set <cffile>
upload path to a web accessible, CF-enabled directory!!!
isStruct()
before isObject()
in a series of <cfif>
's expecting isStruct only catches struct (cfc component returns True from isStruct() as well)
no HtmlEditFormat()
when displaying user-generated content (XSS)
forgot to add output=false on CFC methods
not using <cfqueryparam>
inside <cfquery>
not scoping not-so-evident variables like cfquery name or loop index in a method
use <cfform>
when all they need is plain-vanilla HTML <form>
forgot to UrlEncodedFormat()
user-defined URL
use <cffeed>
without sanitizing the content
trust isDate()
too much (any number would return true)
expect string comparison to be case-sensitive (IS and EQ operators are case-insensitive)
sending strings "yes" or "no" to SerializeJSON()
without appending a whitespace to preserve the string (otherwise SerializeJSON()
or DeserializeJSON()
will translate them to "true" and "false")
not putting singletons services in application scope
blindly create as much CFCs as one wants like one would do in JAVA
putting complex value/object into a list (can't, list is just a string of comma-seperated values)
writing functions that takes array as an argument and modify that array expecting that array will be modified (array in CFML is passed by value)
blindly changes access="remote"
on a method and expect it to work (when remote proxy is generally more appropriate)
use a lot of WriteOutput() in cfscript when CFML is more appropriate
blindly uses IsDefined()
when StructKeyExists()
can generally do it more efficiently
blindly uses Iif()
and De()
without knowing they're as nasty as Evaluate()
update some code in onApplicationStart() and not seeing the difference on refresh (restart the app!)
<cfloop>
or '' outside of <cfquery>
causing multiple new query connections to be opened. 99% of the time it's better to have multiple statements inside of one cfquery to perform multiple actions, or to UNION data together.
hardcoding absolute path when ExpandPath()
is generally better
forgot to turn on Unicode support in DSN (Unicode becomes '????')
not upgrading to the latest JRE and Hotfixes
misusing Client scope and blow up Windows registry...
uses depreciated/obsolete functions/features (i.e. flash form aka flex 1.x alpha, cftable, Verity full-text search, etc...)
passing CFCATCH
to a function as argument type Struct
(CFCATCH
behaves like a Struct
, but it is not. Just pass it as type 'Any
').
Not reading CFC Best Practices from ColdBox wiki.
buying in the mindset of .ASP(X) or .JSP or [insert web technology] are always better.. ;)
not use PrecisionEvaluate()
and getting all sort of floating point rounding error especially when calculating money.