ColdFusion lets you specify form field validation on the server by using hidden form fields whose names consist of the name of the field to validate and the validation type. Hidden field validation uses the same underlying techniques and algorithms as onServer validation of ColdFusion form fields.
Hidden field validation has the following features:
To specify hidden field validation, you do the following:
The following example uses hidden fields to require data in a date field and ensure that the field contains a date. It consists only of HTML tags.
<input type="text" name="StartDate" size="16" maxlength="16"><br> <input type="hidden" name="StartDate_required" value="You must enter a start date."> <input type="hidden" name="StartDate_date" value="Please enter a valid date as the start date.">
Use the following suffixes at the end of hidden form field names to specify the validation type. The type identifier always starts with an underscore. Several validation rules have two names you can use. The names that do not start with "_cf" were used in earlier releases and are retained for backward compatibility. For consistency and clarity, Adobe recommends using the names that start with "_cf" in new forms.
Field name suffix |
Verifies |
---|---|
_integer, _cfforminteger |
An integer of the range -2,147,483,648 -- 2,147,483,647. Treats the initial characters "$ ¤ ¥ £ +" as valid input, but removes them from the number. |
_cfformnumeric |
Any numeric value. Treats the initial characters "$ ¤ ¥ £ +"as valid input, but does NOT remove them from the number. |
_float, _cfformfloat |
Any value (including an integer) that can be represented as a floating point number with up to 12 significant digits. Treats the initial characters "$ ¤ ¥ £ +" as valid input, but removes them from the number. Converts input data to a real number; for example a dump of an integer value on the action page includes a decimal point followed by a 0. |
_range, _cfformrange |
A numeric value within boundaries specified by the value attribute. Specify the range in the value attribute using the format "min=minvalue max=maxvalue." You cannot specify a custom error message for this validation. |
_date, _cfformdate |
A date in any format that ColdFusion can understand; converts the input to ODBC date format. Allows entry of a time part, but removes it from the ODBC value. |
_cfformusdate |
A date in the form m/d/y, m-d-y , or m.d.y, The m and d format can be 1 or 2 digits; y can be 2 or 4 digits. Does not convert the string to an ODBC value and does not allow a time part. |
_eurodate, _cfformeurodate |
A date in the form d/m/y, d-m-y, or d.m.y. The m and d format can be 1 or 2 digits; y can be 2 or 4 digits. Converts the input to ODBC date format. Allows entry of a time part, but removes it from the ODBC value. |
_time, _cfformtime |
A time. Can be in 12-hour or 24-hour clock format, and can include seconds in the form hh:mm:ss or a case-independent am or pm indicator. Converts the input to ODBC time format. Allows entry of a date part, but removes it from the ODBC value. |
_cfformcreditcard |
After stripping blanks and dashes, a number that conforms to the mod10 algorithm. Number must have 13-16 digits. |
_cfformSSN, _cfformsocial_security_number |
A nine-digit Social Security number. Can be of the form xxx-xx-xxxx or xxx xx xxxx. |
_cfformtelephone |
Standard U.S. telephone formats. Does not support international telephone numbers. Allows area codes with or without parentheses, and hyphens (-), spaces, periods, or no separators between standard number groups. Can be preceded by a 1 long-distance designator, and can end with an up-to-5 digit extension, optionally starting with x. The area code and exchange must begin with a digit in the range 1 - 9. |
_cfformzipcode |
A 5-digit or 9-digit U.S. ZIP code. In 9-digit codes, the final four digits must be preceded by a hyphen (-) or space. |
_cfformemail |
A valid e-mail address. Valid address characters are a-zA-Z0-9_- and the period and separator. There must be a single at sign (@) and the text after the @ character must include a period, as in my_address@MyCo.com or b-b.jones27@hisco.co.uk. |
_cfformURL |
A valid URL. Must start with http:\\, https:\\, ftp:\\, file:\\, mailto:, or news:. Can include, as appropriate, user name and password designators and query strings. The main part of the address can only have the characters A-Za-z0-9 and -. |
_cfformboolean |
A value that can be treated as a Boolean: Yes, No, True, False, 0, 1. |
_cfformUUID |
A universally unique identifier (UUID) that follows the ColdFusion format, xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx, where x is a hexadecimal number. |
_cfformGUID |
A unique identifier that follows the Microsoft/DCE format, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, where x is a hexadecimal number. |
_cfformnoblanks |
The field must not include blanks. ColdFusion uses this validation only if you also specify a _required hidden field. |
_cfformmaxlength |
The number of characters must not exceed the number specified by the tag value attribute. |
_cfformregex, _cfformregular_expression |
The data must match a JavaScript regular expression specified by the tag value attribute. |
_required, _cfformrequired |
Data must be entered or selected in the form field. |
Consider the following rules and recommendations when determining whether and how to use hidden form field validation:
The following procedure creates a simple form for entering a start date and a salary. It uses hidden fields to ensure that you enter data and that the data is in the right format.
This example uses a self-submitting form; the same ColdFusion page is both the form page and its action page. The page uses an IsDefined function to check that form data has been submitted. This way, the pages does not show any results until you submit the input. The form uses HTML tags only; you can substitute these tags with the CFML equivalents.
<html> <head> <title>Simple Data Form</title> </head> <body> <h2>Simple Data Form</h2> <!--- Form part. ---> <form action="datatest.cfm" method="Post"> <input type="hidden" name="StartDate_cfformrequired" value="You must enter a start date."> <input type="hidden" name="StartDate_cfformdate" value="Enter a valid date as the start date."> <input type="hidden" name="Salary_cfformrequired" value="You must enter a salary."> <input type="hidden" name="Salary_cfformfloat" value="The salary must be a number."> Start Date: <input type="text" name="StartDate" size="16" maxlength="16"><br> Salary: <input type="text" name="Salary" size="10" maxlength="10"><br> <input type="reset" name="ResetForm" value="Clear Form"> <input type="submit" name="SubmitForm" value="Insert Data"> </form> <br> <!--- Action part. ---> <cfif isdefined("Form.StartDate")> <cfoutput> Start Date is: #DateFormat(Form.StartDate)#<br> Salary is: #DollarFormat(Form.Salary)# </cfoutput> </cfif> </html>
When the user submits this form, ColdFusion scans the form fields to find any validation rules. It then uses the rules to analyze the user's input. If any of the input rules are violated, ColdFusion displays an error page with the error message that you specified in the hidden field's value attribute. The user must go back to the form, correct the problem, and resubmit the form. ColdFusion does not accept form submission until the user enters the entire form correctly.
Because numeric values often contain commas and currency symbols, ColdFusion automatically deletes these characters from fields with _cfforminteger and _cfformfloat rules before it validates the form field and passes the data to the form's action page. ColdFusion does not delete these characters from fields with _cfformnumeric rules.
The following table describes the code and its function:
Code |
Description |
---|---|
<form action="datatest.cfm" method="post"> |
Gathers the information from this form sends it to the dataform.cfm page (this page) using the Post method. |
<input type="hidden" name="StartDate_cfformrequired" value="You must enter a start date."> <input type="hidden" name="StartDate_cfformdate" value="Enter a valid date as the start date."> |
Requires input into the StartDate input field. If there is no input, displays the error information "You must enter a start date." Requires the input to be in a valid date format. If the input is not valid, displays the error information "Enter a valid date as the start date." |
<input type="hidden" name="Salary_required" value="You must enter a salary."> <input type="cfformhidden" name="Salary_cfformfloat" value="The salary must be a number."> |
Requires input into the Salary input field. If there is no input, displays the error information "You must enter a salary." Requires the input to be in a valid number. If it is not valid, displays the error information "The salary must be a number." |
Start Date: <input type="text" name="StartDate" size="16" maxlength="16"><br> |
Creates a text box called StartDate in which users can enter their starting date. Makes it 16-characters wide. |
Salary: <input type="text" name="Salary" size="10" maxlength="10"><br> |
Creates a text box called Salary in which users can enter their salary. Makes it ten-characters wide. |
<cfif isdefined("Form.StartDate")> <cfoutput> Start Date is: #DateFormat(Form.StartDate)#<br> Salary is: #DollarFormat(Form.Salary)# </cfoutput> </cfif> |
Displays the values of the StartDate and Salary form fields only if they are defined. They are not defined until you submit the form, so they do not appear on the initial form. Uses the DateFormat function to display the start date in the default date format. Uses the DollarFormat function to display the salary with a dollar sign and commas. |