ColdFusion's built in server-side form validation often gets a bad rap, but this
past week it really came in handy. For those that don't know, ColdFusion can do
certain types of server-side validation depending on how you name your form
fields. All you need to do to trigger this validation is add a suffix to your
form field name. Here are the available validation options:
- _integer Verifies that the user entered a number.
- _float Verifies that the user entered a number.
- _range Verifies that a numeric value entered is within specified boundaries.
- _date Verifies that the user entered a date; converts to ODBC date format.
- _time Verifies that the user correctly entered a time; converts to ODBC time format.
- _eurodate Verifies that the user entered a date in a standard European date format; converts to ODBC date format.
- _required Verifies that the user entered a value.
One thing to note, if you want to require a field and do some sort of type validation this requires two separate fields. Generally this is done with hidden form fields. So, say you have a field named amount that you want to require and ensure it has a float value. Your form may look something like:
<form action="index.cfm" method="post">
<input type="text" name="amount">
<input type="hidden" name="amount_required">
<input type="hidden" name="amount_float">
So in short, ColdFusion's server-side validation may not be the most robust or secure server-side validation solution, but sometimes it may just be all you need.