As per this TechNote,
CFINPUT Integer Validation Flaw
5 responses to “CFINPUT Integer Validation Flaw”
-
Can you add that to the "fix" list for "Bentaur" aka CF9?
-
Just a note: the suggested regex on the TechNote is wrong / suboptimal: it will reject negative integers, plus WILL accept leading zeros (I’m not sure if the latter is a problem: seems wrong to me though). Something like this should do the trick:
^((-?[1-9][0-9]*)|0)?$
(I gave that about 30sec thought, so might not be foolproof…)
Also, if checking for integers on a computer system, it’s perhaps best to do bounds checking too. The maximum value for an integer in CF is… what? 2^32 -1 (or something like that?)
As the previous commenter suggested, now’s a good time to get this included in the mix for CF9. I’ll make sure it gets put on the radar, at least.
—
Adam -
I have been trying out using the regular expressions to validate and integer entry and find that the regex posted here as well as the one in the tech notes still allows the dollar symbol to bypass.
-
I too have found that the regular expression method fails, the only client side kludge I have been able to get to work is this…
<script>
function doCheck(obj){
if(obj.match(/[^d.]/)){
alert(‘numbers only’);
document.getElementById(‘test’).value=”;}
}
function ToDollarsAndCents(n) {
var s = "" + Math.round(n * 100) / 100
var i = s.indexOf(‘.’)
if (i < 0) return s + ".00"
var t = s.substring(0,i+1) + s.substring(i+1,i+3)
if (i + 2 == s.length) t += "0"
return t
}
</script>
<cfinput type="Text" name="amount" range="1,10000" message="You must indicate the amount you wish to submit for this payment" validate="regex" pattern="^((-?[1-9][0-9]*)|0)?$" validateAt="onSubmit" required="Yes" size="5" maxlength="7"> -
MY Bad, the cfinput tag shown above should be…
<cfinput type="Text" name="amount" range="1,10000" message="You must indicate the amount you wish to submit for this payment" required="Yes" size="5" maxlength="7" onkeyup="doCheck(this.value)">
Leave a Reply