Saturday, March 20, 2010    
Home My Books Blog ColdFusion About Me Back    

Calendar
<< Oct 2008 >>
S M T W T F S
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Search

Categories
 • Acrobat (3) [RSS]
 • Adobe (90) [RSS]
 • AdobeMAX06 (45) [RSS]
 • AdobeMAX07 (59) [RSS]
 • AdobeMAX08 (66) [RSS]
 • AdobeMAX09 (39) [RSS]
 • AdobeMAX10 (1) [RSS]
 • AIR (219) [RSS]
 • Appearances (191) [RSS]
 • Books (72) [RSS]
 • CFEclipse (15) [RSS]
 • ColdFusion (1381) [RSS]
 • Data Services (34) [RSS]
 • Fish Tank (5) [RSS]
 • Flash (197) [RSS]
 • Flex (498) [RSS]
 • Home Automation (5) [RSS]
 • Jobs (116) [RSS]
 • JRun (14) [RSS]
 • Labs (43) [RSS]
 • LiveCycle (34) [RSS]
 • MAX (232) [RSS]
 • Mobile (120) [RSS]
 • Regular Expressions (17) [RSS]
 • RIA (21) [RSS]
 • SQL (40) [RSS]
 • Stuff (536) [RSS]
 • Tips (CF Studio) (80) [RSS]
 • Tips (CF) (795) [RSS]
 • Tips (Dreamweaver) (91) [RSS]
 • Tips (Flex Builder) (2) [RSS]
 • Using CF (162) [RSS]

Other BLOGs
 • Charlie Arehart
 • Lee Brimelow
 • Ray Camden
 • Christophe Coenraets
 • Sean Corfield
 • Mihai Corlan
 • Cornel Creanga
 • Mark Doherty
 • John Dowdell
 • Danny Dura
 • Enrique Duvos
 • Steven Erat
 • Kevin Hoyt
 • Serge Jespers
 • Adam Lehman
 • Duane Nickull
 • Miti Pricope
 • Andrew Shorten
 • Ryan Stewart
 • James Ward
 • Greg Wilson
 • Full As A Goog

RSS Feeds
 • Feed
 • Subscribe

Join my mailing list and find out about new books and other topics of interest.
Thoughts, ideas, tips, musings, and pontifications (not necessarily in that order) by Ben Forta ...
NOTE: This is my personal blog, and the opinions and statements voiced here are my own.

Viewing By Day : October 24, 2008 / Main
October 24, 2008

CFINPUT Integer Validation Flaw

Posted At : 3:24 PM
Related Categories: Regular Expressions : ColdFusion :

As per this TechNote, <CFINPUT validate="integer"> allows the dollar symbol ($) to bypass generated client side validation. I don't know how long this has been the case, but the solution (as noted in the TechNote) is to use a regular expression instead.

Comments (3) | Trackbacks (0) | Print | Send | del.icio.us | Linking Blogs
TrackBacks
There are no trackbacks for this entry.

No trackback URL. Trackbacks are only allowed via interactive form.

[Add Trackback]
Comments
[Add Comment] [Subscribe to Comments]
I have been trying out using the regular expressions to validate and integer entry and find that the regex posted here as well as the one in the tech notes still allows the dollar symbol to bypass.
# Posted By Susan | 9/11/09 6:09 PM
I too have found that the regular expression method fails, the only client side kludge I have been able to get to work is this...
<script>
function doCheck(obj){
if(obj.match(/[^\d\.]/)){
alert('numbers only');
document.getElementById('test').value='';}
}
function ToDollarsAndCents(n) {
var s = "" + Math.round(n * 100) / 100
var i = s.indexOf('.')
if (i < 0) return s + ".00"
var t = s.substring(0,i+1) + s.substring(i+1,i+3)
if (i + 2 == s.length) t += "0"
return t
}
</script>
<cfinput type="Text" name="amount" range="1,10000" message="You must indicate the amount you wish to submit for this payment" validate="regex" pattern="^((-?[1-9][0-9]*)|0)?$" validateAt="onSubmit" required="Yes" size="5" maxlength="7">
# Posted By Peter Fralin | 10/16/09 4:49 PM
MY Bad, the cfinput tag shown above should be...
<cfinput type="Text" name="amount" range="1,10000" message="You must indicate the amount you wish to submit for this payment" required="Yes" size="5" maxlength="7" onkeyup="doCheck(this.value)">
# Posted By Peter Fralin | 10/16/09 4:52 PM
[Add Comment]

  © Copyright 1997-2009 Ben Forta, All Rights Reserved