Validating data in ColdFusion 9

09/24/2009 | ColdFusion | 25 Comments

ColdFusion 9 is brining some awesome new features and right near the top for me are implicit getters / setters. Writing these can be tedious and straight up boring but soon enough that will be a thing of the past. On top of that they have adding some validation features to these properties. Two new attributes have been added to the property tag, validate and validateparams. Rupesh Kumar has a great write up on this over on his blog but here is the short version.
Possible values of validate are.

string
boolean
integer
numeric
date
time
creditcard: A 13-16 digit number conforming to the mod10 algorithm.
email: A valid e-mail address.
eurodate: A date-time value. Any date part must be in the format dd/mm/yy. The format can use /, -, or . characters as delimiters.
regex: Matches input against pattern specified in validateparams.
ssn: A U.S. social security number.
telephone: A standard U.S. telephone number.
UUID: A Home Universally Unique Identifier, formatted 'XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXXXXX', where 'X' is a hexadecimal number.
guid: A Universally Unique Identifier of the form "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" where 'X' is a hexadecimal number
zipcode: U.S., 5- or 9-digit format ZIP codes

ValidateParams are expressed using implicit struct notation and can contain the following values.

min: Minimum value if 'validate' is integer/numeric
max: Maximum value if the 'validate' is integer/numeric
minLength: Minimum length of the string if the 'validate' is string
maxLength: Maximum length of the string if the 'validate' is string
pattern: regex expression if the validator specified in 'validate' attribute is regex

This is a quick example of a user component using some of the new validation. /** * @output false */ component { property numeric userId; /** * @validate string * @validateParams {minLength=2,maxLength=2} */ property string firstname; property string lastname; property string username; property string password; /** * @validate email */ property string email; public User function init(){ return this; } }

This seemed like exactly what I wanted, an easy way to validate data. A closer look at how it actually works though left me wanting more. This will do exactly what it says and validate the data but this is how it's done. To show how this works we will create an instance of our user component and try to set our first name property <cfset user = new User()> <cfset user.setFirstName("d")> <cfdump var="#user#"> The requirement for our first name was that it should be at least 2 characters long. I was thinking that it would somehow trap these errors but instead when I ran the example I saw the following error on screen.

The length of the string, 1 character(s), must be greater than or equal to 2 character(s).

While this is nice I don't really think I could use in a real application because its not a nice way of informing the user of what went wrong. This was the base of a new project I have been working on that I hope to share with you soon.

This entry was posted on September 24, 2009 at 2:01 PM and has received 3443 views. Comments 25 | Print this entry.

TweetBacks

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

[Add Comment] [Subscribe to Comments]

#1 by Brian Carr on 9/24/09 - 2:04 PM

Agreed - seems like the implementation of @validate and @validateParams is about 50% there - an excellent idea (and use of annotations), but not entirely useful in its current state. I'm definitely interested in your new project to enhance this functionality and will be downloading the code in short order.
#2 by Ben Nadel on 9/24/09 - 2:09 PM

I also, cannot for the life of me, figure out how to actually use the pattern for a regex validation. You can use the most basic validateparams, but most regex notations seem to cause an error:

validateparams="{ pattern=a{1,5} }"

... throws a syntax.

Honestly, the way they did the validateparams is junky. They should just have used the same method that CFParam does where tehse exist as optional attributes.
#3 by Dan Vega on 9/24/09 - 2:10 PM

Thanks Brian! I would love to hear your thoughts on it. It's still real new but I think the base is there for a real simple and useful validation package.
#4 by Dan Vega on 9/24/09 - 2:12 PM

I wonder if its working like the isValid pattern works.

pattern: A JavaScript regular expression that the parameter must match; used only for regex or regular_expression validation.
#5 by Micky Dionisio on 9/24/09 - 2:14 PM

Dan-

This is a fantastic idea. At a glance, the out of the box validation offers quite a lot and coupled with the validationParams keeps it simple and straight forward (goodbye all manual custom if's i have to create in boiler plate validation utility objects). On top of that you've got it working using annotations which makes this entire thing killer.

I see that all validators extend IValidator so its kosher for us to possibly create our own?

Excellent work man - will definitely look out for future releases.

-Micky
#6 by Raymond Camden on 9/24/09 - 2:20 PM

Hey Ben, does your code work if you create the args as a struct before the cfpoperty tag? Or perhaps create the regex as a string called myregex, and pass that to the params?
#7 by Mike Chandler on 9/24/09 - 2:21 PM

This is cool. Perfect timing too. I'm starting a new project on Quicksilver. I'll see if I can implement and provide feedback. Thanks much Dan!
#8 by Raymond Camden on 9/24/09 - 2:22 PM

Sorry - my comment makes no sense really.
#9 by Ben Nadel on 9/24/09 - 2:40 PM

@Ray,

I have tried what I think you are saying and it throws an error that the value must be static.
#10 by Dan Vega on 9/24/09 - 2:41 PM

The docs say it must be an implicit struct. I wonder if you need to escape anything (\\) like the brackets.
#11 by Ben Nadel on 9/24/09 - 2:47 PM

I tried escaping with a single slash "\" and that didn't work. Double-slash didn't occur to me.
#12 by Dan Vega on 9/24/09 - 2:49 PM

You are regex master I am just taking stabs in the dark at this point :)
#13 by Ben Nadel on 9/24/09 - 2:50 PM

Where's Rupesh? He needs to jump in a karate-chop the situation :)
#14 by Brian Carr on 9/24/09 - 2:53 PM

I've wrestled with this very issue in the past and unless there's some juicy piece of obscure documentation floating around out there that indicates otherwise - Annotations in CF only accept string literals as values, no variable references (complex objects or otherwise).

If that's not the case, then please someone speak up and show us the light!

My guess is that the 'implicit struct' is being converted under the covers by CF specific and exclusive only to @validateParams.
#15 by Henry Ho on 9/24/09 - 2:58 PM

At first I like the feature, but the exception type it throws is too hard to catch!
#16 by Bob Silverberg on 9/24/09 - 3:01 PM

Hey Dan. This sounds like exactly what I was trying to accomplish with my validation framework, with the only difference being that my validation metadata is currently in xml files, while you want to use property annotations.

I designed ValidateThis to allow for different metadata implementations, and I know that this is something that some developers will be keen on (even if I am not myself), so I was planning on adding that feature (validation metadata via property annotations) in a future release. Because of the design it will be a simple matter of adding one new component.

As I believe the goals of these projects are identical, if you see any value in collaborating on this effort, rather than creating an additional project that accomplishes the same thing, I'd be keen to discuss that.
#17 by Dan Vega on 9/24/09 - 10:32 PM

@Henry - I was the same as you.

@Bob - I already have the project created and running but I think sharing ideas on the best approach to solving the problem is a great idea. I will pull down your framework again this weekend and take a look at it.
#18 by Bob Silverberg on 9/24/09 - 11:28 PM

Sounds good. It's all open source, right? So we can steal each other's ideas. ;-)
#19 by Dan Vega on 9/24/09 - 11:30 PM

HA! Yes it's actually up now http://hyrule.riaforge.org/ and by steal you of course mean innovate each others ideas right? :)
#20 by Raymond Camden on 9/25/09 - 8:57 AM

As an OS developer, all this "steal" talk bothers. I've never stolen anything for any of my projects.

Now pardon me while I move away from that ominous looking storm cloud that just appeared.
#21 by Dan Vega on 9/25/09 - 9:02 AM

Innovate Ray - Borrowing ideas for the good of society! That's how I sleep at night :)
#22 by Bob Silverberg on 9/25/09 - 10:21 AM

@Ray: I'm surprised by your comment. I would have thought that it was obvious from my comment, including the wink, that is was a lighthearted joke. By definition it's impossible to steal something from an open source project (one of these ones anyway) as it's all freely available for the taking. It would be like saying "I stole a free sample at Costco today".

And while you say that you've "never stolen anything for any of my projects", I would say the same is true of me, but I wouldn't hesitate to say that I've "taken" ideas and in fact code from other OS projects. I think that that is part of the philosophy of OSS. Not just to produce a piece of software that is free and available, but also to put out code that is free and available to be extracted and used in other projects.

So yes, I agree that stealing is wrong, and perhaps should not be a term used in this context, but I think that taking is perfectly fine, and in fact is encouraged.
#23 by Raymond Camden on 9/25/09 - 10:23 AM

Um dude.... chill. I was joking. The last paragraph about the storm cloud? You know - the whole thing of saying a big lie and getting struck down by God. It was a joke - nothing more.
#24 by Bob Silverberg on 9/25/09 - 10:30 AM

But you left off the wink! How was I to know? That storm cloud thing went right over my head. Perhaps I need more than 4 hours of sleep a night.
#25 by Ben Nadel on 9/25/09 - 12:50 PM

I agree with Bob, this conversation needs at least 4 - NO, 5 more emoticons for it to be interpreted correctly :P