ColdFusion程序员的常见编程错误,以避免? [英] Common programming mistakes for ColdFusion programmer to avoid?
问题描述
有关常见编程错误...避免的其他问题的精神,ColdFusion程序员可能会遇到哪些常见的编程错误? / p>
-
设定
< cffile>
-
isStruct()
在中的
isObject()
之前的一系列< cfif>
来自isStruct()) -
否
HtmlEditFormat()
) -
忘记在CFC方法上添加output = false
c $ c>< cfqueryparam>里面 < cfquery>
-
-
使用
< cfform>
当所有他们需要的是纯粹的HTML< form>
-
UrlEncodedFormat()
用户定义的URL -
使用
< cffeed& / code>不清理内容
-
信任
isDate()
- $ p期望字符串比较区分大小写(IS和EQ运算符不区分大小写) $ b
-
向
SerializeJSON()
发送字符串yes或no,而不附加空格以保留字符串(否则SerializeJSON()
或DeserializeJSON()
会将它们转换为true和false) $ b $ -
将复杂的值/对象放入列表(不能,列表只是一个逗号分隔的值的字符串)
-
盲目使用
IsDefined()
-
如果 c> code> Iif()和
De()
不知道他们是评价>
-
更新onApplicationStart()中的一些代码,并且看不到刷新时的差异(重新启动应用!)
-
code>< cfloop> 或
< cfquery>
-
在
时,硬编码绝对路径 c $ c> ExpandPath()通常较好 -
忘记在DSN中启用Unicode支持?')
-
未升级到最新的JRE和修补程序
并且炸毁Windows注册表... -
使用折旧/过时的函数/功能(即闪存形式aka flex 1.x alpha,cftable,Verity全文搜索等...)
-
将
CFCATCH
传递给函数作为参数类型Struct
(CFCATCH
的行为类似于Struct
-
未读取来自ColdBox维基的
- 。>
-
不使用<$>
>对方法盲目更改 access =remote
并希望它工作(当远程代理通常更合适时)
> code> PrecisionEvaluate()并获得所有类型的浮点舍入误差
In the spirit of my other questions regarding "common programming mistakes ... to avoid"
What are some common programming mistakes for a ColdFusion programmer to avoid?
set
<cffile>
upload path to a web accessible, CF-enabled directory!!!isStruct()
beforeisObject()
in a series of<cfif>
's expecting isStruct only catches struct (cfc component returns True from isStruct() as well)no
HtmlEditFormat()
when displaying user-generated content (XSS)forgot to add output=false on CFC methods
not using
<cfqueryparam>
inside<cfquery>
not scoping not-so-evident variables like cfquery name or loop index in a method
use
<cfform>
when all they need is plain-vanilla HTML<form>
forgot to
UrlEncodedFormat()
user-defined URLuse
<cffeed>
without sanitizing the contenttrust
isDate()
too much (any number would return true)expect string comparison to be case-sensitive (IS and EQ operators are case-insensitive)
sending strings "yes" or "no" to
SerializeJSON()
without appending a whitespace to preserve the string (otherwiseSerializeJSON()
orDeserializeJSON()
will translate them to "true" and "false")not putting singletons services in application scope
blindly create as much CFCs as one wants like one would do in JAVA
putting complex value/object into a list (can't, list is just a string of comma-seperated values)
writing functions that takes array as an argument and modify that array expecting that array will be modified (array in CFML is passed by value)
blindly changes
access="remote"
on a method and expect it to work (when remote proxy is generally more appropriate)use a lot of WriteOutput() in cfscript when CFML is more appropriate
blindly uses
IsDefined()
whenStructKeyExists()
can generally do it more efficientlyblindly uses
Iif()
andDe()
without knowing they're as nasty as Evaluate()update some code in onApplicationStart() and not seeing the difference on refresh (restart the app!)
<cfloop>
or '' outside of<cfquery>
causing multiple new query connections to be opened. 99% of the time it's better to have multiple statements inside of one cfquery to perform multiple actions, or to UNION data together.hardcoding absolute path when
ExpandPath()
is generally betterforgot to turn on Unicode support in DSN (Unicode becomes '????')
not upgrading to the latest JRE and Hotfixes
misusing Client scope and blow up Windows registry...
uses depreciated/obsolete functions/features (i.e. flash form aka flex 1.x alpha, cftable, Verity full-text search, etc...)
passing
CFCATCH
to a function as argument typeStruct
(CFCATCH
behaves like aStruct
, but it is not. Just pass it as type 'Any
').Not reading CFC Best Practices from ColdBox wiki.
buying in the mindset of .ASP(X) or .JSP or [insert web technology] are always better.. ;)
not use
PrecisionEvaluate()
and getting all sort of floating point rounding error especially when calculating money.
这篇关于ColdFusion程序员的常见编程错误,以避免?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!