Common programming mistakes for ColdFusion programmer to avoid? [closed]

前端未结

关注

 9  1875

渐次进展

相关标签:

9条回答

不思量自难忘°

2020-12-14 05:30

Overuse of 'query of query'. That is, further filtering or sorting of query results using the cfquery tag.

This type of work is often done better by the database itself, particularly if the dataset is large.

0 讨论(0)
发布评论:

提交评论
- 加载中...
一生所求

2020-12-14 05:34

Shamelessly stealing Henry's formatting...
it is faster and more accurate to check explicit boolean instead of implied; use <cfif query.recordCount GT 0> instead of <cfif query.recordCount>
do not use evaluate(), de(), or iif()... ever. there is always a way around these slow functions
understand structures, keys, values and how to access query and structure data using array notation. (this will usually get around your need for evaluate())
do not use pound signs unless you are outputting data or otherwise creating a string (don't do this: myFunction(arg = #myVar#) )
read and understand the difference between THIS and VARIABLES scope in a CFC
avoid extreme overuse of <cfsilent> when you probably need to use a <cfcontent reset="true"> just before you begin your output (before doctype, xml declaration, or <html>)
don't blindly drop ColdFusion values into an HTML script block (javascript) without using jsStringFormat()
if you are not using <CDATA> text in your XML, you may want to use xmlFormat() when creating an XML document
don't use Windows registry for Client scope data. Use the database.
if your IT architecture permits, use Session data instead of Client data.
use <cflock> correctly and consistently; shared data will leak in your Application.
if you are going to use Java objects, understand the Java error messages (for example, 'method cannot be found' may not mean the method does not exist at all, it means the method does not exist for the arguments you've supplied)
if you have to read large files, either use the new CF8 "File" functions or hand off the task to Java on CF6 & 7. <cffile> is inefficient for large files.
understand pass-by-reference and pass-by-value, and how those concepts work in CF; specifically when using functions to modify XML documents
as Henry stated, always use <cfqueryparam>; also ensure that you are using the correct CFSQLType parameter for your DBMS (for date, time, timestamp, etc)
don't chain together a series of <cfif> and <cfelseif> logic blocks, use <cfswitch> and <cfcase> if you have more than three conditions you need to handle
more of an architecture note: always do some sort of server side validation to catch the nasty data the wolf-shirt-wearing user may be passing you
last architecture note: let CF do your middle layer of data retrieval and display and let your webserver do webserver things like SEO URLs (I'm looking at you ColdCourse)

0 讨论(0)

予麋鹿

2020-12-14 05:42

One of the biggest mistakes would be not using cfqueryparam

Very bad:

SELECT UserName
FROM Customers
WHERE CustomerID = #URL.custid#

Very good:

SELECT UserName
FROM Customers
WHERE CustomerID = <cfqueryparam value="#URL.custid#" cfsqltype="cf_sql_integer">`

Making that mistake will cost you a website.

0 讨论(0)

失恋的感觉

2020-12-14 05:43

Failing to prevent users from seeing coldfusion errors.

Add a onError method to a top level Application.cfc to prevent users from seeing those all to detailed dump messages exposing your inner workings(and failings).

<cffunction name="onError" returntype="void" output="true">
    <cfargument name="exception" type="any" required="true" />
    <cfargument name="eventname" type="string" required="true" />

varscoper is also a great tool for automating the check for variable scoping omissions in components.

http://varscoper.riaforge.org/

0 讨论(0)

说谎

2020-12-14 05:45

Putting variables in the wrong scope; even if you don't blow up the registry or crash the server, it's easy to slowly drain performance from your application by bumping variables up to the highest scope in which you think you might need them, or to lose information because you stored it in one scope and tried to access them in a different scope.

Using cfcatch without capturing and/or transmitting some information about the error so that it can be found and fixed. (It's difficult to find an error that doesn't tell you it occurred.)

Using listcontains() when you want listfind(). Especially if the list contains numbers. listfind() matches only an entire item in a list; listcontains() matches part of an item. (Yes, we made this mistake once.)

With administrator access:

Leaving the defaults for a data source set up on the server. "Least privileges" applies on the CF side as well; don't give it any more permissions than it specifically needs. (GRANT, ALTER, REVOKE, DROP ... you don't really want those checked.)
Not checking the boxes for retrieving all the contents from a CLOB/BLOB field when that's what you're expecting. (It was really interesting seeing that applied to a field in which we were storing PDFs.)

0 讨论(0)

-上瘾入骨i

2020-12-14 05:46

Inappropriate use of #

SELECT *

Not scrubbing URL/form inputs

Debugging on in production environment (even if output is suppressed)

0 讨论(0)

1 2 下一页

热议问题