Guys, How i can turn off the displaying of error in Coldfusion. The version im using is 5. Is there any settings like in php.ini display error=off. second, is there also a function like MD5 for coldfusion so i can MD5 password. Third, seems cf 5 is easy to SQL inject, is there a way of function like mysql_escape_string in cf Thanks, Mike
You should trap your errors with <cftry> and <cfcatch> Just put nothing in the <cfcatch and you will be fine. Why would you want to not display anything though? You should at least let the user know some sort of error occured. To prevent sql injection, ALWAYS use cfqueryparam in your queries. ex: WHERE id = <cfqueryparam cfsqltype="cf_sql_integer" value="#ID#" > Code (markup):
I think what you might be looking for is this: <cfsetting showDebugOutput = "no" > You might also want to consider making use of the onError cffunction in application.cfc.
Hi, Many thanks for your help, by the way, does <cfqueryparam cfsqltype="numeric" value="URL.id" > is same with <cfparam name="URL.id" default="0" type="numeric"> Second, i added a error handler setup on Application.cfm i.e. <cferror type="REQUEST" template="error.cfm" mailto="myemail@test.com"> is this fine ? Thanks, Mike
Hi, Many thanks for the help. Yes i used something like what you mention. I have a <cferror type="REQUEST" template="error.cfm" mailto="myemail@test.com"> in my Application.cfm Thanks, Mike
guys, By the way for the md5. This is what i did, since i cant find an MD5 for cfm, i just use Hash() so if in case an sql injection occurs and tries to display the password. What do you think about that ? Thanks, Mike