Element Undefined Error In ColdFusion. cfparam does not work

StackOverflow https://stackoverflow.com/questions/17069969

Question

I am having problems with my ColdFusion code returning "Element AUTHOR is undefined in FORM." whenever I submit my form. I've tried using <cfparam> to set comment.author but it didn't work either. I'm fairly new to ColdFusion so any reasoning comments would be great too!

<cfparam name="form.submitted" default="0" />
<cfset blogPost = EntityLoad('BlogPost',url.id,true) />
<cfif form.submitted>
    <cfset comment = EntityNew('BlogComment') />
    <cfset comment.author = form.author />
    <cfset comment.comment = form.comment />
    <cfset comment.createdDateTime = now() />
    <cfset blogPost.addComment(comment) />
    <cfset EntitySave(blogPost) />
</cfif>

<cfimport taglib="customTags/" prefix="layout" />
<layout:page section="blog">    

        <!-- Content Start -->

        <!--Card  -->
        <div id="content">
            <div class="card-pattern">
                <!-- blog -->
                <div id="blog">
                    <div class="clr">
                        <div class="top-bg1">
                            <div class="top-left">
                                <div><h1>Blog</h1></div>
                            </div> 
                        </div>
                        <div class="clr">
                            <div class="pat-bottomleft">&nbsp;</div>
                            <div class="pat-bottomright">&nbsp;</div>
                        </div>
                    </div>
                    <div class="blog-top">  
                        <div class="clr">
                        <cfoutput>
                            <div class="left">
                                <!-- Blog Title -->
                                <h2 class="big">
                                    #blogPost.title#
                                </h2>
                                <!-- Date Published -->
                                <h5>
                                    <strong>Date Posted</strong>: #dateformat(blogPost.dateposted,'mm/dd/yyyy')#
                                </h5>
                                <!-- Blog Body -->
                                    #blogPost.body#
                                <!-- Blog Export -->
                                <p>
                                    <a href="exportToPDF.html?id=#blogPost.id#" target="_new"><img src="assets/images/export_pdf.png" border="0"/></a>
                                </p>
                                <!-- Blog Comments Section -->
                                <h3>
                                    Comments #arrayLen(blogPost.getComments())#
                                </h3>
                                <div class="clr hline">&nbsp;</div>

                                <div class="clr comments">
                                    <ul>
                                        <!-- Start Comment -->
                                        <cfloop array="#blogPost.getComments()#" index="comment">
                                        <li>
                                            <p>
                                                <strong>Posted On:</strong> #dateFormat(comment.createdDateTime,'mm/dd/yyyy')# at #timeformat(comment.createdDateTime,'short')# By #comment.author#
                                            </p>
                                            <p>
                                                #comment.comment#
                                            </p>
                                            <div class="clr hline">&nbsp;</div>
                                        </li>
                                        </cfloop>
                                        <!-- End Comment -->
                                    </ul>
                                </div>
                                <h3>
                                    Post Comment
                                </h3>
                                <div class="clr hline">&nbsp;</div>

                                <div class="clr postComment">
                                    <form action="BlogPost.cfm?id=#blogPost.id#" method="post" id="form">
                                        <div>
                                            <label>Name <span class="font-11">(required)</span></label>
                                            <input name="contactname" type="text" class="required" />
                                        </div>
                                        <div class="textarea">
                                            <label>Comment <span class="font-11">(required)</span></label>              
                                            <textarea name="comment" rows="6" cols="60" class="required"></textarea>        
                                        </div>
                                        <div>
                                            <input id="submitBtn" value="Submit"  name="submit" type="submit" class="submitBtn" />
                                        </div>
                                        <input type="hidden" name="submitted" value="1" />
                                    </form>
                                </div>  
                            </div>
                        </cfoutput>
                            <div class="right" >
                                <h2>Categories</h2>
                                <!-- Blog Specific Categories -->
                                <div id="categories" align="center">
                                    <ul>
                                        <li><a href="#">ColdFusion</a></li>
                                        <li><a href="#">Development</a></li>
                                    </ul>
                                </div>
                            </div>
                        </div>
                    </div>
                    <div class="clr"></div>
                </div> <!--blog end -->

</layout:page>
Was it helpful?

Solution

The error is telling you what is wrong. There is no author element in your form OR there is no form scope at all. Here is the form code that you posted:

<form action="BlogPost.cfm?id=#blogPost.id#" method="post" id="form">
    <div>
        <label>Name <span class="font-11">(required)</span></label>
        <input name="contactname" type="text" class="required" />
    </div>
    <div class="textarea">
        <label>Comment <span class="font-11">(required)</span></label>              
        <textarea name="comment" rows="6" cols="60" class="required"></textarea>        
    </div>
    <div>
        <input id="submitBtn" value="Submit"  name="submit" type="submit" class="submitBtn" />
    </div>
    <input type="hidden" name="submitted" value="1" />
</form>

It only contains 4 elements: contactname, comment, submit and submitted. This means that after the form is submitted ColdFusion will have access to: form.contactname, form.comment, form.submit and form.submitted. I presume that you are trying to set your comment.author variable to the contactname form field.

You could either change your code where you are setting the variable, like this:

<cfset comment.author = form.contactname />

Or you could change your code where the form field is defined, like this:

<input name="author" type="text" class="required" />

Either way, the references to the form scope must match the names that you give them in your HTML form. For what it's worth, you can always dump the form scope after it is submitted to see what is available, like this:

<cfdump var="#form#">

Also remember to sanitize all data that you receive from the client.

How can I sanitize user input but keep the content of <pre> tags?

OTHER TIPS

Agreed, undefined because it doesn't exist in the form.

And definitely sanitize all form and url data. One example below:

<cfset myVar = ReReplaceNoCase(#FORM.formfield#,"<[^>]*>","","ALL")/>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top