Ok, so I know "Validate Your Form Fields" is one of the ten commandments of web development, but even Jedis can screw this up at times. Here is a great, and maybe a bit subtle, example of something I screwed up in BlogCFC.

Over the weekend a slew of error emails came in to our blog at work and then this morning another user reported the same error. The error was:

The SUBSCRIBE argument passed to the addComment function is not of type boolean.

This came from the Add Comment code. When you post a comment to my blogware, there is a subscribe checkbox. The checkbox will pass a true value, and since it is a checkbox, nothing at all will be passed if you leave it be. Therefore this code:

<cfparam name="form.subscribe" default="false">

Will handle setting that state to false. That works fine until some spammer/script kiddie does a form post with subscribe set to a non-boolean value.

I fixed this easily enough (BlogCFC users can download the fix in about 5 minutes) by adding:

<!--- validate boolean ---> <cfif not isBoolean(form.subscribe)> <cfset form.subscribe = false> </cfif> <cfif not isBoolean(form.rememberme)> <cfset form.rememberme = false> </cfif>

Pretty simple mistake on my part. What's interesting/sad is that this is exactly the same type of thing I've had to worry about since I started ColdFusion development 10+ years ago!