ColdFusion程序员要避免的常见编程错误? [英] Common programming mistakes for ColdFusion programmer to avoid?

问题描述

本着我关于常见的编程错误......要避免"的其他问题的精神

In the spirit of my other questions regarding "common programming mistakes ... to avoid"

ColdFusion 程序员应该避免哪些常见的编程错误?

What are some common programming mistakes for a ColdFusion programmer to avoid?

推荐答案

• 设置 <cffile> 将路径上传到 Web 可访问、启用 CF 的目录！！！

  • set <cffile> upload path to a web accessible, CF-enabled directory!!!

    isStruct() 在 isObject() 之前的一系列 <cfif> 的期望 isStruct 只捕获 struct (cfc 组件也从 isStruct() 返回 True)

    isStruct() before isObject() in a series of <cfif>'s expecting isStruct only catches struct (cfc component returns True from isStruct() as well)

    显示用户生成的内容 (XSS) 时没有 HtmlEditFormat()

    no HtmlEditFormat() when displaying user-generated content (XSS)

    忘记在 CFC 方法上添加 output=false

    forgot to add output=false on CFC methods

    不使用 <cfqueryparam> 在 <cfquery>

    不在方法中限定不那么明显的变量，例如 cfquery 名称或循环索引

    not scoping not-so-evident variables like cfquery name or loop index in a method

    当他们只需要普通的 HTML <form>

    use <cfform> when all they need is plain-vanilla HTML <form>

    忘记了UrlEncodedFormat()用户定义的URL

    forgot to UrlEncodedFormat() user-defined URL

    使用 <cffeed> 而不净化内容

    信任 isDate() 太多(任何数字都会返回 true)

    trust isDate() too much (any number would return true)

    要求字符串比较区分大小写(IS 和 EQ 运算符不区分大小写)

    expect string comparison to be case-sensitive (IS and EQ operators are case-insensitive)

    向 SerializeJSON() 发送字符串yes"或no"而不附加空格来保留字符串(否则 SerializeJSON() 或 DeserializeJSON() 会将它们转换为true"和false")

    sending strings "yes" or "no" to SerializeJSON() without appending a whitespace to preserve the string (otherwise SerializeJSON() or DeserializeJSON() will translate them to "true" and "false")

    不将单例服务置于应用程序范围内

    not putting singletons services in application scope

    像在 JAVA 中那样盲目地创建尽可能多的 CFC

    blindly create as much CFCs as one wants like one would do in JAVA

    将复杂的值/对象放入列表中(不能，列表只是逗号分隔的字符串)

    putting complex value/object into a list (can't, list is just a string of comma-seperated values)

    编写以数组为参数并修改该数组的函数，期望该数组将被修改(CFML 中的数组按值传递)

    writing functions that takes array as an argument and modify that array expecting that array will be modified (array in CFML is passed by value)

    盲目地更改方法上的 access="remote" 并期望它能够工作(当远程代理通常更合适时)

    blindly changes access="remote" on a method and expect it to work (when remote proxy is generally more appropriate)

    当CFML更合适时，在cfscript中使用大量的WriteOutput()

    use a lot of WriteOutput() in cfscript when CFML is more appropriate

    当StructKeyExists()一般可以更高效的时候，盲目的使用IsDefined()

    blindly uses IsDefined() when StructKeyExists() can generally do it more efficiently

    盲目地使用 Iif() 和 De() 却不知道它们和 Evaluate() 一样讨厌

    blindly uses Iif() and De() without knowing they're as nasty as Evaluate()

    更新 onApplicationStart() 中的一些代码，但在刷新时看不到差异(重启应用！)

    update some code in onApplicationStart() and not seeing the difference on refresh (restart the app!)

    <cfloop> 或 <cfquery> 之外的 '' 导致打开多个新查询连接.99% 的情况下，最好在一个 cfquery 中包含多个语句以执行多个操作，或者将数据合并在一起.

    <cfloop> or '' outside of <cfquery> causing multiple new query connections to be opened. 99% of the time it's better to have multiple statements inside of one cfquery to perform multiple actions, or to UNION data together.

    ExpandPath() 时硬编码绝对路径通常更好

    hardcoding absolute path when ExpandPath() is generally better

    忘记在 DSN 中开启 Unicode 支持(Unicode 变成 '????')

    forgot to turn on Unicode support in DSN (Unicode becomes '????')

    未升级到最新的 JRE 和修补程序

    not upgrading to the latest JRE and Hotfixes

    滥用客户端范围并炸毁 Windows 注册表...

    misusing Client scope and blow up Windows registry...

    使用过时/过时的功能/特性(即 flash form aka flex 1.x alpha、cftable、Verity 全文搜索等...)

    uses depreciated/obsolete functions/features (i.e. flash form aka flex 1.x alpha, cftable, Verity full-text search, etc...)

    将 CFCATCH 作为参数类型 Struct 传递给函数(CFCATCH 的行为类似于 Struct，但事实并非如此.只需将其作为类型 'Any' 传递即可.

    passing CFCATCH to a function as argument type Struct (CFCATCH behaves like a Struct, but it is not. Just pass it as type 'Any').

    未阅读 ColdBox wiki 中的 CFC 最佳实践.

    Not reading CFC Best Practices from ColdBox wiki.

    以 .ASP(X) 或 .JSP 或 [插入网络技术] 的心态购买总是更好.. ;)

    buying in the mindset of .ASP(X) or .JSP or [insert web technology] are always better.. ;)

    不使用 PrecisionEvaluate() 并得到各种浮点舍入错误，尤其是在计算金钱时.

    not use PrecisionEvaluate() and getting all sort of floating point rounding error especially when calculating money.

    这篇关于ColdFusion程序员要避免的常见编程错误?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！