Data validation using IsValid() / cfparam
Filed under cfparam , ColdFusion , IsValid()
Recently it has been a major topic of ours to secure all data transactions and validate everything as well as possible. Obviously <cfqueryparam> has been a big part of recent blogs and should be coded whenever needed and without exception.
We really also want to validate data before it even gets to the <cfqueryparam> tag using server side validation (It should be noted that client side validation is unreliable for external servers and should not be your sole validation). Luckily for us ColdFusion developers there are many options available for validation, but the options of recent discussion amongst the office are the IsValid() function and the <cfparam> tag.
The IsValid() function is a nifty way to get quick validation. It has the capabilities of validating many different data types including date or time, email, integer, query, array and struct. For a complete list visit here. All you have to do is decide what data type you want to validate and then write a simple <cfif> statement which returns a true or false value.
<cfif IsValid(“Integer”, #Form.txtTest#)>
<cfoutput>Congrats on entering an integer</cfoutput>
<cfelse>
<cfoutput>Wrong data type. Integers only please!!</cfoutput>
</cfif>
The <cfparam> tag is very similar to the IsValid() function. You can check for all the same data types but instead of using an <cfif> statement you can use the <cferror> tag.
<cferror type="exception" exception="expression" template="errortest.cfm">
<cfif isdefined(“form.submit”)>
<cfparam name=”form.txtTest” type=”Integer”>
<cfoutput>Congrats on entering an integer</cfoutput>
</cfif>
You would then put the appropriate error msg in your errortest.cfm. To futher these validation types you can add the <cftry> / <cfcatch> logic ;). Another beginner post for all of us newbies!! Hope someone finds these useful and/or shows me some more ways.
Aug27