Buat kawan kawan yang tgh rajin buat programming Coldfusion tu...
Habis la kena smackdown!!!
What are some common programming mistakes for a ColdFusion programmer to avoid?
- set <cffile> upload path to a web accessible, CF-enabled directory!!!
- isStruct() before isObject() in a series of <cfif>'s expecting isStruct only catches struct (cfc component returns True from isStruct() as well)
- no HtmlEditFormat() when displaying user-generated content (XSS)
- forgot to add output=false on CFC methods
- not using <cfqueryparam> inside <cfquery>
- not scoping not-so-evident variables like cfquery name or loop index in a method
- use <cfform> when all they need is plain-vanilla HTML <form>
- forgot to UrlEncodedFormat() user-defined URL
- use <cffeed> without sanitizing the content
- trust isDate() too much (any number would return true)
- expect string comparison to be case-sensitive (IS and EQ operators are case-insensitive)
- sending strings "yes" or "no" to SerializeJSON() without appending a whitespace to preserve the string (otherwise SerializeJSON() or DeserializeJSON() will translate them to "true" and "false")
- not putting singletons services in application scope
- blindly create as much CFCs as one wants like one would do in JAVA
- putting complex value/object into a list (can't, list is just a string of comma-seperated values)
- writing functions that takes array as an argument and modify that array expecting that array will be modified (array in CFML is passed by value)
- blindly changes access="remote" on a method and expect it to work (when remote proxy is generally more appropriate)
- use a lot of WriteOutput() in cfscript when CFML is more appropriate
- blindly uses IsDefined() when StructKeyExists() can generally do it more efficiently
- blindly uses Iif() and De() without knowing they're as nasty as Evaluate()
- update some code in onApplicationStart() and not seeing the difference on refresh (restart the app!)
- <cfloop> or '' outside of <cfquery> causing multiple new query connections to be opened. 99% of the time it's better to have multiple statements inside of one cfquery to perform multiple actions, or to UNION data together.
- hardcoding absolute path when ExpandPath() is generally better
- forgot to turn on Unicode support in DSN (Unicode becomes '????')
- not upgrading to the latest JRE and Hotfixes
- misusing Client scope and blow up Windows registry...
- uses depreciated/obsolete functions/features (i.e. flash form aka flex 1.x alpha, cftable, Verity full-text search, etc...)
- passing CFCATCH to a function as argument type Struct (CFCATCH behaves like a Struct, but it is not. Just pass it as type 'Any').
- Not reading CFC Best Practices from ColdBox wiki.
- buying in the mindset of .ASP(X) or .JSP or [insert web technology] are always better.. ;)
- not use PrecisionEvaluate() and getting all sort of floating point rounding error especially when calculating money.
