My first ColdFusion 9 scoop - disable server side validation

This post is more than 2 years old.

Ok, this isn't a huge deal - it's no ORM or script based CFCs - however, this is something that has bugged me a for a long time and I'm darn happy to see it fixed. As you know, or hopefully know, ColdFusion has long included a simple way to do server side form validation. This was achieved using form fields with certain names. While this feature was.... ok... it wasn't very graceful and no one I knew actually used the feature in production.

However - many people would get tripped up by it. If you accidentally named your form fields wrong, ColdFusion would validate them whether you wanted to or not. You would see a post on CF-Talk about it, folks would mention the feature, the dev would rename his form fields, and life would go on.

Then came Facebook. It's a small social networking site. Maybe you heard of it? One of the ways Facebook's API can integrate with applications is via HTTP POST... and guess what? Facebook uses one of those 'bad' form field names. I mentioned this in my article on Facebook and ColdFusion integration. There is a workaround, but, wouldn't it be nice if you could just turn the darn feature off? Now you can.

Simple add this new setting within your Application.cfc:


And that's it. I recommend this for all ColdFusion 9 sites. Even if you know to avoid the 'special' form field names, a new developer may not, and this simply makes the problem go away.

p.s. You can set it in the cfapplication tag as well, but we've all migrated to Application.cfc, right?

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate for HERE Technologies. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA