I'll stick to my original statement.  "No, it's not 'overkill,' and when you get a little bit into Regular Expressions you'll see first-hand what I mean by that." Regexes are a very thorough and very general-purpose solution to one of the otherwise-most-vexing problems that we all face:  "dealing with character strings."  In practice it is very cumbersome to write functions to do this sort of thing ... in any language at all, yes, but in the case of CF, "most especially if you have not yet delved deeply into the world of <cfscript>." CF's implementation is basically, as far as I can see, "Perl compatible."  (We do know that their implementation is undoubtedly going to be, of course, "Java's," because Java is the underlying architecture now.)  So there are a lot of resources here, that CF has simply tapped into.  You are therefore dealing with an extremely robust technology, of known high quality, and you're using a modus operandi for string manipulation that spans far beyond the world of Cold Fusion. So...  dive in, at once.  Don't linger on the edge of the pool.  It will change the way that you think about string manipulation, and the learning curve (while "peculiar" at first) is certainly not insurmountable.  There are plenty of "regular expression testers" and "try it yourself demos" out there, all of which apply directly to the Regular Expression implementation that is surfaced in Cold Fusion. ... View more

That ought to be something that you follow-up with directly at Adobe.  Make sure you have your proof-of-purchase information handy if they don't find you right away in their customer database.  They can provide you with the correct license code and the proper instructions for (re-)installing it.  They're hands-down the best folks to help you with something like this. . . ... View more

There are, as usual, "several ways to do it."  The first thing to do is to figure out ... from the browser's point of view ... what's going on. Either by viewing the page-source or with FireBug (or IE's Developer Toolbar), look at what is being sent to you by the host.  Then, notice the <script> tags and, in a separate browser window or tab, see if each of them actually lead somewhere.  (FireBug will take a lot of the work for you, because if a script-tag could be followed, the script will show up in the "scripts" pulldown.) You can also look at the headers of the HTTP reply to see, definitively, which web-server actually responded to you. Armed with this information, and a good pencil and pad-o-paper, you can sleuth this problem pretty completely.  The user's browser obviously needs to have received a coherent HTTP response, and it needs to succeed in retrieving all of the JavaScript content referenced in all of the script-tags. Once you can clearly see what you're actually dealing with, the resolution should be straightforward. ... View more

Actually, you can reference a query-result object as though it were an array. Munch on this function a little bit...  notice how it accesses the query-result by row-number and field-names: <!--- QueryToStruct:     RETURNS A "STRUCT" CONTAINING THE VALUES FROM A QUERY     SOURCE: http://www.bennadel.com/blog/149-Ask-Ben-Converting-A-Query-To-A-Struct.htm ---> <cffunction name="QueryToStruct"             access="public"             returntype="any"             output="false"             hint="Converts an entire query or the given record to a struct. This might return a structure or an array of structures.">     <!--- Define arguments.             Query:      the query to be processed.         Row:      the index of a single row to be returned (as a single structure), or '0' to specify that                     all rows are to be returned as an array of structures.  Row-numbers start at '1.'                 (While it is certainly possible in ColdFusion to extract an arbitrary range of rows from a query           object, which CF sees as a "collection," this particular function simply has no need to support           that "feechur.")     --->     <cfargument name="Query" type="query"   required="true" />     <cfargument name="Row"   type="numeric" required="false" default="1" />    <!--- DEFAULT IS TO RETURN A STRUCT CONTAINING ONE ROW --->         <cfscript>         // Define the local scope.         var LOCAL = StructNew();                 // Determine the indexes that we will need to loop over:  either a given row, or all of them.         if (ARGUMENTS.Row){             // We are only looping over one row.             LOCAL.FromIndex = ARGUMENTS.Row;             LOCAL.ToIndex   = ARGUMENTS.Row;         } else {             // We are looping over the entire query.             LOCAL.FromIndex = 1;             LOCAL.ToIndex   = ARGUMENTS.Query.RecordCount;         }                 // Get the list of columns as an array and the column count.         LOCAL.Columns     = ListToArray( ARGUMENTS.Query.ColumnList );         LOCAL.ColumnCount = ArrayLen( LOCAL.Columns );                 // Create an array to keep all the objects.         LOCAL.DataArray = ArrayNew( 1 );                 // Loop over the rows to create a structure for each row.         for (LOCAL.RowIndex = LOCAL.FromIndex; LOCAL.RowIndex LTE LOCAL.ToIndex; LOCAL.RowIndex++)         {                // Create a new structure for this row.             ArrayAppend( LOCAL.DataArray, StructNew() );                             // Get the index of the current data array object.             LOCAL.DataArrayIndex = ArrayLen( LOCAL.DataArray );                         // Loop over the columns to set the structure values.             for (LOCAL.ColumnIndex = 1; LOCAL.ColumnIndex LTE LOCAL.ColumnCount; LOCAL.ColumnIndex++)             {                 // Get the column value.                 LOCAL.ColumnName = LOCAL.Columns[ LOCAL.ColumnIndex ];                                     // Set column value into the structure.                 LOCAL.DataArray[LOCAL.DataArrayIndex][LOCAL.ColumnName] = ARGUMENTS.Query[LOCAL.ColumnName][LOCAL.RowIndex];             }         }                 // At this point, we have an array of structure objects that represent the rows in the query         //    over the indexes that we wanted to convert.         // If we did not want to convert a specific record, return the array.         // If we wanted to convert a single row, then return the just that STRUCTURE, not the array.         if (ARGUMENTS.Row){             // Return the first array item.             return( LOCAL.DataArray[ 1 ] );         } else {             // Return the entire array.             return( LOCAL.DataArray );         }     </cfscript> </cffunction> ... View more

Think for a minute about the underlying implementation, which is Java.  Also visualize that the role of the server is to serve thousands of requests per second, among hundreds of active sessions, perhaps with dozens of simultaneously active server machines. "A session" should simply be "a unique and valid session-ID token, which indexes into a host-side pool of data values."  ColdFusion gives you very easy access to that pool of values, as well as several (fast, and transparent) ways to implement the pool. "A CFC, once instantiated," might incur a startup penalty but once it has been instantiated (as a Java object...) it becomes a shared resource that might be used for hours to come by many servers.  You do not want to pay that price repeatedly, either in terms of memory or time. Since the session-data is, of course, a struct, which can be arbitrarily complex, you might design each CFC so that it stores "its" variables in a particular subkey of the session-data.  (And maybe you <cfset CFC_session_subkey = "whatever"> at the top of each CFC's source-code, just for consistency of coding.)  This will help to keep the data separated so that the various CFCs don't walk-on one another. ... View more

As a blanket rule-of-thumb, anytime you find yourself saying, "I want to find and/or replace things within a string," exactly one thought should immediately pop into your head:  "regular expressions." Even though they are often accused of being "incomprehensible chicken-scratches," regular expressions are actually one of the most powerful concepts ever implemented.  (And they have been very well implemented.) Why don't you see a bewildering library of "replaceAll" functions?  Because they've got Regular Expressions!  (So, "why bother?") Go spend a good solid hour surfing the results of "regular expression tutorial" on Google.  The effort will be worth every second that you spend on it, both now and for years to come.  Trust me:  after maybe a little bit of such as you may expect while learning anything new,  "the little light will come on," very quickly, and you'll be saying:  wow! ... View more

The typical indexing structure that is used for such purposes is called a "B-tree." Whereas a binary-search always divides the data in half, a B-tree's approach is much more like what you might have seen in L. Frank Baum's now-famous office, where he had two filing cabinets:  "A-N" and "O-Z."  (Yes, that's where the name of the Wonderful Wizard's homeland came from.)  Once you selected from several cabinets, you now select from several drawers, then locate your starting search-position within the selected drawer and so on.  Each time, you reduce your search space by much more than one-half. A computer-geek would say that binary search is "O(2^n)" but a B-tree is "O(x^n)" where "x" is the number of slots in each bucket.  But that's enough geekdom for one day... ... View more

One of the "little secrets" of ColdFusion is that a "struct" is actually like what would be called a "hash" in other languages.  It supports a hybrid syntax, so that mystruct.foo and mystruct['foo'] are the same.  The very important difference in the second syntax-form is that the index can be specified using another variable or by any arbitrary expression, e.g. "bar = 'foo'; mystruct[bar]" ... View more

There are actually plenty of well-developed regular expression strings available on the Internet, which you can simply "copy and use."  You don't have to spend too much time figuring-out the correct pattern of chicken scratches. It's not quite as convenient as saying  "use Regexp::Common::URL;" but one cannot have everything in "less-enlightened" languages like CF... You do need to understand them, however.  When you look at the string given in a previous reply, you do need to understand the meaning of all those symbols, and you need to practice the art of being able to cook them up extemporaneously. ... View more

ColdFusion does provide options for launching pretty darned good "automatic defenses" against many forms of attacks, including the so-called "cross-side scripting" attack (where a session-variable is purloined).  You would do well to carefully read the docs chapters on this and, if you are deploying a public-facing application, follow them quite religiously. ... View more

To elaborate on Ian's comment ... There are two main forms of "structured variables" provided by ColdFusion.  (They are, of course, the "usual suspects" ...) Arrays are simply one-based ordered collections of values.  (Each element can be a scalar, a struct, or an array.) Structs are what Perl would call a hash, and other languages might call an "associative array."  Either way, elements are referred-to by keys which may be strings or numbers.  There are two equivalent notations:  variable.key and variable[key].  The practical difference between the two is that, in the second form, "key" may be an arbitrary expression.  The result of evaluating that expression becomes the key that is used. The underlying implementation in both cases is provided by Java, because ColdFusion performs "on-the-fly" compilation into Java, which is what actually gets executed by the engine. All of the predefined system variables are either arrays or structs, or at least, functionally appear to be. ... View more

Start by putting in some <cfoutput>/<cfdump> tags so that you can see, on your screen, exactly what this string actually looks like.  (You think you know, but there's really only one way to be sure:  try it, and eyeball the result.)  Once you know that the generated string is correctly-formed and represents a syntactically valid URL, then you can move on to further troubleshooting.  But don't overlook the obvious. ... View more

Consider carefully what is happening here: The JavaScript code that is being executed client-side comes from the server, either as the result of a <script> tag in the delivered HTML, or as part of the HTML text itself.  All of this material is (or can be) generated by the ColdFusion host, at the software designer's (i.e. your...) discretion.  JavaScript text can also be delivered in response to an AJAX method-call (which, in a very real sense, is precisely what "JSON" is). When the source-code arrives at the client, the client has no idea where it came from, nor how it was produced.  It's just "there," and it gets executed. So, to transfer a variable's value to the client, you need to send it to the client as a string (e.g. an assignment-statement) and you must ensure that the value is sufficiently encoded that you will always generate a syntactically-valid statement no matter what the value contains.  (Quotes and so-forth.)  A practical way to do this, if you know it could be a problem, is to use SerializeJSON() on the server-side and to subsequently decode it client-side.  (In other words, the JavaScript source-code that you send consists of, say, var foo="json_encoded_string", and the client code must at some point decode it.) By all means, if you have a nice function like ToScript() on the server-side, and if you are satisfied with what it actually generates in all cases, then go ahead and use it.  Don't make extra work for yourself whenever you can avoid it... ... View more

<cflock> is not the same as a database lock.  Databases are not aware of it. This tag operates on what is called a named semaphore.  It serializes activities within the ColdFusion server(s) only.  All threads, on all servers that may exist, can see the current list of names that are locked.  Threads which attempt to lock a particular name are serialized with all others which are simultaneously referring-to the same name. This tag is required for use in reference to the Session variable-pool.  If you are using any other type of shared memory object you must also use it.  You can also use it for application-specific purposes.  The "cost" is negligible. ... View more

These are very good suggestions. Also:  the CF8 server should be running from a fairly-restricted user-id; one that has been set aside just for this purpose.  File access, especially download targets, should be limited so that, even if the CF8 server has "temporarily been taken over by the evil Borg," the operating-system will not permit it to do anything that it "should" not do.  Ditto the database-server. "The mere fact that it is the ColdFusion server is issuing the request does not mean that the request should be honored.  (It could well have been "assimilated..." ) The so-called principle of least privilege should be used throughout any public-facing application.  The computer is wonderful at enforcing rules.  But you must take care to place those boundaries just as close as you can. ... View more

Who needs support ... when you've got access to wonderful folks like ... us?  ... View more

(shrug...)  I tell ColdFusion that the incoming parameter is a "string" and do all of the necessary data-conversions "by hand" inside my function. ... View more

I agree with the comment that the database-design could be considerably improved. Each time the user punches-in, he creates a new punch-record, of a particular type (e.g. "sick," "holiday," "regular") with a specified starting-time and a NULL ending-time.  When he clocks out, we expect to find that the most-recent record has a NULL ending-time and so we update it.  (But the possibility of a "missing punch" must also be considered!) The resulting single record describes one contiguous unit-of-time.  The table is indexed by {employee_id, start_timestamp} so that we can instantly locate the clock-in record to update when we clock-out. I do offer the slightly-dissenting opinion that the "date" and "time" columns should be one... a "datetime" data-type that incorporates both the date and the time.  After all, people do clock-out "after midnight."  (And I'm entirely sure that Ian would agree with that.) Also, of course, you'll use <cftransaction> tags to make the operations fully atomic. ... View more

A realistic approach would be to send the 'time this page was generated' as a hidden-field in the forms.  When the data comes back, examine the value and, if it is reasonable, use it to calculate your elapsed-time. For an inward-facing (intranet) application, this strategy is pretty reasonable and robust.  It's not the only way (you could use Session variables, for instance), but it ought to work pretty well.  It certainly has the compelling advantage of being quite easy to do . . . ... View more

Well, did you un-zip them?  ... View more

ColdFusion is an example of what's known as an application server.  It can be used to host web-sites and software-services of various kinds, for lightweight loads or very heavy ones. The design of ColdFusion is very clever, to the point that (like most cleverness) it's not entirely obvious at first glance.  ColdFusion works with declarative tags that are (usually) interspersed with your HTML code ... yet, these tags truly are declarative in nature, not merely procedural as in (say...) PHP.  A vague simile would be to say that CF is somewhat like a really good macro-processor, and more. On-the-fly, ColdFusion evaluates a file and translates it into Java code, which it compiles and executes. So, you actually have all of the portability advantages (and if you wish, the language advantages) of the surrounding Java environment. ... View more

The amount of virtual storage reserved by an application at any time can be quite large ... and yet, it doesn't matter one bit.  Here's why: Operating systems vary considerably in just how they go about arriving at such numbers.  Many resources are shared and, depending on what you are looking at, may be counted twice. In the absence of any actual memory-pressure, all operating systems will be "lazy."  They will not expunge things from memory without provocation, because someone might need it again soon. Applications may reserve "generously large" data structures because they know that only what is actually in-use will be paged-in (or even allocated), thus only it will be consuming system resources, You do not have any actual problem until, under actual conditions of memory stress, the computer system starts spending too much time doing paging operations.  (If this happens:  "throw silicon at it.  Chips Are Cheap.") ... View more

Also note that <cfcatch> supports other values for the "type=" parameter.  If you only want to catch a particular exception-type, you can do so. If the exception cannot be handled by a particular <cftry>..<cfcatch> block, ColdFusion will step out to any surrounding blocks (all the way up to the Application level) looking for one that will accept an exception of this type. ... View more

"Shredding" is not offered in ColdFusion.  Furthermore, the ability to actually do such a thing depends entirely upon the underlying filesystem (and perhaps also the network).  Generally speaking, in my experience it is not possible to obliterate a disk-file such that no piece of it truly remains anywhere. ... View more

Also:  "wise man say, floating-point numbers like little piles of sand.  Every time you pick one up and move it around, you lose a little sand and pick up a little dirt."  When you "print out" the floating-point number, what you are seeing is a textual representation of what the floating-point (binary) value contains.  You are not performing decimal arithmetic as you would do with pencil-and-paper. ... View more

I have lately gotten into the habit of starting with <cfset LOCAL = StructNew()> and thereafter referring to "LOCAL.foobar" in my code. It's just an ordinary struct-reference, of course, where the name of the struct just happens to be the word, "LOCAL."  But it makes things much clearer, and does not slow down anything. ... View more

"Dunno... that smells bad to me," he said vaguely, scratching his head. He pushes a button on his iPod.  "Danger, Will Robinson!  Danger!" squawks the little box.  He nods approvingly, and gives you a meaningful glance.  "Avoid going at all, in directions that you might later regret." ... View more