As per this TechNote, <CFINPUT validate="integer"> allows the dollar symbol ($) to bypass generated client side validation. I don't know how long this has been the case, but the solution (as noted in the TechNote) is to use a regular expression instead.
^((-?[1-9][0-9]*)|0)?$
(I gave that about 30sec thought, so might not be foolproof...)
Also, if checking for integers on a computer system, it's perhaps best to do bounds checking too. The maximum value for an integer in CF is... what? 2^32 -1 (or something like that?)
As the previous commenter suggested, now's a good time to get this included in the mix for CF9. I'll make sure it gets put on the radar, at least.
--
Adam
<script>
function doCheck(obj){
if(obj.match(/[^\d\.]/)){
alert('numbers only');
document.getElementById('test').value='';}
}
function ToDollarsAndCents(n) {
var s = "" + Math.round(n * 100) / 100
var i = s.indexOf('.')
if (i < 0) return s + ".00"
var t = s.substring(0,i+1) + s.substring(i+1,i+3)
if (i + 2 == s.length) t += "0"
return t
}
</script>
<cfinput type="Text" name="amount" range="1,10000" message="You must indicate the amount you wish to submit for this payment" validate="regex" pattern="^((-?[1-9][0-9]*)|0)?$" validateAt="onSubmit" required="Yes" size="5" maxlength="7">
<cfinput type="Text" name="amount" range="1,10000" message="You must indicate the amount you wish to submit for this payment" required="Yes" size="5" maxlength="7" onkeyup="doCheck(this.value)">