Ask a Jedi: Can you use string functions along with WDDX and JavaScript?

Mike asks the following:

As a new application service provider, we are currently using CFMX7 and its advanced features such as WDDX handling in our application. Through the CFWDDX tag, we are calling a database query and loading the result set with "cfml2js". Since this tag uses proprietary javascript to write to a single js variable, there is no way to actually handle/refer to the query variables (i.e. #query.id# or #query.account_name#), therefore it is impossible to use HTMLEditFormat(#query.variable#) to strip away html tags that may be in the data coming back. Is there anyway to using the WDDX feature and the HTMLEditFormat in conjunction? Please shine some jedi light on this topic.

Ok, so a few notes here. WDDX isn't really new to CFMX7. It has been around for quite some time. That being said, it is rather handy. There is something like this that is new in CFMX7, the ToScript function. Either way, it isn't "proprietary JavaScript" per se, it is just that you do not have any control over the JS produced.

That being said - you have two options. First, you can manipulate the data before you convert it to JavaScript. You can loop over the query and use the querySetCell function along with HTMLEditFormat. The other option is to do it in JavaScript. You said there is no way to refer to the query variables. Well, you can, but in JavaScript. JavaScript has regex style functions that would let you do something just like HTMLEditFormat. All things considered, though, you are better off doing it server-side instead.

Archived Comments

Comment 1 by Dan G. Switzer, II posted on 7/29/2005 at 1:58 AM

Something like this would work:

[cfloop query="query"]
[cfset query.col[query.currentRow] = htmlEditFormat(query.col[query.currentRow])]
[/cfloop]

[cfwddx action="cfml2js" toplevelvariable="jsVarName" /]

Comment 2 by Dan G. Switzer, II posted on 7/29/2005 at 1:59 AM

PS - I wasn't sure if the greater than/less than stuff would show up, so I used brackets instead.

Comment 3 by Tyson Vanek posted on 7/29/2005 at 6:33 PM

Just a word of caution. If you are dealing with extremely large record sets, a CFLOOP over the query might be a bad way to go. You might consider handling the string replacement at the database level, allowing the database server to do the work. Here's an example:

select
id
, account_name
, replace(replace(account_html,'<','<'),'>','>') as account_html_safe
from tblAccounts

For larger volume queries, this could save tons of time in comparison to a CFLOOP. You could also make the replace statement(s) more complex and comprehensive. You could even consider defining a database function to perform the operation. :)

Comment 4 by Tyson Vanek posted on 7/29/2005 at 6:36 PM

Alright... so the comment interpreted my SQL statement incorrectly. Let me try again.

select
     id
,    account_name
,    replace(replace(account_html,'<','& lt;'),'>','& gt;' as account_html_safe
from tblAccounts

In the statement above you would need to remove the spaces separating the "&" sign from "lt;" and "gt;", allowing the "<" and ">" symbols to be replaced with their character code equivalents.

Comment 5 by Tyson Vanek posted on 7/29/2005 at 6:38 PM

And ignore the " " tags. Funny that the blog interprets the characters codes for "<" and ">" but not for " ".

Comment 6 by Raymond Camden posted on 7/29/2005 at 6:42 PM

Excellent points Tyson.

Comment 7 by Tony Petruzzi posted on 7/30/2005 at 1:23 AM

Tyson bring up a very important point. Let's not forget that you can also perform Regexp in SQL Server 2000 with this little handy xp:

http://www.codeproject.com/...

And in SQL Server 2005 you will be able to use .Net to do the same:

http://blogs.msdn.com/sqlcl...

Raymond Camden

Ask a Jedi: Can you use string functions along with WDDX and JavaScript?

Support this Content!

Archived Comments

Webmentions