The Importance of HTMLEditFormat()

I got a call today from a user who was having a weird problem when trying to save data on a form. Upon inspection, it turned out that there were a set of double-quotes in the data.

So why is this a problem? As far as ColdFusion cares, it's not, and the data was actually getting saved to the database correctly. The problem appeared when doing an edit. Everything after the first double-quote was being cutoff.

Upon further inspection of the HTML being generated, it seems that is where the problem came in. ColdFusion was doing it's job by outputting the double-quotes, with no knowledge of where in the page that data is being used. And if you use it in a form, you've got problems because it will appear to the user that the data is not saving.

The solution is to use HTMLEditFormat() when outputting values into form fields. This will cause any HTML special characters to change to their entity notations. So the HTML that is generated will actually look something like this:

 <input type="text" name="whatever" value="some "quoted" text" />

but it will display on the form as normal double-quotes, and will submit as that too:

This may be common knowledge to many of you, but I'd bet there's a whole bunch of developers who don't even realize this could be an issue. Hopefully this will help prevent some hard-to-track bugs!

Amazon S3 & Smartermail REST Wrappers v1.2

Some more refreshes of these tools. The Amazon S3 package was updated to include the full <cf_hmac> custom tag. The previous zip was incomplete.

The Smartermail update includes 3 new methods for managing domain aliases. Thanks to Igor Ilyinsky for coding the new functionality.

Both CFCs are now at version 1.2. You can view full details on each via the Related Posts links below.

Survey: ColdFusion Behind 5% of AJAX sites

Over the weekend, Ajaxian released the results of their September 2006 web poll which surveyed 865 web users over the course of a week. Here's a look at which server-side languages are driving the AJAX revolution:

Although it didn't make the chart, it should be noted that 2% of those surveyed indicated they use Adobe's Flex Toolkit and another 2% said they use the Flex/Ajax bridge, so Flex is in the picture as well.

As for the most popular AJAX frameworks, Prototype and were far and away the winners being used by 43% and 33% respectively. The next closest was Dojo with 19%.

The raw results of the survey are also available.

SmarterMail REST Wrapper

I recently switched to a web hosting provider after running my own servers for over 10 years. It's been an amazing burden off of my shoulders and has allowed me to focus on what's actually on my sites vs. what is running them.

One of the biggest challenges I faced over the years has been managing an email system that grew to close to 100,000 accounts. With the level of SPAM out there, it has been a real challenge. Now that we moved to a new provider, we no longer have the fine-grained control that we once did, but with the advent of web services it makes much of that irrelevant.

I created this CFC for managing email aliases and users on's email servers, but this should work at any provider where SmarterMail's web services are made available. It has been tested with version 3 Enterprise but will probably work with others too.

The CFC has the following methods:

  • init(ServiceURL, AuthUserName, AuthPassword, DomainName) - initialize CFC (all parameters required). ServiceURL is URL of the REST Web Service (without the '/Services/...')
  • getAliases() - list all aliases.
  • getAlias(AliasName) - get forwarding addresses for a specific alias.
  • addAlias(AliasName, Addresses) - add a new alias with one or more forwarding addresses.
  • updateAlias(AliasName, Addresses) - updates alias with new forwarding addresses.
  • deleteAlias(AliasName) - removes an alias.
  • getUsers() - list all user accounts.
  • addUser(NewUsername, NewPassword, FirstName, LastName, maxMailboxSize, IsDomainAdmin) - add a new user account. maxMailboxSize is optional and defaults to 25 megabytes. IsDomainAdmin is also optional and defaults to false.
  • deleteUser(Username) - deletes a user account.
  • getDomainAliases() - list all domain aliases.
  • addDomainAlias(NewDomain) - adds a domain alias.
  • deleteDomainAlias(Domain) - deletes a domain alias.

Two test scripts are included - one which handles aliases and another user accounts. You must modify the first 3 lines of each with your account information, then just pull them up in a browser.

This is an initial release. There is nothing else planned at this time, so let me know if you need something. This should run fine on ColdFusion 6, 7, or 8, and probably earlier version too as long as you can parse an XML document.

This is released as open-source. The current version is 1.1 and you can visit the project page and download here.

Amazon S3 REST Wrapper

As my first foray into open-source code, I'm releasing a wrapper for interacting with Amazon's Simple Storage Service (S3) via REST. The wrapper is packaged as a CFC and has the following methods:

  • init(accessKeyID, secretAccessKey) - initialize CFC (both parameters required).
  • getBuckets() - List all buckets.
  • putBucket(bucketName) - create a new bucket.
  • getBucket(bucketName, prefix, marker, maxKeys) - get contents of a bucket (prefix is optional and matches on the beginning of a key, marker is optional and results start from there, maxKeys is optional and restricts the number of objects returned).
  • deleteBucket(bucketName) - delete a bucket (bucket must be empty).
  • putObject(bucketName, fileKey, contentType, HTTPtimeout) - puts an object into a bucket (HTTPtimeout is in seconds).
  • getObject(bucketName, fileKey, minutesValid) - get link to an object (minutesValid is optional and defaults to 60).
  • deleteObject(bucketName, fileKey) - delete an object from a bucket.

A simple test script is included which demonstrates the use of the CFC. You must insert your Amazon S3 access keys in the first 2 lines in s3test.cfm, then just pull it up in a browser.

This is an initial release. Future plans include support for Access Control Lists. If you need something else added, let me know.

This script should run on both ColdFusion MX 6 and 7, let me know if you run into any problems.

The current version is 1.1 and you can visit the project page and download here.

Reminiscing Over IDEs of Old

We recently got some new PCs in work and that has forced me to re-examine my entire workflow for doing development.  I thought I'd share some of the findings and pitfalls I've encountered along the way in the interest of helping others get setup efficiently.  The tale begins many years ago...

I can remember the early days of Hotdog Pro, and then falling for Nick Bradbury's editor named Homesite (which was acquired by Allaire way back in 1996).  Homesite was made even better one Allaire integrated things like RDS, allowing us to work easier with files on the server.  But that was always a risky proposition because Internet connections were not too great and if your connection quit while saving the file back to the server, you could end up with lost code and no backup.  Allaire ended up beefing up Homesite and releasing a version as ColdFusion Studio which had integrated debugging and some other CF-specific features.

Fast forward to the Macromedia acuisition and Dreamweaver comes on the scene - taking things up a notch and allowing for better project management.  It is now possible to edit my files locally and have them automatically transfer to the server on save, freeing me from the worry of bad Internet connections.  But still not a perfect world..  Dreamweaver is slow (not to mention expensive).  As a die-hard hand coder, the visual design features of Dreamweaver never really appealed to me, and I ended up with a bulky editor but one that gave me some critical features for working on and managing projects.

As a side note, for those who are wondering what ever happened to CF Studio?  With the release of Dreamweaver MX and the Studio MX suite, Macromedia felt it was confusing to also have a CF Sudio in the product line.  Since CF Studio was really only a souped-up version of Homesite, that name was killed and we were left with Homesite+, and the program was (and is) made available on the Dreamweaver and Studio CDs.  They also felt it unnecessary to continue with both products and froze development of Homesite+, though tag libraries are still made available for newer versions of ColdFusion.

So where do we go from here?  What about source control?  Ahh...  CFEclipse to the rescue...  In an upcoming post, I'll go over my new setup and explain how you can get all of the tools you need for a great development environment - and all at a cost of $0!

Back From The Abyss

Just wanted to take a moment to say hello to everyone again.  Sorry for the lack of updates to this blog - I hope to get much better with that moving forward.  It's been a really hectic couple of months for me but finally getting back on track.  Lots of cool stuff happening in the development world...

If you were at CFUNITED, you may have noticed the guy struggling around on crutches.  That was me recovering from my hockey injury (broken ankle + torn ligaments + surgery = ugh!).  Amazing how everything can change in a matter of seconds.  I'm happy to report that I'm finally walking again and getting back to normal life.  What a real pain in the butt - looking forward to next year when I can actually make it out to some bars for a drink! 

Overall, the conference itself was very enjoyable.  Lots of good learning to be had, plus got a change to catch up with old friends and to meet some new ones.  The CFUNITED Scheduler seemed to go over pretty well - some small hiccups, but overall a very positive reaction.  There seemed to be a big focus this year on frameworks as well as the OO-side of things, but I think that just points to the language reaching a really mature state.  And let's not forget Ben's amazing Flex demo where he generated an entire app with a few points and clicks!  And after seeing the enthusiasm from the Adobe crew, I think it's safe to say that ColdFusion will be around for a long time to come!

Central Jersey CFUG - Tomorrow 2/22

For those in the New Jersey area, I'll be giving a preso to the Central Jersey ColdFusion User Group tomorrow at 1:30pm.  You need to be registered in advance at as the talk will be hosted at AT&T in Piscataway, NJ.

I'll be doing an overall review of AJAX and then we'll deconstruct some real applications to see what's going on behind the scenes.  I'll get the presentation and some more samples posted here afterwards.

Easy Ajax : Part 1

In this series of posts, I'm going to demonstrate how to get some basic AJAX going using Prototype along with ColdFusion - it's easier than you think.  Prototype is all you need to get some serious AJAX going. You can do it yourself and interact with the XmlHttpRequest object directly if you'd like, but Prototype abstracts all the hard stuff - like worrying about how each specific browser gets its AJAX magic going.

For this first example, we're going to keep it simple.  We'll just output the current time and date.  So here's what you need to do...

First, include the following snippet in the <head> section of your page to include the Prototype library:

<script type="text/javascript" src="prototype.js"></script>

[*** More ***]

Drag-and-Drop/AJAX Article In CFDJ

I've got an article in this month's ColdFusion Developer Journal entitled: 

Building a Drag-and-Drop Shopping Cart with AJAX - Creating an interactive shopping experience

In the article, I explain how to use the and <CF_SRS> libraries combined with Amazon Web Services to create a interactive shopping experience within the web browser in a way that was once only possible with Flash.

You can view the article here.

*** More Entries ***