Monday, January 31, 2011

What are some common programming mistakes for a ColdFusion programmer to avoid?

Buat kawan kawan yang tgh rajin buat programming Coldfusion tu...
Habis la kena smackdown!!!

What are some common programming mistakes for a ColdFusion programmer to avoid?
  • set <cffile> upload path to a web accessible, CF-enabled directory!!!
  • isStruct() before isObject() in a series of <cfif>'s expecting isStruct only catches struct (cfc component returns True from isStruct() as well)
  • no HtmlEditFormat() when displaying user-generated content (XSS)
  • forgot to add output=false on CFC methods
  • not using <cfqueryparam> inside <cfquery>
  • not scoping not-so-evident variables like cfquery name or loop index in a method
  • use <cfform> when all they need is plain-vanilla HTML <form>
  • forgot to UrlEncodedFormat() user-defined URL
  • use <cffeed> without sanitizing the content
  • trust isDate() too much (any number would return true)
  • expect string comparison to be case-sensitive (IS and EQ operators are case-insensitive)
  • sending strings "yes" or "no" to SerializeJSON() without appending a whitespace to preserve the string (otherwise SerializeJSON() or DeserializeJSON() will translate them to "true" and "false")
  • not putting singletons services in application scope
  • blindly create as much CFCs as one wants like one would do in JAVA
  • putting complex value/object into a list (can't, list is just a string of comma-seperated values)
  • writing functions that takes array as an argument and modify that array expecting that array will be modified (array in CFML is passed by value)
  • blindly changes access="remote" on a method and expect it to work (when remote proxy is generally more appropriate)
  • use a lot of WriteOutput() in cfscript when CFML is more appropriate
  • blindly uses IsDefined() when StructKeyExists() can generally do it more efficiently
  • blindly uses Iif() and De() without knowing they're as nasty as Evaluate()
  • update some code in onApplicationStart() and not seeing the difference on refresh (restart the app!)
  • <cfloop> or '' outside of <cfquery> causing multiple new query connections to be opened. 99% of the time it's better to have multiple statements inside of one cfquery to perform multiple actions, or to UNION data together.
  • hardcoding absolute path when ExpandPath() is generally better
  • forgot to turn on Unicode support in DSN (Unicode becomes '????')
  • not upgrading to the latest JRE and Hotfixes
  • misusing Client scope and blow up Windows registry...
  • uses depreciated/obsolete functions/features (i.e. flash form aka flex 1.x alpha, cftable, Verity full-text search, etc...)
  • passing CFCATCH to a function as argument type Struct (CFCATCH behaves like a Struct, but it is not. Just pass it as type 'Any').
  • Not reading CFC Best Practices from ColdBox wiki.
  • buying in the mindset of .ASP(X) or .JSP or [insert web technology] are always better.. ;)
  • not use PrecisionEvaluate() and getting all sort of floating point rounding error especially when calculating money.

0 comments:

Post a Comment

Say whut you want, but be responsible on whut you said...