Data Input Validation  
 
 

When you use forms to capture input data from users for a database query, you often want to validate the user's input before sending the query to the database. This is especially true when you create front ends for SQL statements that require a specific data type, for example SQL statements containing date or numeric comparisons. Validation ensures correct processing by the data source.

You can enable client-side validation of user input by coding the ONVALIDATE attribute to invoke JavaScript functions for form and input objects.

Server-side validation can be specified for a number of common form data types. You can apply validation rules to any form submittal sent to the ColdFusion application server. You can also create custom error messages to display for failed validations. ColdFusion offers several different types of data input validation.

Data Input Validation Types
Validation Type
Description
Client-side
In a CFFORM, you can specify a JavaScript function in the ONVALIDATE attribute of tags like CFINPUT, CFGRID, CFSLIDER, CFTEXTINPUT, and CFTREE to perform input validation.
Server-side
In a CFFORM, you can enable validation in tags that support input validation (like CFINPUT and CFTEXTINPUT) using the VALIDATE attribute.
You can also use hidden fields in HTML forms to require user entries and to validate several common data types.

 
 
  Required form fields  
 
 

One of the weaknesses of HTML forms is the inability to define input fields as required. Because this is a particularly important requirement for database applications, ColdFusion provides a server-side mechanism for requiring users to enter data in fields.

To define an input field as required, use a hidden field that has a NAME attribute composed of the field name and the suffix "_required." For example, to require that the user enter a value in the FirstName field, use the syntax:

<INPUT TYPE="hidden" NAME="FirstName_required">

If the user leaves the FirstName field empty, ColdFusion rejects the form submittal and returns a message informing the user that the field is required. You can customize the contents of this error message using the VALUE attribute of the hidden field. For example, if you want the error message to read "You must enter your first name," use the syntax:

<INPUT TYPE="hidden" 
    NAME="FirstName_required"
    VALUE="You must enter your first name.">
 
 
  Hidden form fields  
 
 

Another weakness of HTML forms is that you cannot validate data input by users. ColdFusion enables you to do several types of data validation by adding hidden fields to forms. The hidden field suffixes you can use to do validation are as follows:

Form Field Validation Using Hidden Fields 
Field Suffix
Value Attribute
Description
_integer Custom error message
Verifies that the user enters a number. If the user enters a floating point value, it is rounded to an integer.
_float Custom error message
Verifies that the user enters a number. Does not do any rounding of floating point values.
_range MIN=MinValue
MAX=MaxValue
Verifies that the numeric value entered is within the specified boundaries. You can specify one or both of the boundaries separated by a space.
_date Custom error message
Verifies that a date has been entered and converts the date into the proper ODBC date format. Will accept most common date forms, for example, 9/1/98; Sept. 9, 1998).
_time Custom error message
Verifies that a time has been correctly entered and converts the time to the proper ODBC time format.
_eurodate Custom error message
Verifies that a date has been entered in a standard European date format and converts into the proper ODBC date format.

 
 
  Examples: Hidden fields  
 

The following examples illustrate the use of hidden fields to validate data. In this example (a hotel reservation form), the FORM being validated contains the fields "Rooms," "Guests," and "ArrivalDate." To ensure that the Rooms field contains an integer, that the Guests field is from 1 to 12, and that the ArrivalDate is a valid date, add the following hidden fields to the form:

<INPUT TYPE="hidden"
    NAME="Rooms_integer"
    VALUE="You must enter a number for the Rooms field.">

<INPUT TYPE="hidden"
    NAME="Guests_range"
    VALUE="MIN=1 MAX=12">
<INPUT TYPE="hidden"
    NAME="ArrivalDate_date"
    VALUE="This is not a valid arrival date.">

The VALUE attribute is optional. A default message displays if no value is supplied.

When the form is submitted, ColdFusion scans the form fields to find any validation rules you specified. The rules are then used to analyze the user's input. If any of the input rules are violated, ColdFusion sends an error message to the user that explains the problem. The user then must go back to the previous screen, correct the problem and resubmit the form. ColdFusion will not accept the submittal until the entire form is entered correctly.

 
 
  Automatic validation of numeric and date fields  
 
 

If you use CFINSERT or CFUPDATE and you specified columns in your database that are numeric, date, or time, then form fields inserting data into these fields are automatically validated. You can use the hidden field validation functions for these fields to display a custom error message.

 
 
  Additional notes on validation  
 
 
  • Adding a validation rule to a field does not make it a required field. You need to add a separate _required hidden field if you want to ensure user entry.
  • Because numeric values often contain commas and dollar signs, these characters are automatically stripped out of fields with _integer, _float, or _range rules before they are validated and saved to the database.


 
 
BackUp LevelNext
 
 

allaire     AllaireDoc@allaire.com
    Copyright © 1999, Allaire Corporation. All rights reserved.