ColdFusion Tips and Tutorials

I. Comments:

Hope all is well with you. Still have not chosen a house to live it.

I wonder sometimes how many people out there are reading this. I know I
have a whole lot of you on my list. How many of you think this site and
this ezine is still useful.

Send me an email to cfnut<at>nsnd.com.
When you do tell me something about how this site has helped you? (If it
has)
Where you live? City, State, County, Country, etc.
Send me a photo of where you live. (If you want)
Make suggestions.
Ask Questions.
Or anything else you want.

Thanks!

By the way if your a company who wants to advertise here send me an
email as well but to NathanS<at>nsnd.com and we will see if it is
ColdFusion Related or not.

Keep Coding,
Nathan Stanford
http://www.cftipsplus.com

If you have suggestions for articles send them to us.
If you would like to write for cftipsplus.com
send us an email to:

NathanS<at>nsnd.com

IF YOU WANT TO BE AN AUTHOR SEND IN YOUR COLDFUSION TIPS.

Remember this is a great way to get your name known in the
ColdFusion Community.

Suppose your application lets the user enter a vendor name manually or lets the user enter a short identifier such as a Commercial And Government Entity (CAGE) code to pull the vendor name from another application into your data entry form. Now suppose someone increases the size of the vendor name column in that external database.
What impact does this have on you? After all, you set a maxlength as part of the HTML entry field that you're going to populate from that external query. Can the length of the value in your entry field exceed the maxlength you've set?

It turns out that the HTML maxlength attribute only limits manual entry (including cut and paste). It doesn't limit what winds up being displayed in the field. If a very long string makes it into the field, you can scroll the entire string (and even remove characters) without maxlength having anything to say about it. The string does not get truncated to maxlength. Furthermore, the form variable that gets passed to your action page isn't limited by maxlength either.

Demonstration
This demonstration lets you see this unexpected behavior in operation. Put this code in max.cfm.

<form name="max" action="maxact.cfm" method="post">
Supposedly "Tiny" text; scroll it: <input type="text" name="Tiny"
value="The quick brown fox jumped over the lazy dog's back" size="15" maxlength="10">
<input type="submit" name="Go" value="Submit">
</form>

Put this code in maxact.cfm to display the form variable passed by the Web server.

<cfoutput>The value of Tiny is: #form.Tiny#</cfoutput>

Now browse max.cfm. You can scroll back and forth. Trying to change a character removes it, but the rest of the string remains intact. Submit the form. The entire (edited) string makes it to the next page.

Discussion
The action page for an entry form usually feeds a database. When you try to feed a string that's too long into your database, the customer will get a noisy database error telling you that you shouldn't do that. How do you avoid this kind of error? Check the length of data from someone else's data source before trying to consume it. If the string is too long, truncate it before posting and perhaps notify the developer (You!). It's unkind to send a noisy database error to a compliant customer who was merely unlucky enough to be the first to learn that an external data source you use for reference has changed. Be kind to your customer.

=Marty=