coldfusion

问题 Typically I use integer ids in my application, but for this one piece of dev I am doing look ups on a text field - a tag name. I do make use of cfqueryparam but considering that it's a text field, could it be vulnerable to sql injection attacks, and if so, how do other people get around this other than tediously searching the string for SQL commands. My query looks something like: SELECT tagId -- etc etc FROM tag WHERE tagName = <cfqueryparam cfsqltype="cf_sql_varchar" maxlength="50" value="

问题 So I need to replace #var# and #var2# with <cfqueryparam value="#var#" /> and <cfqueryparam value="#var2#" /> . However, this should only happen when #var# is wrapped inside <cfquery></cfquery> . As an extra criteria, the cfquery-tag will contain text before and after the hash-symbols. This is an example: <cfquery datasource="#tablename#"> SELECT * FROM table WHERE name = #var#, somethingelse = #var2#; </cfquery> I need a regex that only matches 'test' when it's between two hash-symbols and

问题 I'm trying to create an xml object using <cfxml> . I formatted all the data with XMLFormat() . In XML there are some invalid characters like '»'. I added this chars to the xml doctype as follow: <!ENTITY raquo "»"> The HTML text is not very well formatted, but most of it works with my code. But in some texts there are some control chars. I'm getting the following error: An invalid XML character (Unicode: 0x13) was found in the element content of the document. I tried to add the unicode to the

问题 Is there a way to determine if a browser supports NTLM without having NTLM enabled for the particular site or directory in IIS and without showing a login dialog/pop-up? Preferably, determine this using ColdFusion or perhaps some combination of JS and CF. I'd prefer not to restrict this to just IE as other browsers (such as FF) support NTLM authentication. 回答1: If you request a page and the page returns 401 and says it only accepts NTLM, and then the browser sends another HTTP packet trying

问题 I am working to build a menu in coldfusion based on xml. current working function: <cffunction name="xmlNav" access="private" returntype="struct" output="false"> <cfargument name="qGetNav" type="query" required="true"> <cfscript> var qNav=Arguments.qGetNav; var xmlNav=StructNew(); var myXmlDoc=xmlNew(); var route=''; myXmlDoc.XMLRoot = XMLElemNew(myXmlDoc,"UL"); myXmlDoc.UL.xmlAttributes.ID="nav-main-links"; for(q=1;q<=qNav.recordCount;q++){ //setup li myXmlDoc.UL.XmlChildren[q]=XmlElemNew

问题 I am using SendGrid’s SMTP API (not WEB API) and am considering sending an email using cfmail . If I use cfmail to send the email, and want to use the X-SMTPAPI header somewhere, do you think that cfmail is a place to do that? Please clarify. 回答1: You would do this by adding a custom header, using the cfmailparam tag. As such: <cfmailparam name="X-SMTPAPI" value="{\"category\":\"Cool Emails\"}"> In context of the cfmail tag it would be as follows. <cfmail from="you@example.com" to="nick

问题 I am trying to convert some code that has various ColdFusion UI tags to jQuery. I have to create a migration plan. Currently this is what I have Tag Replacement CFApplet ??? CFCalendar http://jqueryui.com/datepicker/ CFChart http://stackoverflow.com/questions/1201098/jquery-charting CFForm too many to list CFGrid http://stackoverflow.com/questions/5622716/choosing-a-jquery-datagrid-plugin CFMap ??? CFProgressBar http://jqueryui.com/progressbar/ CFSlider http://jqueryui.com/slider/ CFTextArea

问题 Related to the topic in this post: Converting Coldfusion encryption code to C# How would you do the conversion for this: <!--- valueToEncrypt = "34245678", key = "TJhKuhjyx/87giutBNHh9t==" ---> <cfset output = Encrypt( valueToEncrypt, key, "AES", "Hex")> Here's what I tried in C#: byte[] plainText = Encoding.UTF8.GetBytes(TextToEncrypt); byte[] key = Convert.FromBase64String(encryptionKey); RijndaelManaged algorithm = new RijndaelManaged(); algorithm.Mode = CipherMode.ECB; algorithm.Padding =

问题 Related to the topic in this post: Converting Coldfusion encryption code to C# How would you do the conversion for this: <!--- valueToEncrypt = "34245678", key = "TJhKuhjyx/87giutBNHh9t==" ---> <cfset output = Encrypt( valueToEncrypt, key, "AES", "Hex")> Here's what I tried in C#: byte[] plainText = Encoding.UTF8.GetBytes(TextToEncrypt); byte[] key = Convert.FromBase64String(encryptionKey); RijndaelManaged algorithm = new RijndaelManaged(); algorithm.Mode = CipherMode.ECB; algorithm.Padding =

问题 Overview I'm looking to start developing iOS apps using HTML5, jQuery, and ColdFusion. My understanding of this is to have jQuery call the ColdFusion API's for all of he back-end functions. Great! My question is mostly about the page structure and API security. Application Structure In my head I suggested that the actual structure of the app should be similar to this: <html> <head> <script src="http://foo.bar/path/to/jquery.js"></script> <script src="http://foo.bar/path/to/api.js"></script>