Thursday, August 05, 2004

Applying CF Best Practices - joe rinehart on CF and more

This is my attempt to show how to apply Joe Rinehart's Best Practices list...

1. Never trust user input

I always have my own version of a local variable name, that can not be overwritten without my consent. This is both good for security and data type validation, but makes it easy for form displays.

Because when I create my forms to edit/add content, I always create the edit form, with cfoutput surrounding my local variables.

But when you use cfparam to pre-define your local variables, then it really makes it easy to use the same code from editing content to adding content.

2. cfqueryparam or caching and data type validation

The benefits vary somewhat based on what database you are using. In Oracle, cfqueryparam also allows you to take advantage of Bind Variables, to improve performance.

Using it with SQL Server just allows you to use it's datatype validation methods.

And you can use cfqueryparam in where, select, anywhere where there is dynmamic variables affecting the sql code.

Remember cfqueryparam isn't needed if you the dynamic part isn't being controlled or sent by a user. Although it is a good practice.

You have to evaluate which caching method benefits you most, based on whether it's frequentally changing data, or frequentally needed data.

3. Coding for Portability

This is in general a good idea, to use variables, to hold data that changes based on what server you are on, and store them in your application scope, in the application.cfm file.

It does get to be a pain to have change hundreds of files, if your datasource or folder structure changes.

4. Code Formatting

Please use the same syntax of commenting, like some older coders put their comments to the right of the commands, and some above the commands. Stick to one style.

This also includes indenting, which is my favorite easy way of following the logic flow of an application...

5. Use existing public code

Well there are a lot of resources out the of udf's, custom tags, all kinds of ways to do a specific task.

Try looking around, and seeing if a free piece of code can do what you want, before you try creating from scratch.

6. Variable Scoping

I've written enough to explain the importance of variable scoping. It really comes down to being careful to make sure the variables hold the data you want them to.

I always use cfparam to create a local variable, which then i can logically pass url, query, form, file, cookie, client data.

The key is control what data gets into what variable.

8. Performance Matters

CFMX has really advanced it's debugging information, it shows allt he includes that your application calls, and makes it easy to identify bottlenecks.

If an include takes more than 250 mx, then it bolds/reddens that debug info, to show you to be aware of this includes performance issues.

Take care of your queries, logic flow, keep an eye how much processing power it takes to do your job.


In conclusion.

Best Practices are always evolving, because all of us want to learn from our and other's mistakes so that we can do a professional job.

Because none of us want to go back to a project we thought we completed, only to find out it crashed the site, or didn't work, or had x number of errors.

The more thorough and precise in our coding, the better we will get in the long haul..

What best practices do you use, that are not in the list? What practices do you think make sense or no sense?

Please comment and let us know!



  1. Anonymous5:31 PM

    I would say best practice #1 is to not listen to anything that is posted on your blog. I can't believe you continue to spew mindless drivel. I thought you got fired/let go... shouldn't that tell you something? (maybe it's time for a career change?)

  2. I see, instead of stating where you disagree with me, you just continue to try to insult me.

  3. Anonymous2:23 AM

    you can judge the performance unless you have turn off the debugging... very basic thing keep in mind.
    cfqueryparam is a prepared sql statement which helps us to identify the datatype.
    user users are best testers of your application, they will do something which you don't expects. I don't know with out properly knowledge of these things , you have named this topic best practice.

  4. Anonymous5:18 AM

    A lot of what I see here seems to be repeated calls to 'be better', and the last few blog entries have been in response to another blogger, but haven't seemed to add a lot of value to the original blogger's content, and in many cases the content here doesn't seem to make sense, or is far too basic for many folks.

  5. Yet, I go from job to job, and I see more and more people who haven't even mastered the basics.

    So that's the whole point, perhaps I am not the world's best programmer or writer, all i want to do is help.

  6. Anonymous10:08 AM