Validating the Data That Users Enter in Form Fields

Another limitation of HTML forms is that you cannot validate that users input the type or range of data you expect. ColdFusion enables you to do several types of data validation by adding hidden fields to forms. The hidden field suffixes you can use to do validation are as follows:

Form Field Validation Using Hidden Fields 
Field Suffix Value Attribute Description
_integer
Custom error message Verifies that the user enters a number. If the user enters a floating point value, it is rounded to an integer.
_float 
Custom error message Verifies that the user enters a number. Does not do any rounding of floating point values.
_range
MIN=MinValue MAX=MaxValue Verifies that the numeric value entered is within the specified boundaries. You can specify one or both of the boundaries separated by a space.
_date
Custom error message Verifies that a date has been entered and converts the date into the proper ODBC date format. Will accept most common date forms, for example, 9/1/98; Sept. 9, 1998).
_time 
Custom error message Verifies that a time has been correctly entered and converts the time to the proper ODBC time format.
_eurodate
Custom error message Verifies that a date has been entered in a standard European date format and converts into the proper ODBC date format.

Note Adding a validation rule to a field does not make it a required field. You need to add a separate _required hidden field if you want to ensure user entry.

Note To validate the data users enter in the Insert Form
  1. Open the file insertform.cfm in Studio.
  2. Modify the file so that it appears as follows:
    <HTML>
    <HEAD>
        <TITLE>Insert Data Form</TITLE>
    </HEAD>
    
    <BODY>
    <H2>Insert Data Form</H2>
    <FORM ACTION="insertdata.cfm" METHOD="Post">
        <INPUT TYPE="hidden" 
            NAME="DeptID_integer" 
            VALUE="The department ID must be a number.">
        <INPUT TYPE="hidden" 
            NAME="StartDate_date" 
            VALUE="Enter a valid date as the start date.">
        <INPUT TYPE="hidden" 
            NAME="Salary_float" 
            VALUE="The salary must be a number.">
        Employee ID: 
        <INPUT TYPE="text" 
            NAME="Employee_ID" 
            SIZE="4" 
            MAXLENGTH="4"><BR>
        First Name: 
        <INPUT TYPE="text" 
            NAME="FirstName" 
            SIZE="35" 
            MAXLENGTH="50"><BR>
        Last Name: 
        <INPUT TYPE="text" 
            NAME="LastName" 
            SIZE="10" 
            MAXLENGTH="10"><BR>
        Department Number: 
        <INPUT TYPE="text" 
            NAME="Department_ID" SIZE="4" 
            MAXLENGTH="4"><BR>
        Start Date: 
        <INPUT TYPE="text" 
            NAME="StartDate" SIZE="16" 
            MAXLENGTH="16"><BR>
        Salary: 
        <INPUT TYPE="text" 
            NAME="Salary" 
            SIZE="10" 
            MAXLENGTH="10"><BR>
        Contractor: 
        <INPUT TYPE="checkbox" 
            NAME="Contract" 
            VALUE="Yes" CHECKED>Yes<BR><BR>
        <INPUT TYPE="reset" 
            NAME="ResetForm" 
            VALUE="Clear Form">
        <INPUT TYPE="submit" 
            NAME="SubmitForm" 
            VALUE="Insert Data">
    </FORM>
        </HTML>
    
  3. Save the file.

The VALUE attribute is optional. A default message displays if no value is supplied.

When the form is submitted, ColdFusion scans the form fields to find any validation rules you specified. The rules are then used to analyze the user's input. If any of the input rules are violated, ColdFusion sends an error message to the user that explains the problem. The user then must go back to the form, correct the problem and resubmit the form. ColdFusion will not accept form submission until the entire form is entered correctly.

Because numeric values often contain commas and dollar signs, these characters are automatically stripped out of fields with _integer, _float, or _range rules before they are validated and saved to the database.

Note If you use CFINSERT or CFUPDATE and you specified columns in your database that are numeric, date, or time, form fields that insert data into these fields are automatically validated. You can use the hidden field validation functions for these fields to display a custom error message.