I'm using the BlueDragon's cfform validation:
<cfinput validateat="onServer" validate="regex" pattern="^[a-zA-Z0-9 ]+$" name="COMPANYDBA" />
But this pattern isn't producing the right result. Something is up with the dollar sign:
^[a-zA-Z0-9 ]+$
Expected result: no special characters
Actual result: no special characters except it's allowing the $ sign
Why in the world would this allow a dollar sign in the string?
An old question, but it's listed as unanswered, so here's an (overly-long) answer to stop that being the case (as soon as someone upvotes it, anyhow).
It's unlikely the source for cfform has changed significantly between BD7 and OpenBD -- because pretty much nobody recommends using cfform these days -- so here's the OBD code which generates the HTML:
What this code tells us is that, with the attributes provided, a hidden form field named with the suffix
_CFFORMREGEXis output with the pattern to test.(Which of course is not real server-side validation, despite what
validateat="onserver"suggests, and thus is yet another reason not to use cfform).After submission, that form field is picked up and used via the cfFormData.java file:
Which if you follow it through eventually runs the pattern through
com.nary.util.string.regexMatcheswhich uses Apache ORO to check it matches:The use of SINGLELINE_MASK means the
^and$will perform their usual start/end of content match (not start/end of lines) and that.includes newlines.With all that, we can categorically state that, if the pattern provided is
^[a-zA-Z0-9 ]+$then$will not be accepted, so there must be more to the original issue than has been revealed.Of course, rather than worrying about all that, the most appropriate solution is: stop using cfform.
There are plenty of superior options for doing proper form validation, see Charlie Arehart's list: cf411.com/form