The IsValid function and cfparam tag validate any ColdFusion variable value, not just forms variables. Because they reside entirely on the ColdFusion server, they can provide a secure mechanism for ensuring that the required validation steps get performed. Users cannot evade any of the checks by modifying the form data that gets submitted. These techniques also provide greater flexibility in how you respond to user errors, because you can use full CFML syntax in your error-handling code.
These two validation techniques operate as follows:
- The IsValid function tests the value of a ColdFusion variable. If the value is valid, it returns True; if the value is invalid, it returns False.
- The cfparam tag with a type attribute tests the value of a ColdFusion value for validity. If the value is valid, it does nothing; if the value is invalid, it throws a ColdFusion expression exception.
You can use either technique interchangeably. The technique you choose should depend on your coding style and programming practices. It can also depend on the specific information that you want to display if an error occurs.
Example: IsValid function validation
The following example checks whether a user has submitted a numeric ID and a valid e-mail address and phone number. If any of the submitted values does not meet the validation test, the page displays an error message.
<!--- Action code. First make sure the form was submitted. --->
<cfif isDefined("form.saveSubmit")>
<cfif isValid("integer", form.UserID) and isValid("email", form.emailAddr)
and isValid("telephone", form.phoneNo)>
<cfoutput>
<!--- Application code to update the database goes here --->
<h3>The e-mail address and phone number for user #Form.UserID#
have been added</h3>
</cfoutput>
<cfelse>
<H3>Please enter a valid user ID, phone number, and e-mail address.</H2>
</cfif>
<cfelse>
</cfif>
<!--- The form. --->
<cfform action="#CGI.SCRIPT_NAME#">
User ID:<cfinput type="Text" name="UserID"><br>
Phone: <cfinput type="Text" name="phoneNo"><br>
E-mail: <cfinput type="Text" name="emailAddr"><br>
<cfinput type="submit" name="saveSubmit" value="Save Data"><br>
</cfform>
|
Examples: cfparam tag validation
The following two examples use cfparam tags to do the same tests as in the [Example: IsValid function validation]. They check whether a user has submitted a numeric ID and a valid e-mail address and phone number. If any of the submitted values does not meet the validation test, ColdFusion throws an expression exception.
In the first example, the error is handled by the exprerr.cfm page specified in the cferror tag. In this case, if the user made multiple errors, ColdFusion lists only one.
In the second example, each invalid field is handled in a separate try/catch block. In this case, the user gets information about each error.
Using an error-handling page
The self-posting form and action page looks as follows:
<!--- Action part of the page. --->
<!--- If an expression exception occurs, run the expresser.cfm page. --->
<cferror type="EXCEPTION" exception="expression" template="expresserr.cfm">
<!--- Make sure the form was submitted. --->
<cfif isDefined("form.saveSubmit")>
<!--- Use cfparam tags to check the form field data types. --->
<cfparam name="form.emailAddr" type="email">
<cfparam name="form.UserID" type="integer">
<cfparam name="form.phoneNo" type="telephone">
<!--- Application code to update the database goes here. --->
<cfoutput>
<h3>The e-mail address and phone number for user #Form.UserID#
have been added</h3>
</cfoutput>
</cfif>
<!--- The form. --->
<cfform action="#CGI.SCRIPT_NAME#">
User ID:<cfinput type="Text" name="UserID"><br>
Phone: <cfinput type="Text" name="phoneNo"><br>
E-mail: <cfinput type="Text" name="emailAddr"><br>
<cfinput type="submit" name="saveSubmit" value="Save Data"><br>
</cfform>
|
The expresserr.cfm page looks as follows:
<cfoutput>
You entered invalid data.<br>
Please click the browser Back button and try again<br>
#cferror.RootCause.detailMessage#
</cfoutput>
|
Using cftry and cfcatch tags
The self-posting form and action page looks as follows:
<!--- Use a Boolean variable to indicate whether all fields are good. --->
<cfset goodData="Yes">
<!--- Make sure the form was submitted. --->
<cfif isDefined("form.saveSubmit")>
<!--- The cftry block for testing the User ID value. --->
<cftry>
<!--- The cfparam tag checks the field data types. --->
<cfparam name="form.UserID" type="integer">
<!--- If the data is invalid, ColdFusion throws an expression exception. --->
<!--- Catch and handle the exception. --->
<cfcatch type="expression">
<!--- Set the data validity indicator to False. --->
<cfset goodData="No">
<cfoutput>
Invalid user ID.<br>
#cfcatch.detail#<br><br>
</cfoutput>
</cfcatch>
</cftry>
<!--- The cftry block for testing the e-mail address value. --->
<cftry>
<cfparam name="form.emailAddr" type="email">
<cfcatch type="expression">
<cfset goodData="No">
<cfoutput>
Invalid e-mail address.<br>
#cfcatch.detail#<br><br>
</cfoutput>
</cfcatch>
</cftry>
<!--- The cftry block for testing the telephone number value. --->
<cftry>
<cfparam name="form.phoneNo" type="telephone">
<cfcatch type="expression">
<cfset goodData="No">
<cfoutput>
Invalid telephone number.<br>
#cfcatch.detail#<br><br>
</cfoutput>
</cfcatch>
</cftry>
<!--- Do this only if the validity indicator was not set to False in a
validation catch block. --->
<cfif goodData>
<!--- Application code to update the database goes here. --->
<cfoutput>
<h3>The e-mail address and phone number for user #Form.UserID#
have been added</h3>
</cfoutput>
</cfif> <!--- goodData is True--->
</cfif> <!--- Form was submitted. --->
<cfform action="#CGI.SCRIPT_NAME#" preservedata="Yes">
User ID:<cfinput type="Text" name="UserID"><br>
Phone: <cfinput type="Text" name="phoneNo"><br>
E-mail: <cfinput type="Text" name="emailAddr"><br>
<cfinput type="submit" name="saveSubmit" value="Save Data"><br>
</cfform>
|