Xindi CMS

Xindi CMS is a small, lightweight and flexible content management system. It's great for web developers looking for a simple way to make site content editable by their clients.

Open source, free and flexible, Xindi is available in CFML and PHP versions.

Find out more »

About Me

I am a web developer living and working in Exeter, Devon (United Kingdom). I use my blog to document and share the things I learn and I hope fellow developers will find it to be a useful resource.

Read more »

Wednesday, October 5, 2011 Simple CRUD using CFGRID

I'm currently working on a project where my client needs to be able to create, read, update and delete records in a table displayed on a web page. In ColdFusion CFGRID solves this problem and here's a simple example using the CFARTGALLERY sample database that comes with ColdFusion 9.

Firstly, create an Artist.cfc file containing the following code.

Now create an index.cfm file containing the following code.

Load the index.cfm page in your web browser and the final result looks a bit like this...

Tags

ColdFusion

Share

Comments

Wednesday, October 5, 2011 Dan Switzer, II

Dan Switzer, II Just a warning that the qArtists query in the getArtists() method is open to SQL injections. A user could use either of the "gridsort" arguments to potentially inject malicious SQL.

To solve this problem, you can use a helper function to make sure that the column and sort direction are valid values.

Wednesday, October 5, 2011 Simon Bingham

Simon Bingham Thanks Dan. That's a good tip! :)

Friday, October 7, 2011 Chris Dawes

Chris Dawes Dan, people should be using their own in-house cf application firewall instead of relying on human coders ;-)

an application firewall that checks inserted fields against their datatype in the db at the minimum (and key injection keywords), and by using custom datatypes, checking against custom rules. This also allows you to use CFINSERT and CFUPDATE safely also.

I can't believe people are still relying on sql parameter checks in their code for attack protection, it's soo 1990! (but better than nothing) Miss one, and you're application is open for attack. Not worth the risk.

Monday, August 27, 2012 Dan TheMan

Dan TheMan Simon,
Thanks for the great example.

Just fyi: CF 8 gave me an error on lines 71 and 72 of Artist.cfc. It was complaining about volname and value. Solution is to remove the var word from each line.

Tuesday, August 28, 2012 Simon Bingham

Simon Bingham Yes, in CF8 you have to var scope your variables at the start of your method whereas in CF9 you can do it anyway.

Monday, March 11, 2013 Chuck Duppong

Chuck Duppong Simon, THANKS for the example. It helped me finally get off the ground with crud in cf.

Add Comment

Your email address will not be displayed on this blog.

The URL of your blog or web site.

3 + 4 =
Host Media ColdFusion Hosting

Tags

Ajax Android AngularJS Announcement Bootstrap CFML CKeditor CodeIgniter ColdFusion CSS DI/1 FW/1 Gist Git Google Maps HQL HTML iPhone JavaScript Jira jQuery MODX MXUnit MySQL PHP Programming Railo Regular Expressions (REGEX) Responsive Design Selenium SEO Spam SQL SQL Server SVN TinyMCE Unit Testing ValidateThis Xindi

Popular Posts

What I've Been Reading

"The Internet? Is that thing still around?"

Homer Simpson

Back to top

© 2013 | Hosted with HostMedia | Privacy Policy & Cookies | Site Map