cfform and maxlength

[Jami]

Hi all,
I don't know if this is a javascript, html or cf issue, but thought I'd give it a shot here. I am using a form to receive catalog requests. This form is enclosed with cfform tags and maxlengths are included on every input or cfinput tag to keep the length of variables under the length of the database fields in the table I am writing to. This form has been live for some time and recently an error was generated on an variable passed by an input text box with the maxlength of 2 (state field). The user was somehow able to enter "N.C" in a field with maxlength of 2. I tried the form field again myself and was not able to enter this value. Can anyone help explain why this would happen?
Thanks!
Jami

 

[GunJack]

Hi Jami,

The maxlength attribute is an html parameter that tells the browser what to limit user input to. It's up to the browser to impose this limit so any browser could choose to ignore the limit you set. The major browsers all honor this attribute so this could have been caused by someone usign a lesser known browser or something like WebTv which is known to have a number of problems. It could also have been a browser bug even in one of the mainstream browsers.

Another explanation is that someone saved the form off, removed the attribute, and then submitted the form from their copy.

If you need to assure that people don't get around this length constraint, don't trust the browsers to screen the data. It's best to screen all inputs in your receiving script before you use them and then direct the user to an error page if there are any problems. This is the most reliable method and almost assures you that no one will submit bad data. In a lot of cases, this extra effort isn't worth the time but it's the only way IMO to guarantee no one gets past your data limits.

Hope this helps,
GJ