In addition to the general coding guidelines above, keep the following suggestions in mind when coding your ColdFusion application pages:
When naming ColdFusion variables and form fields, note these guidelines:
For example, UserName_1, UserName2, and User_Name are valid, but 1stUser,
WhatAName!, and User-Name are not.
Note | If the text in form fields in your ColdFusion applications might contain special characters (> < " &), use the CFML function HTMLCodeFormat or EditFormat to make sure that these special characters are escaped. |
ColdFusion distinguishes between identically-named parameters from different sources using prefixes for each source, or scopes. For example, client variables use the prefix Client.variable.name.
Note that ColdFusion does not attempt to automatically evaluate Application
and Session variables. You must use variable prefix scopes with these variables.
For more information, see Developing Web Applications with ColdFusion.
<CFOUTPUT>
The value is #Form.MyTextField#
.
</CFOUTPUT>
<CFOUTPUT>
The name is #FirstName# #LastName#.</CFOUTPUT>
<CFOUTPUT>Cos(0) is #Cos(0)#</CFOUTPUT>
In this example, the SQL statement calls for single quotes to enclose a text string, the value represented by the form variable #FORM.LastName#.
<CFQUERY NAME="Search" DATASOURCE="Company" >
Select * From Employees
Where LastName='#FORM.LastName#'
</CFQUERY>
Note that pound signs are necessary only where you need to distinguish expressions from text, for example, when variables are embedded in text strings:
<CFSET A="Hello, #name#" >
Note that pound signs are necessary only where you need to distinguish variables from text,
for example, when variables are embedded in text strings: <CFSET A="Hello, #name#">
<CFSET #x#=#Cos(0)#+1>; instead, use <CFSET x=Cos(0)+1>
<CFSET FullName=FirstName & " " & LastName>
is the same thing as <CFSET FullName="#FirstName# #LastName#">
.
For detailed information on specific CFML functions and tags, see the CFML Language Reference.