re: Error when number sign # in address field of form
                                      Adam Cameron. Level 5

                                      I definitely will consider them and thank you for your input. I am worried about making too many changes to the cart and being in a worse situation with the cart not working properly than I am now with the #. Just at the moment we need to handle the # issue. The apostrophe goes through without an error.

                                       

                                      You do have a separate dev / test & production environments, yeah?

                                       

                                      --

                                      Adam

                                      • 17. Re: Error when number sign # in address field of form
                                        KatesF21 Level 1

                                        Yes. I was hoping to fix the # in the shipaddress, then look into these other areas of concern in the future. I don't want to start too many things at once. Could you suggest how I should use the escape function in my code?

                                        • 18. Re: Error when number sign # in address field of form
                                          Adam Cameron. Level 5

                                          Well...you don't say what you found (it would really help if you didn't assume we had telepathy...), but let's pretend it was urlEncodedFormat() you discovered.  Because that'd be the right function to use ;-)

                                           

                                          So... having discovered that, have you read the docs for it?  http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7b df.html

                                           

                                          Have you just googled it to see any other examples in use?

                                           

                                          Do you understand how CF functions work / are used (this might seem like a stupid question, but the wording of your post earlier makes me unsure... but ti could just be the wording... or my reading thereof).

                                           

                                          Basically if you have a value in a URL which contains characters that are meaningful to the URL (like &, =, %, #, etc), you need to use urlEncodedFormat to convert the characters into a URL-safe encoded representation of them.

                                           

                                          So if you had this value "here's a # sign" that you wanted to put in a URL, you'd need to use urlEncodedFormat() to escape it:

                                           

                                          http://yourdomain.com/path/to/file.cm?param=#urlEncodedFormat("here's a # sign")#

                                           

                                          Basically anything user-entered needs to be escaped, because you cannot predict what a user will enter...

                                           

                                          --
                                          Adam

                                          • 19. Re: Error when number sign # in address field of form
                                            KatesF21 Level 1

                                            Thank you very much for all of your help. The problem has been resolved and I will be working on the other issues as well.