Don't forget to validate those checkboxes/radio buttons/multi selects/etc

This post is more than 2 years old.

Ok, so I know "Validate Your Form Fields" is one of the ten commandments of web development, but even Jedis can screw this up at times. Here is a great, and maybe a bit subtle, example of something I screwed up in BlogCFC.

Over the weekend a slew of error emails came in to our blog at work and then this morning another user reported the same error. The error was:

The SUBSCRIBE argument passed to the addComment function is not of type boolean.

This came from the Add Comment code. When you post a comment to my blogware, there is a subscribe checkbox. The checkbox will pass a true value, and since it is a checkbox, nothing at all will be passed if you leave it be. Therefore this code:

<cfparam name="form.subscribe" default="false">

Will handle setting that state to false. That works fine until some spammer/script kiddie does a form post with subscribe set to a non-boolean value.

I fixed this easily enough (BlogCFC users can download the fix in about 5 minutes) by adding:

<!--- validate boolean ---> <cfif not isBoolean(form.subscribe)> <cfset form.subscribe = false> </cfif> <cfif not isBoolean(form.rememberme)> <cfset form.rememberme = false> </cfif>

Pretty simple mistake on my part. What's interesting/sad is that this is exactly the same type of thing I've had to worry about since I started ColdFusion development 10+ years ago!

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate for HERE Technologies. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA