coldfusion-9

I have been working with Coldfusion 9 lately (background in PHP primarily) and I am scratching my head trying to figure out how to 'clean/sanitize' input / string that is user submitted. I want to make it HTMLSAFE, eliminate any javascript, or SQL query injection, the usual. I am hoping I've overlooked some kind of function that already comes with CF9. Can someone point me in the proper direction? Stephen Moretti This an addition to Kyle's suggestions not an alternative answer, but the comments panel is a bit rubbish for links. Take a look a the ColdFusion string functions . You've got

I see that pre-compiling pages to java classes will increase performance, while using the -deploy command will encode the pages to java bytecode, thus hiding the source code. Questions: Can both of the above be done? Pre-compiling the application, then encoding them? Is updating sourceless pages & cfc's as simple as encoding the newly updated files locally, then overwrite the older ones on the server? Thank you for your contributions. It's worth noting that byte code won't 'secure' your code if someone gets onto your server. There is nothing to stop someone from decompiling your code using

2 jpg images that look exactly the same (failing image above, no.jpg, resaved as yes.png) but one is not an Image according to IsImageFile function. Run this code #IsImageFile("http://fdiapp.com/ini/cms/file_uploads/yes.jpg")# ** #IsImageFile("http://fdiapp.com/ini/cms/file_uploads/no.jpg")# Leigh I think the problem is that is a CMYK jpeg. ColdFusion 9 uses ImageIO internally, which afaik only supports RGB . (While some of the java suggestions in that thread do work from ColdFusion - the colors in the resulting image are skewed.) What is probably happening is that ImageIO fails to even load

When developing regular expressions it helps not only to know what the limitations are as seen here: http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec0a38f-7ff3.html , but also what the grammar and syntax expected is. It also helps during testing for apps that can select a Regex engine to test with against a test bed of text or files. I've seen posted here and there that CF uses Jakarta ORO, http://jakarta.apache.org/oro/ , which is retired late 2010 so that can't be correct or is it still baked into CF9? If CF10 ships with a different Regex engine as CF9

Common "best practice" for ColdFusion cookie session cookie management has been to implement something like this: <cfset this.setClientCookies = false /> <cfif NOT IsDefined( "cookie.cfid" ) OR NOT IsDefined( "cookie.cftoken" )> <cfcookie name="cfid" value="#session.cfid#" domain=".#cgi.HTTP_HOST#" path="/test/sessiontest"> <cfcookie name="cftoken" value="#session.cftoken#" domain=".#cgi.HTTP_HOST#" path="/test/sessiontest"> </cfif> OR <cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")> <cfcookie name="CFID" value="#Cookie.CFID#"> <cfcookie name="CFTOKEN" value="#Cookie.CFTOKEN#">

When working with Coldfusion 9 and cfform with a HTML format, I place a cfinput on a page with a label, it displays the label to the right of the text box. I have tried using the tag, with and without it but no matter what I do, the label is always to the right of the box. <cfform method="post" name="mfForm" > <label for="campaign">Mailfile ID:</label> <cfinput type="text" name="campaign" id="campaign"> <cfinput type="submit" name="submit" value="Submit" id="submit"> </cfform> Don't ever remember having this problem before recently. I would just use an HTML form, but want to take advantage of