Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

validateat="onsubmit" not working 1

Status
Not open for further replies.
hpvic03

hpvic03

Technical User
Aug 2, 2006
89
I've got a simple coldfusion form, with a cfinput type=text and validateat="onsubmit" and validate="email" and required ="yes".

But it will not validate onsubmit, nor onblur. It will only work for onserver. Why is it doing this? Any ideas?

Thanks!
 
Sort by date Sort by votes
No idea why it wouldn't without seeing each version of the code. They all work for me. Do you have Javascript turned off in your browser?

Validating at anything except server means that people can bypass your validation. JavaScript (JS) is used for all other validateat (with format="HTML") except server, and turning JS off means that they can input (or exclude) whatever data they want regardless of validation rules you set. Even if your using flash or they have Javascript turned on they can generate those HTTP requests with another tool and put anything they want in the POST varible. Aside from the validation, you also need to sanitize against HTML injection (and SQL injection if your using a database).

Also, cfform generates form tags that are not compliant with XHTML 1.0 strict. If you want or have to meet these validations and you want real protection of your data, don't bother with cfform, and use regular html code for your forms.

[plug=shameless]
[/plug]
 
Upvote 0 Downvote
how do you do sql injection protection? i am using a database
 
Upvote 0 Downvote
oh, i've been using cfqueryparam most of the time anyway just because my database would not read the the data correctly unless I did that.

i'll check and see where my cfform.js is

thanks starlight
 
Upvote 0 Downvote
You're welcome. You can also use cfform's "ScriptSrc" to point to the location of your cfform.js file.
 
Upvote 0 Downvote
awesome, that was the problem. I just copied the CFIDE/scripts directory into every possible folder that could be my webroot (i wasn't sure haha) and now it works.

thanks
 
Upvote 0 Downvote
<cfqueryparam ... " will sanitize information in queries. You can also add another level of protection by making your database not allow semicolons in a query (and have it add ones at the end of the query automagically), and lastly to protect against HTML/CF injection just make sure to change <'s to &lt;'s.

[plug=shameless]
[/plug]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cohan123
  • Locked
  • Question
Hypertext Jump function not working
Replies
0
Views
510
cohan123
cohan123
HansKok
  • Locked
  • Question
Error after only changing text and not codes
Replies
0
Views
509
HansKok
HansKok
Mike Lewis
  • Locked
  • Question
Using Dreamweaver to maintain a site not created in Dreamweaver
Replies
2
Views
613
Mike Lewis
Mike Lewis
LyndonOHRC
  • Locked
  • Question
Javascript code will not execute if a cfdocument tag is in my document
Replies
1
Views
294
LyndonOHRC
LyndonOHRC
Ceilicat
  • Locked
  • Question
Query of Queries Union Not Totaling Across Fields
Replies
2
Views
259
OneTrickPony
OneTrickPony

Part and Inventory Search

Sponsor

Back
Top