Creating a variable from a ColdFusion form and using it between pages-CodePudding

INTRODUCTION: Hello any and all,

I am trying to select a variable from Page 1 on Page 3 in Coldfusion. After looking into variable passing with CF, I have come across a few ways to pass with session or global variables, but am not sure if these are good methods for what I am trying to do.

PROBLEM: The reason I am unsure of which is the best way to pass the variable is because the end user will be using this form multiple times a day and I am afraid of session variables not clearing properly from end users not successfully closing their sessions.

OBJECTIVE: The Object of my form is to update information in my DB by pulling a Customer's Order ID. On my first page, I have the following form so that the end user can search by the Customer's Order ID and pull the customer's current information

    <cfform action="searchresults.cfm" method="post">
    <label for="Search" style="color: #fff !Important;"> Customer's OrderID:</label>
    <cfinput type="text" name="search" id="search" required="Yes" message="Please enter 
     an OrderID."  >         
        <input style="margin-top:20px;" type="submit" value="Search" >
    </cfform>

On my Page 3, I have a CFQUERY that I am using to update the DB based around the search variable from the form on page 1.

   <cfquery name="updateform" datasource="collinsmobile">
    
            UPDATE Table
        
            SET
        
        FName= <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.FName#" />
        LName = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.LName#" />
        CustomerEmail = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.CustomerEmail#" />
        CustomerPhone = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.CustomerPhone#" />
        CAddress = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.CAddress#" />
        City = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.City#" />
        St = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.State#" />
        Zip = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.Zip#" /> 
    
            Where OrderID= '#search#'

            </cfquery>

If Anyone could please help me to understand the best method to go about using the "search" variable for my query or point me in the right direction, I'd greatly appreciate it!

Note: My Page 2 is called "searchresults.cfm" and is a query for page 1 as well as a proper form for the final update query on page 3. I felt as though it was too much code and irrelevant to post but can supply code if needed!

CodePudding user response：

The Answer I used for this was on account of Will Belden's comment. I ended up passing a Hidden Variable through my second page's form via:

<cfset TestResult = #search# />

<cfinput type= "hidden" name="TestResult" id="TestResult" value=#TestResult# />

The combination of a CFSET and a Hidden Variable was able to get me where I need to.

CodePudding user response：

This more of a comment, but it is too long to fit in

Instead of

<cfinput type= "hidden" name="TestResult" id="TestResult" value=#TestResult# />

Consider

<input type= "hidden" name="TestResult" value="#encodeForHTMAttribute(TestResult)#">

Why is this better?

Starting with <cfinput

cfform is really a poor technology
You weren't even using it

Next id=

This is for css/javascript interactions. That does not apply here

Next value=#TestResult#

Values are supposed to be quoted
It is important to escape values because they could have characters that would break your code

Last />

XHTML is dead