OO Code Camp Starts This Week

In 2009, TACFUG will put on a free series of courses on Object Oriented programming in ColdFusion. We originally had slots for 20, constrained by the size of our location, and we are pretty much at capacity.

We realized this topic would have broad appeal and tried to creatively think of a way to record these sessions. Frankly, the material and the characteristics of our location does not lend itself to recording this meeting.

As a consolation prize, we will make the material used in OO Code Camp available to any other User Group that wants to use it. Just drop us a line at the TACFUG site, we'll get it over to you.

Thanks go to Alagad for sponsoring the series with Pizza. Thanks also to Doug Hughes and to Phill Nacelli for letting us use their previous OO presentations for ideas/content.

Fix for: 500 Null Corrupt form data: no leading boundary

Another 500 Null Error / Solution

I ran into a strange error in the registration section of TheHealthChallenge.com where Internet Explorer users (Editors Note: Remove defamatory comments re: Internet Explorer Development Team and gratuitious comparisons about the size of their brains vs. size of their egos ) clicking a button would cause a 500 Null.

Here are the error details:

view plain print about
1500
2Corrupt form data: no leading boundary: != -----------------------------7d93d92a60680
3
4
5java.io.IOException: Corrupt form data: no leading boundary: != -----------------------------7d93d92a60680
6    at com.oreilly.servlet.multipart.MultipartParser.<init>(MultipartParser.java:174)
7    at com.oreilly.servlet.multipart.MultipartParser.<init>(MultipartParser.java:93)

Can anyone venture a guess as to what the problem was? You want more information? Take a look at the form code as well:

Here is the HTML for the Form:

view plain print about
1<form action="index.cfm?x=register" method="post" enctype="multipart/form-data" id="registerForm" class="uniForm">
2    <fieldset class="inlineLabels">
3        <div class="ctrlHolder">
4            <label for="register"> Need an Account?</label>
5            <p class="formHint">registration takes only 53 seconds</p>
6        </div>
7    </fieldset>
8        <div class="buttonHolder">
9            <button type="submit" class="submitButton">Start Registration</button>
10        </div>
11</form>

By the looks of the HTML code above, a single button will be drawn on the screen along with some friendly text. So why the error?

Solution

Apparently Internet Explorer does not handle serializing the form post if there is no content and what it sends to the server is not what the server expects. Possible resolutions for this are to remove the [enctype="multipart/form-data"] attribute or change the [method="post"] to [method="get"]. Either one will work as intended.

I happened to create this set of circumstances by using the CFUniform library in a way it was not designed for. I mentioned this to Matt Quackenbush who reworked the inner workings of the CFUniform Library to intelligently figure out if a file upload control is in the form or not. If one exists, the [enctype="multipart/form-data"] attribute will be included automatically. If you experience the 500 Null problem listed in this post, and you are using the CFUniform Library, simply update your version from http://cfuniform.riaforge.org/ and you'll be all set.

CFQueryparam and Lists

A word on SQL Injection

SQL Injection is a pervasive problem in the Web Application World. A quick search for URLS that use raw SQL brings up hundreds of thousands of dangerously formed URLS. Any developer worth his salt knows to clean user input before using it.

Defend Against SQL Injection in ColdFusion

CFQueryparam is a recommended tag that helps to keep your queries safe from SQL Injection. Any ColdFusion worth his salt uses CFQueryparam to help keep malicious parameters from being executed by the database engine. I ran across some code today that used CFQueryparam in most cases, but there was a particular, recurring use case that used raw parameters.

Example 1

view plain print about
1<cfquery name="getProductsByList" datasource="ILikeTwinkies">
2SELECT productName,
3FROM product
4WHERE productID IN ( #productIDList# )
5</cfquery>

Note the use of the list. It is a common paradigm to pass a delimited list of data to an SQL statement. In this case, the developer chose not to use CFQueryparam because he/she was under the impression that the result would be a single parameter, not a chain of parameters.

However, CFQueryparam can be used successfully in this case by setting the optional attribute 'list' to true. This is a supported attribute on all database engines.

Example 2

view plain print about
1<cfquery name="getProductsByList" datasource="ILikeTwinkies">
2SELECT productName,
3FROM product
4WHERE productID IN (<cfqueryparam value="#productIDList#" list="true" cfsqltype="cf_sql_numeric">" )
5</cfquery>

The resulting query will be parametrized in such a way as to render the list as a list and the results of the second query are equal to the first. Except for the case of an SQL Injection attack.

In the case of an SQL Injection attack, the developer of the first code sample would have a lot of explaining to do...

Must Have Tool For Ajax/Remoting Work!

Nathan Mische, one of the best JavaScript programmers I know, works on the ColdFire project. ColdFire is sort of like Firebug for Firefox, only geared towards ColdFusion.

If you've developed any sort of Ajax functionality, you know testing remote services can often be frustrating. Trying to get a handle on what parameters are being passed, how to send test parameters, knowing what the results of the request were, often mean dealing with a number of problem layers and a lot of confusing Red Herrings.

If you do any Ajax work, take 72 seconds out of your life to watch this quick screencast on the Request Queue in ColdFire.

See how efficient the workflow is? See how quick one can test remote services? How much time would this save you, what with all the cfdumping, the alerts, the aggravation?

What are you waiting for? Download ColdFire Now!

What Is ColdFire?

ColdFire is an extension to Firebug. It provides debug information in a Firebug tab as opposed to the bottom of the page. This lets you debug and keep your site layout intact, since ColdFusion's built-in debug information can sometimes mess with your site layout. ColdFire currently shows debugging information in the following tabs:

  • General
  • Execution Times
  • DB Queries
  • Traces
  • Timer
  • Variables
  • Request Queue

Error Message FAIL

I was working on a server migration last night. In process, I set up the DNS for the mail servers. When I entered the value for the DNS server EXACTLY like Google said, I got the below error:

Alert: The domain was not added due to an error in the dns settings. Please check your dns template and verify. The message from the dns server was dns_rdata_fromtext: :26: near 'ASPMX2.GOOGLEMAIL.COM..': empty labelzone thehealthchallenge.com/IN: loading master file : empty label

Since I don't speak fluent Southern Klingon, my mistake was not immediately obvious. I, of course, tried to submit the form several more times. When I finally read the error message, I realized the Control Panel wants to be the one to add the trailing period (.). Removing my trailing period fixed it.

This is the most indirect, least helpful error message I've seen all month. I vow in 2009 to do better than these guys when alerting my users to issues.

OO Camp comes to RTP, NC

We work fairly hard at TACFUG to keep our members informed and engaged in key information about programming and ColdFusion. Recently, Jim and I, put out a request for topics and we found some challenges in meeting the need. Some of our members have a long history of programming in ColdFusion and want to branch out into Object Oriented programming, but for one reason or another just haven't. Jim and I came up with an OO Code Camp concept and floated it out to our group to gauge interest.

Here was our announcement:

The fine folks at TACFUG (me and Jim) are seriously considering doing an OO camp starting in January. OO Camp will be a crash course on OO in ColdFusion. Ideally, we'd cover the topic in 3 or 4 evenings spread over a couple of months. This crash course will be designed to teach OO concepts and how to efficiently work with ColdFusion components. If you are new to OO or do not think you are using OO effectively, this crash course is for you. There will be no cost for this event though we may take up a donation for Pizza. Who would be ready to commit to coming to 3 or 4 evenings of OO camp? Please use this email thread for comments, questions and such about the proposed OO Camp. Feel free to extend this offer to others in your company, organization, Facebook Network, etc that would find this helpful as well.

We got a good bit of interest, certainly more than enough to justify running OO Code Camp in RTP.

Jim and I will be teaching the class and while we are pretty darned good at what we do, we've never run an organized class on this topic before. To make sure we cover all the bases and deliver appropriate, encompassing training, I thought it would be a good idea to ask the multitude of talented readers of this blog for their advice. We want to deliver the core concepts of Object Oriented Programming in a practical, hands-on fashion. Please offer, by commenting below, any constructive advice, suggestions, key topics that you feel we should cover.

Thanks in advance!

Cruising

I've recently signed up to go on RIA Adventure. By now, everyone knows RIA Adventure is a fun filled cruise containing all of your favorite Adobe Geeks. I totally dig the networking at conferences so I'll really like hanging out with a bunch of fun people that know the difference between coldfusion and ColdFusion. Can Ya Dig?

I don't mind getting away to the tropics in February. In February, I'm usually ready for a little sun anyways. I also don't mind my girlfriend Shannon getting to know some of the people I'm prattling on about. She's heard enough stories, that's for sure.

Last I heard, this RIA Adventure cruise was filling up pretty fast. If you've been on the fence about participating, time to whip out the visa and book some February Fun in the Sun.

The Greatest Chicken Dish in the World! (with video)

Last night we had dinner with some dear friends, Jessica, Kyle and their baby Hunter. (Remind me one day to tell you about the fun I had feeding lemons to Hunter).

We had dinner at Sitar Palace, an Indian restaurant in North Durham. Of course, all the items on their buffet were awesome, but the standout was a dish cryptically called Chicken 65. Move over Chicken Makhani, make room for my new favorite chicken dish, Chicken 65.

Shannon and I searched the Internet for a good recipe and found some rather interesting descriptions for this dish. Apparently, no one can be sure of the origin of the name.

Wikipedia on Chicken 65:

The number 65 is variously said to be the number of days taken to prepare the marinade or the year of the dish's creation. One account claims that the dish emerged as a simple meal solution for Indian soldiers in 1965. Others accounts claim that an "enterprising hotelier" targeted macho diners with a 65-chilli recipe and named the dish accordingly. It is generally acknowledged that no one knows which (if any) of these anecdotal theories are true.

Enter Vah Chef

Vah Chef is apparently an Indian Celebrity chef from Chennai who is absolutely hillarious. He is infectious with his energy and has a simple cooking style. Anyone who has ever tried to make Indian food knows it can be involved and require WAY more ingrediants than typical American food. Vah Chef has a very popular website with videos and recipes of popular dishes. If you like Indian foods and like to cook, Vah Chef is a must-see website.

Where's the video you promised us?

Vah Chef has a video on Chicken 65 where he demonstrates step by step how to make the delicious dish. While preparing, he enterains by going through the history and misconceptions of the dish as well.

Do you cook Indian food? Do you have good resources you'd like to share? What is your favorite dish?

How I Cured My Back Pain

As I've gotten older, and gotten into the habit of working more hours, I'd become somewhat used to a pain in my back. This specific pain, inflammation rather, was located just under my right shoulder blade and would surface around mid-day. As I normally work 10-12 hours a day, the back pain impacted my ability to focus and to enjoy my work fully. I ended up casting a naughty glance at my office chair (Office Depot 79$ special), thinking it could possibly be contributing to the problem. After poking around at the Herman Miller Aeron chairs, I couldn't bring myself to spend over $1,000 for a chair that might or might not help me out.

After even more research, I found a chair called Ergohuman ME7ERG Mesh High Back Chair. Since it was half the price of the Aeron and was listed on a site claiming to have "Chairs professionally selected by certified Ergonomists", I simply had to have one.

And what did you think about it?

To be blunt, this chair cleared up my back problems. Within less than a week of having it, I had less pain, better focus and was more comfortable working than I had ever been. Quite possibly, the $500 I spent has delivered the most bang for the buck of ANYTHING I have in my home office.

Where did you by it?

I bought this chair from http://www.ergonomicchairpro.com, mostly because they had an eBay special for $500 with free shipping. They offer similar deals on their website right now, so don't worry about searching around.

How long did it take to receive?

The chair showed up in a few days. Considering how large the package is, and the Free shipping, I thought it would take much longer.

How was the Installation?

Putting the chair together took me about 15 minutes. All the necessary tools were provided in the package for me. They even included some extra screws, which I kept.

How was the Quality?

This chair is seriously built. Some chairs are cheap plastic and will wear out soon. The Ergohuman ME7ERG is built with a heavy steel base and composite frame. I've used this chair every day for a year now and there is no sign of wear. It is very comfortable and adjusts in a number of manners for the best fit.

Seriously? No Back Pain?

I have not had a recurrence of the back pain at all since I've been working in this chair. Even when working in lengthy spurts of 60-80 hours, no back pain.

How much money do you get from selling these chairs?

I don't make a single nickel from selling these chairs. Frankly, at DataCurl, we do just fine providing high-quality consulting and applications to the Health and Wellness industry that we don't need to shill chairs for pennies. You don't see any ads on this blog do you?

In closing, if you have back pain from working at a computer all day long, you owe it to yourself to invest in a proper chair. Most people have vehicles that cost between $10-50k which are driven less than an hour a day. A quality work chair is used between 6-12 hours a day, so it is worth the extra money to get a quality chair designed around human beings. If you want one of these chairs, go check out Ergonomic Chair Pro and get one today.

Customize CFUnited 09

The fine folks at Stellr have put together a list of all the proposed presentations for CFUnited 09. You are invited to help choose the presentations you'd be most interested in watching.

The CFUnited 09 presentation survey will take less than 10 minutes and will help make sure the conference content is relevant, timely and in line with audience expectations.

I think this is a great idea and will help make sure the conference is tuned for the audience. Vote Today!