Easy Page navigation using CFSwitch and URL Variables
ColdFusionIn some of my apps I've been writing, using CFSwitch is a really nifty way to do conditional processing on my pages, allowing me to get away from an endless number of CFIF's. Especially when using CFSwitch tags for controlling navigation on my application.
I know this isn't earth moving news for you seasoned cf developers out there, but I find cfswitch to be a very interesting and powerful tab.
A little back ground first. I'm slowly writing a app that will allow users to do reviews on service providers of a certain industry. I had a need for a page that has the service providers contact information, at the top, but has a link or tabs with links to be able to edit the service providers information, add notes, add a review, or view reviews. I didn't want to display all the forms down the page as I wanted it all on one screen so the user didn't have to scroll all the way to the bottom to add a note. They could click on a link, that would leave the service provider contact information at the top of the page, but change the form at the bottom to the appropriate form to add a note or what ever link or tab they clicked on.
As your reading this code, of course there are some assumption you will need to make. Like, this page is the resulting page from a query or a drill down page from a query. The initial url would be "index.cfm?=serviceproviderID=#url.IDFromDatabase#"
So, here's the code:
It seems to work pretty well. Being new to this whole programming thing it was pretty neat to figure this out and not have to depend on someone elses snippet to get it working. So I figured I'd post it in case some other newbie need something like this on there page. This is the first time I've posted any code like this. I took my working code and "sanitized it" for this entry, so if you see an issue with it please let me know.
Later,
Mark
Secondly, I would be ***very*** cautious doing this:
index.cfm?=serviceproviderID=#url.IDFromDatabase#
What happens if someone enters this on the url?
index.cfm?serviceproviderID=1%20OR%201=1 or
index.cfm?serviceproviderID=1'%20OR%201='1
Depending on how you are writing your query, this might produce the following query:
SELECT [whatever columns]
FROM ServiceProvider
WHERE serviceproviderID = 1
OR 1 = 1
Or if they are string IDs the second one will produce:
SELECT [whatever columns]
FROM ServiceProvider
WHERE serviceproviderID = '1'
OR 1 = '1'
Give it a shot and see what happens. Offering such a direct shot at your database opens you up to people tinkering with your urls attempting SQL injection attacks.
If you do use this method, be damn sure you are using [cfqueryparam] in your SQL. I would be more than happy to discuss this further if you want!
In a case where either a cfswitch or a cfif/cfelseif/cfelse block could be used, the key is that there is only one condition and it only needs to be evaluated once when using cfswitch. In an analogous cfif/cfelseif/cfelse construct, the same expression must be evaluated until met or until an else block is reached:
[cfswitch expression="#variables.myint#"] [!--- expression is evaluated here and only here ---]
[cfcase value="0"] [!--- no evaluation ---]
[cfcase value="1"] [!--- no evaluation ---]
[cfcase value="2"] [!--- no evaluation ---]
or
[cfif variables.myint eq 0] [!--- evaluated here ---]
[cfelseif variables.myint eq 1] [!--- evaluated here if not 0 ---]
[cfelseif variables.myint eq 2] [!--- evaluated here if not 0 or 1]
Hopefully you see where this is going. :-)
http://www.webapper.net/index.cfm/2006/7/27/200607...
Again, it appears that this is specific to comparing strings only.
The debate rages on...
As far as the cfswitch goes, that's a bummer because I like the cfswtich tag. It's a lot easier for me to keep track of what's going on than the cfif stuff. Thanks again for the advice you guys!
Loading....