CODEWITHSUNDEEP
formscoldfusioncfmllucee
Eric B
Eric B

Reputation: 29

CFML registration form troubles -- correct use of encodeForHTMLAttribute?

Lucee 5.2

MS SQL Server 2014

Hi, friends,

I need some help with a CFML task -- this is a conference registration form for a client.

In the code below, am I using encodeForHTMLAttribute correctly? I have been doing some research on encodeForHTMLAttribute -- for example, https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-e-g/encodeforhtmlattribute.html -- but I am not sure a) if I am using it correctly, or b) if I even need to use it at all.

Does the CFML below look reasonable? Thank you as always for your help.

Eric

<!--- begin CFOUTPUT for user input fields --->
<cfoutput>
<li>
<label for="Title"><h3>Title (Ms., Mr., Dr. etc.):</h3></label>
<input type="text" name="Title" placeholder="Title" value="#encodeForHTMLAttribute(Trim(Left(form.Title,255)))#" maxlength="255" tabindex="1" size="70" autofocus="true" />
</li>

<li>
<label for="x_first_name"><h3>First Name:</h3></label>
<input type="text" name="x_first_name" placeholder="First Name" value="#encodeForHTMLAttribute(Trim(Left(form.x_first_name,255)))#" maxlength="255" tabindex="2" size="70" required="yes" />
        <span class="form_hint">Enter First Name</span>
</li>

<li>
<label for="MiddleInitial"><h3>Middle Initial:</h3></label>
<input type="text" name="MiddleInitial" placeholder="MI" value="#encodeForHTMLAttribute(Trim(Left(form.MiddleInitial,255)))#" maxlength="5" tabindex="3" size="1" />
</li>

<li>
<label for="x_last_name"><h3>Last Name:</h3></label>
<input type="text" name="x_last_name" placeholder="Last Name" value="#encodeForHTMLAttribute(Trim(Left(form.x_last_name,255)))#" maxlength="255" tabindex="4" size="70" required="yes" />
        <span class="form_hint">Enter Last Name</span> 
</li>

<li>
  <label for="Credentials"><h3>Credentials:</h3></label>
<input type="text" name="Credentials" placeholder="Credentials (e.g. RN, MSN, PhD, MD)" value="#encodeForHTMLAttribute(Trim(Left(form.Credentials,255)))#" maxlength="255" tabindex="5" size="70" required="yes" />
     <span class="form_hint">Credentials (e.g. RN, MSN, PhD, MD)</span> 
</li>

<li>
<label for="x_company"><h3>Current Position and Organization:</h3></label>
<input type="text" name="x_company" placeholder="Current Position and Organization" value="#encodeForHTMLAttribute(Trim(Left(form.x_company,255)))#" maxlength="255" tabindex="6" size="70" required="yes" />
        <span class="form_hint">Enter Current Position and Organization</span>               
</li>

<li>
<label for="x_address"><h3>Address:</h3></label>
<input type="text" name="x_address" placeholder="Please enter your address" value="#encodeForHTMLAttribute(Trim(Left(form.x_address,255)))#" maxlength="255" tabindex="7" size="70" required="yes" />
        <span class="form_hint">Please enter your mailing address</span> 
</li>

<li>
<label for="x_city"><h3>City:</h3></label>
<input type="text" name="x_city" placeholder="Please enter your city" value="#encodeForHTMLAttribute(Trim(Left(form.x_city,255)))#" maxlength="255" tabindex="8" size="70" required="yes" />
        <span class="form_hint">Please enter your city</span> 
</li>

<li>
  <label for="x_state"><h3>State or Province:</h3></label>
<input type="text" name="x_state" placeholder="Please enter your State or Province" value="#encodeForHTMLAttribute(Trim(Left(form.x_state,255)))#" maxlength="255" tabindex="9" size="70" required="yes" />
        <span class="form_hint">Please enter your State or Province</span>             
</li>                     


<li>
<label for="x_zip"><h3>ZIP or Postal Code:</h3></label>
<input type="text" name="x_zip" placeholder="Please enter your ZIP or Postal Code" value="#encodeForHTMLAttribute(Trim(Left(form.x_zip,25)))#" maxlength="255" tabindex="10" size="70" required="yes" />
        <span class="form_hint">Please enter your ZIP or Postal Code</span>               
</li> 

           <li>
<label for="x_country"><h3>Country:</h3></label>
<input type="text" name="x_country" placeholder="Please enter your country" value="#encodeForHTMLAttribute(Trim(Left(form.x_country,255)))#" maxlength="255" tabindex="11" size="70" required="yes" />
        <span class="form_hint">Please enter your country</span>                
</li>  

           <li>
<label for="TelephoneWork"><h3>Work Telephone:</h3></label>
<input type="text" name="TelephoneWork" placeholder="Please enter your work telephone number" value="#encodeForHTMLAttribute(Trim(Left(form.TelephoneWork,25)))#" maxlength="25" tabindex="13" size="70" />
        <span class="form_hint">Please enter your work telephone number.</span> 
</li>     

<li>
<label for="x_email"><h3>email address:</h3></label>
<input type="text" name="x_email" placeholder="Important: Please enter your valid email address." value="#encodeForHTMLAttribute(Trim(Left(form.x_email,128)))#" maxlength="128" tabindex="16" size="70" required="yes" />
        <span class="form_hint">Enter Email Address</span> 
</li>

<li>
<label for="SpecialRequirements"><h3>Special Requirements -- dietary, mobility, etc.:</h3></label>

<input type="text" name="SpecialRequirements" placeholder="Important: Please enter special requirements, if any." value="#encodeForHTMLAttribute(Trim(Left(form.SpecialRequirements,255)))#" 
maxlength="255" tabindex="18" size="70" />

</li>
</cfoutput><!--- /CFOUTPUT for user input fields --->

Upvotes: 2

Views: 147

Answers (2)

Dan Bracuk
Dan Bracuk

Reputation: 20804

Your first question is, In the code below, am I using encodeForHTMLAttribute correctly?. The answer is no, in that you are using it in the wrong place.

The encodeForHTMLAttribute function changes certain characters to their html equivalent. For example, a less than symbol, <, becomes &lt;. If you were outputting this in a display tag of a web page, such as paragraph or table detail, you would see <. However, in an input tag, you would see &lt; Is that what you want your users to see?

Your next question is, Does the CFML below look reasonable?. The syntax is fine but the fact that it contains an html for being prepopulated from a form post strikes me as odd. Are you making your users post the same information twice?

Upvotes: 0

James A Mohler
James A Mohler

Reputation: 11120

Question 1

When setting attributes such a value in form fields use.

encodeForHTMLAttribute()

Question 2

Money fields for USD should be 

type="number" step="0.01"

Other currencies have different grandularity

Question 3

You would have to add code that describes your response page. There is not enough info to determine the problem.

Upvotes: 5

Related Questions