ColdFusion groups variables together in scopes, or a range in which a variable can be accessed. Think of a scope as a bucket of memory that can store variables. Each scope has its own purpose, and each scope has its own lifecycle.
The following table shows major scopes available in a running ColdFusion application:
To be able to program in ColdFusion, a ColdFusion server needs to be installed. There are a couple of options available, but the one that we are going to focus on is a local development server.
A local development server is free and allows you to develop ColdFusion applications that use all of ColdFusion’s available features. There are, however, a few limitations, such as not being able to use the server as an external web server. That being said, there are additional benefits to using a local ColdFusion development server, such as not needing to have IIS or Apache installed, but instead using the packaged web server.
To install ColdFusion, follow the steps below:
When creating a website that generates reports, having the ability to generate Excel spreadsheets is a great feature to offer users. Allowing people to provide an Excel file of data rather than forcing them to manually enter everything into your system is also a great feature for users. ColdFusion allows for both the creation and reading of spreadsheets.
ColdFusion offers the ability to use tags and functions to manipulate spreadsheets. The cfspreadsheet tag is best used when reading in a spreadsheet; the spreadsheet functions are best used when manipulating the spreadsheet. There is the SpreadsheetRead function available to you, but it does not return the data contained in the spreadsheet. For this section, we will use the cfspreadsheet tag to read in data, but will use the spreadsheet functions for creation and manipulation.
Object-Relational Mapping (ORM) allows you to work with objects and have them saved to the database automatically. It can greatly simplify create-read-update-delete (CRUD) operations and make your code more object-oriented. Under the hood, ColdFusion uses the industry leading ORM framework called Hibernate.
Cross-site Scripting (XSS) is the most prevalent web application security flaw and occurs when user supplied data is sent to the browser without properly validating or escaping that content. XSS flaws can allow the attacker to:
Injection attacks occur when data is sent to an interpreter which contain unintended commands with the data that are run by the interpreter. The most common injection flaw in web applications are SQL, but it is also possible to have injection flaws effect LDAP queries, XPath queries, and OS commands. We are going to cover SQL injections, but the techniques used to validate and control the input to the SQL interpreter are applicable to the other types of injections.
In the earlier Database chapter you saw the use of the cfqueryparam tag. It is one of the simplest steps you can take to help prevent SQL injection attacks on your web application, but it can only be used in the WHERE clause, INSERT values, and UPDATE values of an SQL statement. Other parts of an SQL statement require more work to protect against it. The example below is using cfqueryparam, but it is still susceptible to SQL injection attack throug
Before you can send emails with ColdFusion, a mail server you want to use needs to be set. Configuring the mail server can be done in the ColdFusion Administrator.
If you do not have a mail server of your own, your localhost can act as a mail server. ColdFusion will act normally, but since there is no mail server set up on your localhost, emails will not arrive at their destination. Another option is to use the mail server of Gmail (a Gmail account is required for this). The settings for this mail server can be found at the end of this section.
You can also make a new .cfm file and use it as a function library. You can then use the cfinclude tag to include it on any pages that might need it.
cfinclude only has one attribute, template, that takes the path to the function library file. If the function is placed in a file called greetingCustomizer.cfm, to give our page access to the function we just include our greeting customizer on the page like so:
<cfinclude template="path/to/libraries/greetingCustomizer.cfm" />
Whereas cfdocument is used to create PDFs, the cfpdf tag is used to manipulate existing PDFs. With cfpdf, you can read an existing PDF, write meta-data to it, merge PDFs together, delete pages, create thumbnails of the pages, extract text & images, add or remove watermarks, manipulate headers & footers, create PDF portfolios, and deal with PDF passwords, permissions and Encryption.
As well as having the ability to read about ColdFusion, 'Learn CF in a Week' has a Hands On section of the course, giving you the opportunity to create your own ColdFusion web site. During the course, you will take a basic HTML website and add ColdFusion to it, creating a fully functional ColdFusion application.
To be able to take part in the Hands On, you must first install the necessary Application files. To do this, follow the steps below: