Problem: Javascript single quotes from CF variable

On the DFWCFUG list someone asked if anyone had a solution regarding a problem with passing a ColdFusion variable into an agument of a Javascript call when single quotes might exist in the variable, causing the function call to barf.

Someone suggested replacing all single quotes with double quotes.  This however might not be optimal if you are dealing with someone’s name like Conan O”Brian, of if the text was Don”t do this.   I suggested doing the following to avoid this problem.  Assume the following code:

<cfoutput>
onclick=”doIt(‘#ourColdFusionString#’);”
</cfoutput>

If you wanted to make that same function call safe from single quotes, you could do this:

<cfoutput> onclick=”doIt(‘#replace(ourColdFusionString,”‘”,”‘”,”all”)#’);” </cfoutput>

Of course in most cases, it would make more sense to create a user defined function to manage this so you don’t have to continually type the same replace code. Additionally, it would easily allow you to change the rules for what might be safe for your Javascript function.

using INI files for site settings

Just as most of us do, when creating a site in ColdFusion, I tend to put most of my site-wide variables in the application.cfm. Just the typical stuff like:

<cfscript>
// load database variables
request.dsn=”myDsn”;
request.dbUser=”joeSQL”;
request.password=”something”;
// load sitewide settings
request.timeOut=30;
request.siteName=”My Cool Site!!!”;
</cfscript>

Recently though, I have discovered how easy it is to use INI files to manage site settings. My reason for this is three-fold. First, INI files are widely used in a lot of different types of applications. It doesn’t take a programmer to be able to look in an INI file and make changes. It is just a list of names and values. Once I hand my applications off to a client, I would just really rather them keep their hands out of the CFM files for the most part! Secondly, I have been storing this ini file in a place separate and away from my public web root. My logic behind this is that if someone was somehow able to get to your files through FTP they might end up with code, but they wouldn’t end up with some key settings that would allow them access to stuff like your database, your encryption keys, etc. Yes, of course you could do the same thing by just cfincluding CFM file from the application.cfm, but again, I refer to Joe Client being able to change it simply on his own. Oh yeah, and third… because it is kind of cool. :) So for the settings above, let’s see how we would do that with an INI file. Let’s create an INI in your webroot called siteSettings.ini.

[Database]
dsn=myDsn
dbUser=joeSQL
password=something

[SiteSettings]
timeOut=30
siteName=My Cool Site!!!

As you can see, we have broken the INI file up into sections. This is only for readabilty and ease of maintenance of the file. You can have as few (at least 1) or many sections as makes sense for your application. Now, how do I get those values into my application? This is where ColdFusion makes it easy on you. Let’s recreate the request variables that we did in the first section, but this time let’s load them from our INI file. For our purposes, we will assume the INI file exists in the webroot.

(please excuse the word wrap!)

<cfscript>
// load database variables
request.dsn=getProfileString(    expandpath(‘/siteSettings.ini’),’Database’,'dsn’);
request.dbUser=getProfileString(    expandpath(‘/siteSettings.ini’),’Database’,'dbUser’);
request.password=getProfileString(    expandpath(‘/siteSettings.ini’),’Database’,'password’);
// load sitewide settings
request.timeOut=getProfileString(    expandpath(‘/siteSettings.ini’),’SiteSettings’,'timeOut’);
request.siteName=getProfileString(    expandpath(‘/siteSettings.ini’),’SiteSettings’,'dsn’);
</cfscript>

If for you want programmatically update any of these values, the solution is equally simple. All we do is change getProfileString to setProfileString, then add a fourth attribute containing the new value. For example:

<cfscript>
setProfileString(expandpath(
‘/siteSettings.ini’),’Database’,'dsn’,'theNewDsnName’);
</cfscript>

If anyone has any thoughts/corrections/additions regarding this information, I welcome it as always.