why does validate="integer" accept commas?

Question

Earlier versions of CF didn't let a comma slip through to mess up SQL statements. This version does. Not only that, but the javascript code in cfform.js, if extracted and run separately against a .. rather than a .. does trap and reject commas. By the way this is true of validate="date", and validate="float" also. I submitted a bug report on 9/14/15 and have had no response so far. I notice that there were reports of this on this forum back in 2014. Any thoughts other than abandon cfform?

WolfShade · Answer

SRolly wrote:Any thoughts other than abandon cfform?There was a time, a while ago, where CFFORM was kind of neat. I used it a few times for generating Flash forms (mostly for security, ironically.) Now, Flash is either dead, or dying; no point, now.But, IMHO, these days CFFORM should never be used (those who disagree, hold your hate mail.)I never liked the built-in "validation" of cfinput, etc. I've always built validation from scratch (client- AND server-side) that gives so much more granular control. So, if that's the reason you're using CFFORM, please do yourself a favor and learn basic validation (preferably server-side; client-side is nice, but can't be relied upon.) You can use Regular Expressions to validate integer, float, etc.HTH,^_^

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded