Community Member Profile

Recent Blog Comments By Adam Cameron

• reMultiMatch() - Extracting Iterative Regular Expression Patterns In ColdFusion

  Posted on May 13, 2010 at 3:33 AM

  Hi Ben Interesting function. Some observations: * Wouldn't an array of regexes in the first argument be slightly more logical / predictable / tidy, than 1->n string arguments? * Also, isn't it normal to have the required args first? IE: one always needs the target string, so... read more »

• New ColdFusion Error: Form Entries Incomplete Or Invalid

  Posted on Apr 14, 2010 at 8:02 AM

  Hi Ben I'm just adding another "cheers for blogging this" note: I just got bitten on the bum by this and it was doing my head in as to WTF was going on, until I read your blog post. So: cheers! I'm developing an app for BlueDragon (bleah, but not my call), and notionally have to have... read more »

• Using XPath To Select A Node That Does Not Contain Another Node In ColdFusion

  Posted on Mar 25, 2010 at 7:38 PM

  It's good to see there's always something new I can learn about XPath. Good post. Cheers. -- Adam... read more »

• ColdFusion Xml Nodes Have An XmlNodes Property

  Posted on Aug 10, 2009 at 11:59 AM

  I'd say the most obvious use case would be is if you needed to parse a doc that wasn't simply a series of nodes, but also had text nodes in it, eg: <sentence>This is a sentence. It has <bold>bold</bold> and it has <italics>italics</italics> in it</sentence&... read more »

• Learning ColdFusion 9: Using CFQuery In CFScript Can Enable SQL Injection Attacks

  Posted on Aug 7, 2009 at 3:47 PM

  Hi Jason You don't have to convince /me/, I'm absolutely fine with doing it as per the current approach. I'm just concerned about buy-in from the sort of people who don't currently parameterise their queries, and are likely to fall foul of this issue Ben's noticed. Anything to make th... read more »

• Learning ColdFusion 9: Using CFQuery In CFScript Can Enable SQL Injection Attacks

  Posted on Aug 7, 2009 at 2:54 PM

  Jason, good point re it being "too late" to escape any variable values by the time they get passed to the query "inner workings". One of the good things about tag-based stuff is that <cfquery> can automatically handle variables differently when they're embedded in its body. No such possib... read more »

• Learning ColdFusion 9: Using CFQuery In CFScript Can Enable SQL Injection Attacks

  Posted on Aug 7, 2009 at 6:25 AM

  Ben, is it OK if I reproduce sections of your original posting in a communication to Adobe? I'll attribute it appropriately, and cross-ref back to here. -- Adam... read more »

• Learning ColdFusion 9: Using CFQuery In CFScript Can Enable SQL Injection Attacks

  Posted on Aug 7, 2009 at 6:18 AM

  [quote] by using CFScript-based queries, you are deactivating ColdFusion's auto-magic escaping of malicious SQL. I don't consider this to be a bug in any way. [/quote] Well, it might have been done that way "by design", but I suspect the design could do with a second look.read more »

• Learning ColdFusion 9: Using CFQuery (And Other Service Tags) In CFScript

  Posted on Aug 6, 2009 at 4:17 PM

  Hi Ben Did you raise this bug with Adobe? I can't find anything similar in the bug tracker..? @Rick What's your gripe with this approach? How would you implement functionality for executing a query within a script block which would improve on this? Personally I think the s... read more »

• Learning ColdFusion 9: Application.cfc OnCFCRequest Event Handler For CFC Requests

  Posted on Jul 29, 2009 at 5:57 AM

  Hi Ben I agree this is a bit cock-eyed. One would also think that if CF is going to the effort of checking this sort of thing, it'd also be checking if the method being called is actually specified as remotely accessible in the first place. It *should* block remote calls to non-remote... read more »

• Learning ColdFusion 9: CFScript Updates For ColdFusion Components

  Posted on Jul 23, 2009 at 3:47 PM

  Hi Ben Just because something has parentheses, doesn't mean it's a function. Give consideration to for(), if(), catch(), etc. Not functions. As for why would a tag be a function? I reckon any tag that: a) doesn't have a closing tag; b) takes attributes and returns a value;... read more »

• The Performance Cost Of Throwing Exceptions In ColdFusion

  Posted on Jul 18, 2009 at 12:57 PM

  "It'd be great if there was an easy API to access that stuff without having to throw exceptions." There is. java.lang.Exception. I remodelled your code to test the <cfthrow> approach compared to creating an exception using Java, with a control of neither, and the results were a... read more »

• Learning ColdFusion 9: Virtual File System vs. Actual File System

  Posted on Jul 18, 2009 at 12:27 PM

  Hi Ben I'd be interested in seeing the results if you individually time each discrete action (so separate timings for the deletes, writes and reads), rather than timing all four actions together. -- Adam... read more »

• An Experiment In Non-Data-Type ColdFusion Components

  Posted on Apr 13, 2009 at 3:55 AM

  Hi Ben You seem to use the words "class" and "object" interchangeably, which I think can cause confusion when thinking about what you're doing (or articulating it in a blog post!). Also, CF doesn't have classes anyhow. It has components. Best to stick to the actual nomenclature, I re... read more »

• Ask Ben: Finding XML Nodes That Have Children With The Given Case-Insensitive Phrase

  Posted on Feb 13, 2009 at 3:49 AM

  Hi Ben I don't think there's any way anything you said could've been construed as an attack against anything or one. Everything you said is spot on, valid, and I'm sure is something Adobe are giving at least some consideration to. -- Adam... read more »

• Ask Ben: Finding XML Nodes That Have Children With The Given Case-Insensitive Phrase

  Posted on Feb 12, 2009 at 5:25 PM

  >It's not about them implementing anything. Well, Elliott, it would be about them implementing Saxon instead Xalan, wouldn't it? So it's every thing about them implementing something, isn't it? >People seem to think that Macrodobe actually implement this stuff. Yes. They... read more »

• Ask Ben: Finding XML Nodes That Have Children With The Given Case-Insensitive Phrase

  Posted on Feb 12, 2009 at 1:10 PM

  RyanTJ, could you pls clarify what you're saying here about xmlSearch() failing? Maybe paste some sample code? Ben: could you please drop me an email offline (it's just about this lower-case / upper-case stuff, and CF's support for it). Cheers. -- Adam... read more »

• Ask Ben: Finding XML Nodes That Have Children With The Given Case-Insensitive Phrase

  Posted on Feb 11, 2009 at 12:50 PM

  There's another couple of options here Ben: <cfset aNoCase1 = xmlSearch(xmlFeed, "//item[contains(translate(title/text(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'coldfusion')]")> It's a bit long-winded, but it works. This next one conditionally works.... read more »

• Interesting Behavior When Swapping Live Nodes In A ColdFusion XML Document

  Posted on Dec 1, 2008 at 6:27 PM

  You just need to watch your pointers, Ben. Modify your node assignment line thus: {code} <cfset xmlData.toes.toe[3] = duplicate(xmlData.toes.toe[2])> {code} -- Adam... read more »

• Ask Ben: Dynamic Table Names In ColdFusion Queries

  Posted on Nov 13, 2008 at 10:54 AM

  Just regarding this: {quote} FROM table_<cfqueryparam value="#arguments.suffix#" /> I have never seen this work. As much as I love ColdFusion's CFQueryParam tag {quote} One should not expect it to work. <cfqueryparam> is for setting paramater values. It ha... read more »