When using Cold Fusion with dynamic forms that feed a SQL query, it is always a good idea to use the <cfqueryparam> tag to help stop sql injection.

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

cfqueryparam

Verifies the data type of a query parameter and, for DBMSs that support bind variables, enables ColdFusion to use bind variables in the SQL statement. Bind variable usage enhances performance when executing a cfquery statement multiple times.

This tag is nested within a cfquery tag, embedded in a query SQL statement. If you specify optional parameters, this tag performs data validation.

Note from The Hahn:
I thought it worth providing a sample I use for cfqueryparam since null values are a bit wacky.

<cfqueryparam cfsqltype="cf_sql_varchar" maxlength="14" value="#FORM.field#" null="#YesNoFormat(NOT Len(Trim(FORM.field)))#">

This checks the data type and if the field is blank inserts a null. The “null” attribute of the cf tag uses yes/no for some reason, thankfully CF has that little YesNoFormat function. Note that an error in length will throw an ugly error message, you should do some server side checking of your own and display a custom error message.

Thanks to Dan for bringing this up and for linking keywords!

I don’t know why anyone would not have Google Analytics set up on their website. It’s one of the best website statistic packages out there, is constantly being improved upon and is FREE! Yes, Google rocks the house again.

So, as I’m adding Google Analytics to this site, I’ll share the process with you!

1. If you don’t already have a Google account, get with the program and get your free Gmail account at www.gmail.com
2. Now go to http://www.google.com/analytics/ and sign in.
3. Click on ‘Add Website Profile’
4. Enter the URL and timezone for your domain and Continue.
5. This next page will give you 2 options: the Legacy Tracking Code or the new option. Click on the ‘New Tracking Code’ option.
6. You’ll see a bunch of Javascript code. You’ll need to add this to the bottom of your web pages. If you don’t know how to do this, contact your web designer! Since our site is built using WordPress, I have to open the footer.php for the template that I have selected.
7. After you have that javascript added to your pages and your files uploaded, click on the finish button. You’ll see your site listed under Website Profiles.
8. Now you have to wait. Sometimes it’ll take a while for Google to find the tracking code that you put on your site but as soon as that happens, you’ll start getting all the stats you could ever want on your site, set up marketing goals and much, much more!

When it comes to Internet marketing, Google page rank is paramount to people finding you. One of the best ways to get a high page rank is to have relevant sites linking to yours. Since we’re a Web Design company, we searched out Web Designer directories that would list us. Since they’ve already obtained a good search engine ranking, being listed gives us potential click-thrus from their site and boosts our own page rank at the same time.

Here’s where we are listed:

• Preferred firm in the Flash & Flex Developers category at WebsiteDesignersList.com
• Featured in the Boise Web Design Company Directory
• We’re listed in Boise web design section of Idaho web design directory at Finders – US web design directory

We’ve launched our design portfolio, complete with project descriptions and plenty of eye candy! Check it out!

Internet Explorer 6 anagram.

I’m going to have to decide now if I should provide a daily rant about the browser now or after I exhaust random musings about Coldfusion and helpful CSS snippets.

If I start posting reminders to myself about CSS behavior I think myself and those on the internets will benefit.

img { display:block; }

Much more predictable results when starting a stylesheet with that.

Finally, a Website for our Boise office! Long under the oppressive yokes of the Seattle tyranny, our Boise team has risen from the ashes like the Phoenix reborn! Ok, ok, it’s not that bad — we’ve just been waiting to have some time between projects to actually build something for our Boise team here. We’ve been here downtown since July 2007 but have been so swamped with everything that well…you know.

So, this is where we take out our Bible ( or Richard Dawkins book) and say the pledge:

I, <Peak Boise Employee>, do solemnly swear to regularly add blog posts to our wonderful website on the World Wide Web and do solemnly uphold the valued principles of Peak Systems as we write…and to write stuff that interesting enough to not bore our readers to sleep!

Ok, so this is our first blog post. Many to follow!