It is often not sufficient that input data merely exists; it must also have the right format. For example, a date field must have data in a date format. A salary field must have data in a numeric or currency format. There are many ways to ensure the validity of data, including the following methods:

  • Use the cfparam tag with the type attribute to validate a variable.
  • Use the IsValid function to validate a variable.
  • Use the cfqueryparam tag in a SQL WHERE clause to validate query parameters.
  • Use cfform controls that have validation attributes.
  • Use a form input tag with a hidden attribute to validate the contents of a form input field.

Note:

Data validation using the cfparam, cfqueryparam, and form tags is done by the server. Validation using cfform tags and hidden fields is done using JavaScript in the user's browser, before any data is sent to the server.

For detailed information on validating data in forms and variables, see Validating data For detailed information on validating query parameters, see Using cfqueryparam in Enhancing security with cfqueryparam.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy