Reputation: 1257
Submitting a form in ColdFusion that has special characters
I have a form that contains textboxes and textareas with user entered data. I am using a simple ColdFusion actionpage with a cfquery tag to submit the data to my database.
<cfquery name="add_ticket" datasource="#datasource#">
INSERT INTO service_ticket(end_user, customer_id, ticket_id, company_name, service_description, service_date, status, customer_signature, technician_signature, materials, ticket_type, equipment, discount, percent_discount, material_subtotal, material_tax, material_shipping, material_total, billable_service_total, tax_rate, grand_total, equipment_id, equipment_name)
VALUES("", '#get_customer.customer_id#', "#ticketnum#", "#url.customer_name#", "#url.description# - #get_equipment.equipment_name#", #CreateODBCDateTime(Now())#, "In-progress", "0", "0", "0", "#url.TT#", "0", '0.00', '0', '0.00', '6.625', '0.00', '0.00', '0.00', '#subscriber.tax_rate#', '0.00', "#get_equipment.id#", "#get_equipment.equipment_name#")
</cfquery>
I sporadically run into errors submitting this query because the values for certain columns contain special characters.
For instance, the value for company_name might be: Smith & Johnson, LLC.
The ColdFusion code breaks once it hits the ampersand. I've tried enclosing the value in single quotes and double quotes as well as
<cfqueryparam value="#url.company_name#" cfsqltype="cf_sql_longvarchar" />
but nothing seems to help.
Is there a better way to handle this situation?
I'm currently running a Lucee server.
Upvotes: 1
Views: 218
Answers (2)
Reputation: 1228
After reading your comment I now understand what the issue is. The solution to your problem is to use the ColdFusion function encodeForURL() when calling your action page using javascript.
Change your code from
window.open(href='actionpages/add_ticket_maintenance.cfm?TT=commercial&equipment_id=#id#&customer_name=#customer_name#&description=Equipment Maintenance&end_user=Scheduled maintenance', "_self");
to
window.open(href='actionpages/add_ticket_maintenance.cfm?TT=commercial&equipment_id=#id#&customer_name=#encodeForURL(customer_name)#&description=Equipment Maintenance&end_user=Scheduled maintenance', "_self");
Upvotes: 2
Reputation: 20804
You have options.
You can change your form to something like this:
<form action = actionpages/add_ticket_maintenance.cfm
target = "_blank"
method = "post">
This will submit the form to a separate window or tab. On your action page you will have to use the form scope instead of the url scope.
Or, you can encode your url variables with the EncodeForUrl function. Your choice.
Upvotes: 2
Related Questions
- Special characters are displaying in hexdecimal
- replacing the special character which is showing as encoded
- Coldfusion/Lucee Encoding Issue When Using EncodeForHTML
- ColdFusion 2016 converts special characters?
- UTF-8 Dingbats In ColdFusion
- Convert Special Characters to HTML - ColdFusion
- ColdFusion character encoding issue
- Escaping characters with ajax and ColdFusion
- ColdFusion: How can I write '<' or '>' to a CF file?
- Prevent Coldfusion from encoding html