[thelist] CF: No IsDefined()?

.jeff jeff at members.evolt.org
Thu Sep 13 19:12:02 CDT 2001


> From: Frank
> If I understand correctly, the idea is that by
> initializing the variable, and then testing something
> specific against it, because we know it exists,
> contributes to a more robust and secure app. The reason
> why is that it might prevent someone from somehow
> mangling URL or POST data, and that because we have
> to test for something more than the existence, it adds
> to security. Is this correct?

yes, that's part of it.

the other part is for maintainability.  one theory of good programming
practice says that any variables you intend to use should be first defined.
this saves the headache of trying to figure out what variables are being
created on the fly (and are probably the ones causing errors).

this is the practice that i live by both with javascript and coldfusion.  i
would do the same with any other language i decide to pick up.

this is hard for me to read:

<cfif IsDefined("form.submit") AND FindNoCase("save", form.submit)>
  do stuff
<cfelseif IsDefined("form.submit") AND FindNoCase("delete", form.submit)>
  do stuff

this is not:

<cfparam name="form.submit" default="">

<cfif FindNoCase("save", form.submit)>
  do stuff
<cfelseif FindNoCase("delete", form.submit)>
  do stuff

i personally have additional reasons for not liking the IsDefined() and
Evaluate() functions.  Too often I've seen code written so poorly you
couldn't make heads or tails of it.  Strings concatenated and then evaluated
to retrieve the value from a variable by that name.  Strings concatenated
with variable values to determine the existence of an variable using
IsDefined().  yuck.  by setting a policy of not allowing the use of
IsDefined() at all and Evaluate() only sparingly, the chances of running
into these sort of coding and maintenance nightmares is reduced

make sense?


jeff at members.evolt.org

More information about the thelist mailing list