Don’t you wanna display image file on client browsers when users downloading? It’s kinda simple, use following code :
<cfheader name=”Content-Type” value=”unknown”>
<cfheader name=”Content-Disposition” value=”attachment; filename=FileName.jpg”>
<cfcontent type=”Application/Unknown” file=”/http//downloads/FileName.jpg” deletefile=”No”>
Of the most powerful and convenient report builder is Coldfusion Report Builder. It’s absolutely just like crystal report. You can make your report design in CF report builder or you can use their built-in theme, either. Are you getting sick of writing query in cf report builder? It’s ok. You can write Query in your cfm file and output report just like :
<cfquery name=”qryUsers” datasource=”#application.datasource#”>
SELECT * FROM Users WHERE U_ID = <cfqueryparam value=”#url.id#” cfsqltype=”CF_SQL_NUMBER”>
</cfquery><cfreport template=”NewColdFusionReport.cfr” query=”qryUsers” format=”PDF”>
</cfreport>
I’m not used to this architectural but I’ve created so many applications with this style. In coldfusion, we categorize all of query CFM in model folder. In view folder, we put vier HTML cfm files. For calling page, we use controller file. In controller file, all of model files and view files are included. Why we used this architectural is we want all of separated files to be reusable.
MVC
We’re now doing project with different language, VB6 and CFMX7. One part of our projects, we need to send our data each other without uploading database files. That’s why we need to consider about exporting and importing XML files. In CFMX7, reading XML isn’t kinda complicated. Here is coding…
<cffile action=”read” file=”c:\inetpub\wwwroot\myfile.xml” variable=”XMLFileText” charset=”UTF-8″>
<cfset MyXMLDoc = xmlParse(XMLFileText)>
<cfset MyXMLNodes = xmlSearch(MyXMLDoc,’/Values/Comment’)>
<cfloop from=”1″ to=”#arraylen(MyXMLNodes)#” index=”i”>
<cfset GetXMLNodes = xmlparse(MyXMLNodes[i])>
<cfset ID = GetXMLNodes.Comment.CommentID.xmlText>
<cfset type = GetXMLNodes.Comment.CommentType.xmlText>
<cfset message = GetXMLNodes.Comment.CommentMessage.xmlText>
</cfloop>
To prevent SQL Injection in Coldfusion, we should use <cfqueryparam> tag between <cfquery> tag. It’s good tag and it output the variable which MS.SQL like. But to get good performance of our website, we should use cachedwidthin attribute of cfquery tag. If we use <cfqueryparam> tag in <cfquery>, error occur for sure and <cfquery> doesn’t allow <cfqueryparam> tag. So, how to prevent for SQL injection and how to get good performance for your site without using <cfqueryparam>. The answer is quite simple: we need put following coding at the top of your page.
<CFIF IsDefined(“id”) AND NOT IsNumeric(id)>
<cfabort showerror=”Invalid Query String”>
</CFIF>
And, also add following coding in <cfquery> tag,
WHERE ID = #Val(id)#
How? It’s easy though, isn’t it?
Creating communication website, we gotta consider the security, the access and all uploaded data of our users. Now that if anyone want to upload their data into our communication websites, they must have each registered ID. So whenever they come and upload their data into our site, they need to login first and after uploading, they need to logout successfully. It’s ok that no problem without doing logout after uploading if anyone upload their data at their home pc. If Peter (for example) upload their data by using public internet cafe, it’s problem that they didn’t logout after uploading, someone can copy, delete and upload with Peter’s account into communication sites. So, we need to kill our users’ session data whenever they close their browsers after using it. But we cannot do anything if they didn’t logout or didn’t close browser after using.
Here is some coding we need to add in application.cfm
<cfif IsDefined( “Cookie.CFID” ) AND IsDefined(“Cookie.CFTOKEN” )>
<cfset localCFID = Cookie.CFID>
<cfset localCFTOKEN = Cookie.CFTOKEN>
<cfcookie name=”CFID” value=”#localCFID#”>
<cfcookie name=”CFTOKEN” value=”#localCFTOKEN#”>
</cfif>
Since my website has prevented SQL Injection, they keep on attacking on and on. For these case, my sql server reach over-loaded and crushed often. That’s why I need to block the IP of these people before doing anything. So, I’ll create following coding in my application.cfm file.
<cfparam name=”blacklist” default=”">
<cfset application.fpath = “#GetDirectoryFromPath(GetCurrentTemplatePath())#”><cfset blacklist = “” />
<cffile action=”read” file=”#application.fpath##fName#” variable=”blacklist” charset=”utf-8″ /><cfif ListFind(blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cflocation addtoken=”false” url=”/blacklist.cfm” />
</cfif><cfif FindNoCase(“DECLARE”,cgi.query_string) and FindNoCase(“CAST”,cgi.query_string) and FindNoCase(“EXEC”,cgi.query_string)>
<cfif not ListFind(blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cfset blacklist = ListAppend(blacklist,cgi.remote_addr,Chr(13)&Chr(10)) />
<cftry>
<cffile action=”write” file=”#application.fpath##fName#” output=”#blacklist#” charset=”utf-8″ />
<cfcatch></cfcatch>
</cftry>
<cflocation addtoken=”false” url=”/blacklist.cfm” />
</cfif>
</cfif>
In these days, some people test writing HTML code, especially javascript tags, marquee tag and so on in input. Because of this case, we need to solve this problem not be inserted miscellaneous codes in our Database. I’ve prevented this kind of problems before time. But, it cannot be used as global function. That’s why I keep searching any solutions in Google and create own coding. Eventually, I’ve get following coding.
<cfscript>
function listFix(list) {
var delim = “,”;
var null = “NULL”;
var special_char_list = “\,+,*,?,.,[,],^,$,(,),{,},|,-,<,>”;
var esc_special_char_list = “\\,\+,\*,\?,\.,\[,\],\^,\$,\(,\),\{,\},\|,\-,<,>”;
var i = “”;if(arrayLen(arguments) gt 1) delim = arguments[2];
if(arrayLen(arguments) gt 2) null = arguments[3];if(findnocase(left(list, 1),delim)) list = null & list;
if(findnocase(right(list,1),delim)) list = list & null;i = len(delim) – 1;
while(i GTE 1){
delim = mid(delim,1,i) & “_Separator_” & mid(delim,i+1,len(delim) – (i));
i = i – 1;
}delim = ReplaceList(delim, special_char_list, esc_special_char_list);
delim = Replace(delim, “_Separator_”, “|”, “ALL”);list = rereplace(list, “(” & delim & “)(” & delim & “)”, “\1″ & null & “\2″, “ALL”);
list = rereplace(list, “(” & delim & “)(” & delim & “)”, “\1″ & null & “\2″, “ALL”);return list;
}
</cfscript>
How to use?
It’s simple though. Save following coding as ListFix.cfm file. And, include this file before saving users’ data to your Database.
<cfinclude template=”ListFix.cfm”>
<cfquery name=”SaveDataQry” datasource=”MyDSN”>
INSERT INTO MyUsers
(tbl_User_Name)
VALUES
(‘#listFix(username)#’)
</cfquery>
How easy? Try it.
I’m now trying to create one Dictionary site based on Web 2.0 (Non-profit). But, I’m confused which kind of web programming should I use for less hosting cost, more reliable and best security. I can say I’m not too bad in ColdFusion. Unfortunately if I create dictionary website with CF, I cannot effort the CFMX hosting cost because it’s more higher than Open-source web programming like PHP. I was supposed to create dictionary site with PHP but I’m afraid of all of PHP expert people will hack my site. That’s why I’m now trying to learn JSP for creating my dictionary site. I thought JSP language will be complicated like ASP.NET. Really, it’s not kinda complicated and the one I like is I can do it to be extension-less. If I search “test” in my dictionary, it will show like http://www.ppshein-dictionary.com/search?word=test It’s cool, isn’t it?
If you have any idea to suggest if you’ve had experiences in writing dictionary software, kindly drop comment.
Normally, different language of web programmings are not easy to integrate in the same web page. Although you want to integrate two programming languages in the same webpage, you gotta separate such coding in different portion in <iframe> tag or something else. In CFMX, you don’t need to do like anymore. If you wanna embed in J2EE tags in CFM page, use <cfimport> tag then. Here is simple coding :
<cfimport taglib=”/WEB-INF/lib/random.jar” prefix=”myrand”>
<myrand:number id=”randPass” range=”000000-999999″ algorithm=”SHA1PRNG” provider=”SUN” />
<cfset myPassword = randPass.random>
<cfoutput>
Your password is #myPassword#<br>
</cfoutput>
Big Credit to : http://livedocs.adobe.com/coldfusion/6/Developing_ColdFusion_MX_Applications_with_CFML/Java3.htm#1134309
 |
 |
Twitter