Thoughts, ideas, tips, musings, and pontifications (not necessarily in that order) by Ben Forta ...
NOTE: This is my personal blog, and the opinions and statements voiced here are my own.
September 30, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
When you define your data sources for use with ColdFusion, don't ever use the database administrator's login ("sa" on SQL Server for example). With administrative access you greatly increase the chance of someone executing rogue SQL statements (like DROP table). Give the data source just the access it needs, and nothing more. (Applies to: ColdFusion All)
September 29, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
Never ever assume that a variable exists, even if you wrote the code that passes that variable (perhaps as a URL parameter or a FORM field). To be safe, use a list of tags to initialize all variables. If they do indeed exist the tag will be ignored, so no downside, and lots of upside. (Applies to: ColdFusion 3 (or later))
September 28, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
All SQL implementations have reserved words, words that have special meaning to the database engine. Be very careful to respect these reserved words or your app will start doing funny things when you least expect it. This includes the word "date" which must never ever be used as a column name. (Applies to: ColdFusion All)
September 27, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
Need to know the names of the columns retrieved in a database query? Simply refer to #QUERY.ColumnList# (replacing QUERY with your own query name). (Applies to: ColdFusion 3 (or later))
September 26, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
Any time you use a ColdFusion variable within a SQL statement, pass it with <CFQUERYPARAM>. This tag improves performance and also helps secure your SQL from potential URL tampering. (Applies to: ColdFusion 4.5 (or later))
September 25, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
ColdFusion Custom Tags often have to return results back to the calling code. Resist the temptation to hardcode the names of the variables that will contain these results. Instead, let the caller specify the desired variable name as a tag attribute. (Applies to: ColdFusion 3 (or later))
September 24, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
If your database supports the use of stored procedures (and it should), use them. Stored procedures are usually faster, they are more secure, and there are many other benefits too. (Applies to: ColdFusion All)
September 23, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
ColdFusion creates log files (usually in C:\CFUSION\LOGS). Check these files regularly, they'll help you find problems that you'd otherwise never know of. (Applies to: ColdFusion All)
September 22, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
If you use make sure to specify a TIMEOUT interval. Without one the request might never time out, and sooner or later you'll run out of threads and CF will stop responding. The TIMEOUT attribute was introduced in version 4.5, so if you use , upgrade immediately. (Applies to: ColdFusion 4.5)
September 21, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
Client-side form field validation makes for a great user experience, but don't ever rely on it. Older browsers, connection problems, disabled browser options, and other situations could prevent your script from executing - and without script execution you have no validation. So, use client-side scripting, but never rely solely on it - always perform server-side validation as well when the FORM is submitted. (Applies to: ColdFusion All)
September 20, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
Need to time how long it takes to execute specific lines of code? You can if you use the GetTickCount() function. Add before the code, and after the code. end_time-start_time will be the execution time. (Applies to: ColdFusion 4 (or later))
September 19, 2000
Ever get into trouble by mistyping database, table, or column names in your code? Your best bet is to never type one of these again. ColdFusion Studio lets you drag database, table, and column names right from the Database tab in the Resource Tab. Just click on any text, and drag it right into your editor window. (Applies to: ColdFusion Studio All)
September 18, 2000
Need more editing space in CF Studio (and HomeSite)? Hide (and redisplay) the Resource Tab at any time simply by toggling the F9 key. (Applies to: ColdFusion Studio All)
September 17, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
Data should be consistent. State abbreviations, phone numbers, title prefixes, dates - they should all be stored in your database in a consistent manner. But don't use ColdFusion to enforce consistency. Yes, it is easy to use UCase() and other functions to manipulate the data, but that it is not efficient, nor will your code be used if data is inserted into a database using another client. The right way to enforce data consistency is on the database itself - using triggers or stored procedures. (Applies to: ColdFusion All)
September 16, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
Need to execute a SQL statement or stored procedure at set times (for data housecleaning, for example)? Don't use . Most client-server databases support the timed execution of SQL statements, and they'll do the job far more efficiently and reliably than CF will. (Applies to: ColdFusion All)
September 15, 2000
Posted At : 12:00 AM
Related Categories:
Tips (CF) :
Any time you pass a date to a SQL statement (using ODBC drivers) use the CreateODBCDate() function to format it correctly. This applies not just to the WHERE clause, but to any part of the SQL statement. Be it the VALUES in an INSERT, the SET in an UPDATE, HAVING, or any other clause, use this function eliminate data conversion problems. (Applies to: ColdFusion All)
|
