tracker issue : CF-3169196

select a category, or use search below
(searches all categories and all time range)
Title:

IsValid("integer") does not exclude some none-numeric characters

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/

Reporter/Name(from Bugbase): Mary Jo Sminkey / Mary Jo Sminkey (Mary Jo Sminkey)

Created: 04/18/2012

Components: Language

Versions: 9.0.1

Failure Type:

Found In Build/Fixed In Build: 9.0.1 /

Priority/Frequency: Major / Some users will encounter

Locale/System: English / Win 2008 Server

Vote Count: 15

Duplicate ID:	CF-3712010

Problem Description: If you run isValid("integer") it allows commas and currency symbols to pass. This causes errors if for instance, you try to pass the value to a database. 

Steps to Reproduce: Some values that will pass: 123,,123 or $123,123 

Actual Result: TRUE

Expected Result: FALSE

Any Workarounds: You have to use ReReplace() or Val() to sanitize the values due to these characters being allowed. Better would be to have a true validation for integer, or a way to configure what it allows.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3169196

External Customer Info:
External Company:  
External Customer Name: MaryJo
External Customer Email:  
External Test Config: My Hardware and Environment details: N/A

Attachments:

Comments:

This bug forces developers to run additional testing and/or sanitation against values in order to be able to pass them to other systems where "$" and "," are not considered valid "integer" characters (e.g. database engined such as SQL Server). It also can cause confusion for less experienced developers or those coming from other languages who will expect all non-numeric characters (e.g. [^0-9]) to cause a validation to fail and wonder why these are getting through.
Vote by External U.
19706 | April 18, 2012 03:08:58 PM GMT
This has always been the behavior and changing this would result in backward compatibility issue. It will not be fixed.
Comment by Rupesh K.
19701 | April 24, 2012 04:23:06 AM GMT
+1, this function is broken and needs fixed. Please see my comment.
Vote by External U.
19707 | July 06, 2012 11:40:44 AM GMT
<cfoutput> #isValid("integer", "100.00")#<br /> #isValid("integer", "$1,000")#<br /> #isValid("integer", "$,1,2,$,2352345,$")#<br /> #isValid("integer", "$1,000.00")# </cfoutput> Result: NO,YES,YES,NO If isValid() is to validate currency values, then how about an isValid("money")? But isValid("money", "$,1,2,$,2352345,$") should return NO as well. Also, if it is to validate money, then it should support the decimal character. BUT, integer means integer, and not integer-with-inconsistent-exceptions. It should do what it says it does, no more no less.
Comment by External U.
19702 | July 06, 2012 11:45:47 AM GMT
The function should work as expected, i.e only treat integer values as valid. Backward compatibility should be broken in this case to fix the defect.
Vote by External U.
19708 | July 06, 2012 12:06:43 PM GMT
Rupesh, that's a bit facile I'm afraid. No-one is going to be using a function that validates for an INTEGER to validate for something that is not an integer. No-one will have code doing that. Using your "logic" you would never fix *any* bugs because once they got into the wild there is a theoretical (but completely unrealistic) chance someone might be using it as a square peg to fill a round hole. The function does not do what it says on the tin. It's bugged. You ought to fix it. Please re-open the ticket so it can be triaged for the next release. -- Adam
Comment by External U.
19703 | July 06, 2012 01:42:37 PM GMT
+1. MUST be fixed. You can't have a function that does something so fundamental as validating for an integer not working. This makes a bt of a mockery of CF (esp the Adobe response to the original ticket)
Vote by External U.
19709 | July 06, 2012 01:44:15 PM GMT
http://stackoverflow.com/questions/11535979/coldfusion-why-isvalidinteger-1-5-yes
Vote by External U.
19710 | July 18, 2012 02:25:41 AM GMT
This really needs a fix. No one would ever expect the current behaviour.
Vote by External U.
19711 | July 18, 2012 03:24:24 AM GMT
The function documentation clearly states: "Tests whether a value meets a validation or data type rule. True if the value conforms to the rule; False otherwise". "integer: an integer". Either fix the flawed function or update the documentation to say "in most cases" :p Not fixing a very old bug and blaming it on backwards compatibility - that's crazy talk.
Vote by External U.
19712 | July 18, 2012 04:52:46 AM GMT
I'm embarrassed to use a language that so quickly dismisses a bug that is clearly a bug.
Vote by External U.
19713 | July 18, 2012 06:31:52 AM GMT
ColdFusion's built-in validation functions should work as advertised. It would be one thing if this function evaluated whole dollar amounts as integers, but if it actually accepts random $ and , within a string and still considers it to be an integer, then there's no point having the function in the first place.
Vote by External U.
19714 | July 18, 2012 11:54:14 AM GMT
Clearly this function doesn't do what it's supposed to. Who on earth would rely on such borked behaviour in their code???
Vote by External U.
19715 | July 22, 2012 06:11:17 AM GMT
This is a crazy bug that defies logic. Lots of people use isValid("integer") to validate data that's expected to be an integer to provide protection from hacking, maliciously causing errors to progress hacking, or manipulation of data, so this is actually a security issue too. Bug, bug, bug!
Comment by External U.
19704 | July 25, 2012 07:24:48 PM GMT
The isValid("integer") function clearly does not work as expected as illustrated by others. In this case backward compatibility should be broken in order to fix this bug. If this bug will not be fixed, at the very minimum the documentation should be updated to indicate that this function may not work as intended.
Vote by External U.
19716 | July 27, 2012 10:39:11 AM GMT
You could fix isValid('email') while you were at it... https://bugbase.adobe.com/index.cfm?event=bug&id=CF-3231157
Vote by External U.
19717 | September 03, 2012 09:11:01 AM GMT
isValid("integer", "1,2,3,4") = true This is just silly
Vote by External U.
19718 | September 26, 2013 04:55:04 AM GMT
So this won't be fixed do to a fear of breaking backwards compatibility yet you are breaking backwards compatibility by "fixing" CFINLCUDE to only allow cfm and cfc files. The later is claiming to be a security fix yet I haven't found a way this is a security issue. Adobe Logic is as messed up as ColdFusion "boolean" (0 for false and any number greater than 0 for true).
Comment by External U.
19705 | February 21, 2014 04:07:01 PM GMT
Clearly this function doesn't do what it's supposed to. Which is why I never use this and write my own validation code. It would be nice if the built in functions actually worked.
Vote by External U.
19719 | February 21, 2014 04:08:34 PM GMT
As designed? Are you serious? Do you actually understand what an "integer" is??
Vote by External U.
19720 | February 21, 2014 04:55:04 PM GMT