cfparam best practice 1

[ice7899]

Is it ok to introduce a variable in a page as follows

<cfparam name="somevar" default="1">

And then update its value with links

somepage.cfm?somevar=20 etc



I have seen this quite a lot recently and I'm not sure if it is good practice. Should somevar be explicitly scoped ? <cfparam name="url.somevar" default="1">

 

[ecobb]

It's generally recommended to always scope your variables, regardless of whether they're form, url, session, etc...

If you're using cfparam, you'll definitely want to scope it so that it knows exactly what variable to assign the value to. While it may work without a scope, it's not a good idea to do it that way. (or at least I wouldn't)

Hope This Helps!

ECAR
ECAR Technologies

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[FALCONSEYE]

<cfparam name="url.somevar" default="1" type="numeric">

defining the type would be even better especially if you are using these variables in dB queries.

hope it helps.

http://www.jetansolutions.com

 

[CTekMedia]

What are you doing with this variable? Is it a piece of data that could be misused by a user?

For example - will bad things happen if they type
somepage.cfm?somevar=21
instead of
somepage.cfm?somevar=20

If so:
Avoid URL Variables
If you have to use them:
Encrypt before transmission using the ENCRYPT and DECRYPT functions
and
validate using CFQUERYPARAM before writing to a database.

Are you using CF7?

Cheers,

Bluetone

 

[ice7899]

Yes I am using CF7.

Would it be a viable solution to use session variables instead of URLS. If so, is around 14 1 number or 1 word variables too many per query?

 

[CTekMedia]

Definitely - SESSION variables are the way to avoid URL data transfer unless it is going to be a heavily used site and your server memory isn't of sufficient capaicity. That is rarely an issue.

That number of variables just adds to the memory load, but again, it generally isn't a problem.

Make sure you use CFLOCK around the creation and reading of session variables - Failure to do so can result in an unstable application due to memory overwrites.

Cheers,

Bluetone

 

[CTekMedia]

I just read your earlier post - one other disadvantage of using URL's variables is that most search engines do not like more than 2. If you have more, it can hurt your SEO.

Cheers,

Bluetone

 

[imstillatwork]

There is far to much involved in SEO to make that statement in this conversation.

Kevin

http://www.lot-o-nothin.com/cfml/

Phase 1: Read the CFML Reference
Phase 2: ???
Phase 3: Profit!

 

[ice7899]

Is there a performance penalty associated with the use of CFLOCK as suggested above. If so, would this make using urls faster?

 

[CTekMedia]

Unless you are using very old hardware or you have a heavily used site (several thousand concurrent visitors) that kind of minor performance tweaking isn't really necessary. I suspect passing data via URL's might be slightly faster - if security were not an issue. For example, encrypting variables is relatively time and resource intensive.

Passing data via URL's should be avoided for any environment that isn't completely trusted, i.e., any public website.

Cheers,

Bluetone