Highlighted

Cfparam question

Explorer ,
Sep 06, 2018

Copy link to clipboard

Copied

Hi,

I am using cfparam in the following fashion.

<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">

Basically I am trying to whitelist the sort_col variable to one of these in the pattern. Later in my code values come in from a form where I set this value. My assumption was that if i tried to set it to something other than one of the values in the pattern then it would crash out. This doesnt seem to be the case though. It gets set to whatever comes in via the form. Can anyone confirm this?

Regards,

Paul

Hi Paul,

It only executes the pattern validation on the line of code where cfparam is located.

So the following will cause an error as you expect:

<cfset sort_col = "Bacon">

<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">

However, this sequence will not cause an error:

<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">

<cfset sort_col = "Bacon">

Because the validation only runs at the cfparam tag, not each time you set the variable.

--

Pete Freitag

Foundeo Inc.

Views

491

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Cfparam question

Explorer ,
Sep 06, 2018

Copy link to clipboard

Copied

Hi,

I am using cfparam in the following fashion.

<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">

Basically I am trying to whitelist the sort_col variable to one of these in the pattern. Later in my code values come in from a form where I set this value. My assumption was that if i tried to set it to something other than one of the values in the pattern then it would crash out. This doesnt seem to be the case though. It gets set to whatever comes in via the form. Can anyone confirm this?

Regards,

Paul

Hi Paul,

It only executes the pattern validation on the line of code where cfparam is located.

So the following will cause an error as you expect:

<cfset sort_col = "Bacon">

<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">

However, this sequence will not cause an error:

<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">

<cfset sort_col = "Bacon">

Because the validation only runs at the cfparam tag, not each time you set the variable.

--

Pete Freitag

Foundeo Inc.

Views

492

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 06, 2018 0
Enthusiast ,
Sep 06, 2018

Copy link to clipboard

Copied

Hi Paul,

It only executes the pattern validation on the line of code where cfparam is located.

So the following will cause an error as you expect:

<cfset sort_col = "Bacon">

<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">

However, this sequence will not cause an error:

<cfparam name="sort_col" default="FirstName" type="regex" pattern="((?i)FirstName|LastName|mEmail|mTelephone)">

<cfset sort_col = "Bacon">

Because the validation only runs at the cfparam tag, not each time you set the variable.

--

Pete Freitag

Foundeo Inc.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 06, 2018 0
Explorer ,
Sep 06, 2018

Copy link to clipboard

Copied

Thanks Pete. Have gone the switch route now to do some sort of whitelisting.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 06, 2018 0