I got a call today from a user who was having a weird problem when trying to save data on a form. Upon inspection, it turned out that there were a set of double-quotes in the data.
So why is this a problem? As far as ColdFusion cares, it's not, and the data was actually getting saved to the database correctly. The problem appeared when doing an edit. Everything after the first double-quote was being cutoff.
Upon further inspection of the HTML being generated, it seems that is where the problem came in. ColdFusion was doing it's job by outputting the double-quotes, with no knowledge of where in the page that data is being used. And if you use it in a form, you've got problems because it will appear to the user that the data is not saving.
The solution is to use HTMLEditFormat() when outputting values into form fields. This will cause any HTML special characters to change to their entity notations. So the HTML that is generated will actually look something like this:
1 <input type="text" name="whatever" value="some "quoted" text" />
but it will display on the form as normal double-quotes, and will submit as that too:
This may be common knowledge to many of you, but I'd bet there's a whole bunch of developers who don't even realize this could be an issue. Hopefully this will help prevent some hard-to-track bugs!