clearsoftware.net - joe rinehart on CF and more
This is my attempt to show how to apply Joe Rinehart's Best Practices list...
1. Never trust user input
I always have my own version of a local variable name, that can not be overwritten without my consent. This is both good for security and data type validation, but makes it easy for form displays.
Because when I create my forms to edit/add content, I always create the edit form, with cfoutput surrounding my local variables.
But when you use cfparam to pre-define your local variables, then it really makes it easy to use the same code from editing content to adding content.
2. cfqueryparam or caching and data type validation
The benefits vary somewhat based on what database you are using. In Oracle, cfqueryparam also allows you to take advantage of Bind Variables, to improve performance.
Using it with SQL Server just allows you to use it's datatype validation methods.
And you can use cfqueryparam in where, select, anywhere where there is dynmamic variables affecting the sql code.
Remember cfqueryparam isn't needed if you the dynamic part isn't being controlled or sent by a user. Although it is a good practice.
You have to evaluate which caching method benefits you most, based on whether it's frequentally changing data, or frequentally needed data.
3. Coding for Portability
This is in general a good idea, to use variables, to hold data that changes based on what server you are on, and store them in your application scope, in the application.cfm file.
It does get to be a pain to have change hundreds of files, if your datasource or folder structure changes.
4. Code Formatting
Please use the same syntax of commenting, like some older coders put their comments to the right of the commands, and some above the commands. Stick to one style.
This also includes indenting, which is my favorite easy way of following the logic flow of an application...
5. Use existing public code
Well there are a lot of resources out the cflib.org of udf's, custom tags, all kinds of ways to do a specific task.
Try looking around, and seeing if a free piece of code can do what you want, before you try creating from scratch.
6. Variable Scoping
I've written enough to explain the importance of variable scoping. It really comes down to being careful to make sure the variables hold the data you want them to.
I always use cfparam to create a local variable, which then i can logically pass url, query, form, file, cookie, client data.
The key is control what data gets into what variable.
8. Performance Matters
CFMX has really advanced it's debugging information, it shows allt he includes that your application calls, and makes it easy to identify bottlenecks.
If an include takes more than 250 mx, then it bolds/reddens that debug info, to show you to be aware of this includes performance issues.
Take care of your queries, logic flow, keep an eye how much processing power it takes to do your job.
ALWAYS LOOK FOR FASTER WAYS TO GET THE SAME DATA RESULTS YOU WANT!!
Best Practices are always evolving, because all of us want to learn from our and other's mistakes so that we can do a professional job.
Because none of us want to go back to a project we thought we completed, only to find out it crashed the site, or didn't work, or had x number of errors.
The more thorough and precise in our coding, the better we will get in the long haul..
What best practices do you use, that are not in the list? What practices do you think make sense or no sense?
Please comment and let us know!