Handle Invalid Data Type in CF Remote Function

Question

So I have a remote ColdFusion Function like:

remote string function name (required numeric varname){

This is accessed via AJAX call. Google has taken it upon itself to pass in junk/blank values to the URL to this remote function. How can I gracefully handle those for Bots/Users to manage to get in a junk value. I've tried putting try/catch around/inside the function and doesn't work. I've also tried setting a default value but I still get an error. I'd like to be able to return an error message.

Thoughts?

Right now:

domain.com/path/to/page.cfc?method=function&varname=

Is throwing an error

domain.com/path/to/page.cfc?method=function&varname=5

Is working as expected.

Answer 1

Update:

I am leaving this here for posterity, as it explains the cause of the error and chain of events with validation. However, Adam's response is the correct solution IMO.

---

remote string function name (required numeric varname){

I've tried putting try/catch around/inside the function and doesn't work.

Because the argument value is validated before CF executes anything inside the function. So it never even gets to the try/catch.

If you want to allow non-numeric values, you must set the argument type to string and perform validation inside the function. ie

      // use whatever check is appropriate here
      if ( IsNumeric(arguments.varname) ) { 
          // good value. do something
      }
      else {
          // bad value. do something else
      }

I've also tried setting a default value but I still get an error

domain.com/path/to/page.cfc?method=function&varname=

Update The reason it does not work is because the varname parameter does exists. Its value is an empty string. As long as some value is passed (even an empty string) the default is ignored.

Answer 2

I disagree that the accepted solution is the best approach here.

Firstly, if your method is expecting a numeric and it's being passed a string, then an error is precisely the correct reaction here. You shouldn't feel the need to mitigate for requests that pass invalid values. Consider it like someone making a request to http://some.domain/path/to/file/wrongOne.html (they should have requested http://some.domain/path/to/file/rightOne.html)... it's completely OK for things to return a 404 "error" there, isn't it? An error response is exactly right in that situation.

Similarly, you have dictated that for your remote call URL, that argument is supposed to be numeric. So if it's not numeric... that is an error condition. So your server returning a 500-type error is actually the correct thing to do.

This is an example of the "garbage in, garbage out" rule.

If you are looking for an elegant solution, I'd say you already have the most elegant solution. Don't mess around writing special code to deal with incorrectly made requests. That is not an elegant approach.

You are better off letting the thing error, because then the mechanism requesting the URL will stop doing it. Messing around so that you are returning a 200 OK for a request that wasn't "OK" is the wrong thing to do.

Errors - when they are the correct result - are fine. There's nothing wrong with them.