Custom Server-Side Form Validation

Contact Us or call 1-877-932-8228
Custom Server-Side Form Validation

Custom Server-Side Form Validation

Writing your own custom server-side form validation gives you a lot more flexibility and control. Take a look at the following code.

Code Sample:

               <cfparam name="" default="">
<cfparam name="FORM.distance" default="">
<cfparam name="FORM.time" default="">
<cfparam name="FORM.comments" default="">

  <title>Running Log</title>
  	.errors {color:red; font-weight:bold}
	.cool {color:black}
<cfparam name="errors" default="">
<cfif isDefined("FORM.submitted")>
	<cfif NOT isDate(>
		<cfset errors = errors & "<li>The date is invalid.</li>">
		<cfset dateclass="errors">
	<cfif NOT ListLen(FORM.distance," ") EQ 2>
		<cfset errors = errors & "<li>The distance must be in the format <i>num units</i>.</li>">
		<cfset distanceclass="errors">
		<cfset intDistance = ListGetAt(FORM.distance,1," ")>
		<cfset units = ListGetAt(FORM.distance,2," ")>
		<cfif NOT isNumeric(intDistance)>
			<cfset errors = errors & "<li>The distance must be in the format <i>num units</i>.</li>">
			<cfset distanceclass="errors">
	<cfif Len(errors) EQ 0>
		<cfset RunningLogPath = ExpandPath("Logs/RunningLog.txt")>
		<cfset Tab = chr(9)>
		<cfset outputstring = "">
		<cffile action="append" file="#RunningLogPath#" output="#outputstring#" addnewline="yes">
		<h1 align="center">Entry added</h1>
		<a href="RunningLog.cfm">Running Log</a>
		<!---Clean up variables--->
		<cfset FORM.distance="">
		<cfset FORM.time="">
		<cfset FORM.comments="">

<h1 align="center">Add Entry</h1>
<form method="post" action="#CGI.SCRIPT_NAME#">
<input type="hidden" name="submitted" value="true">
<cfparam name="dateclass" default="cool">
<cfparam name="distanceclass" default="cool">
<cfparam name="timeclass" default="cool">
<cfparam name="commentsclass" default="cool">
<cfif Len(errors) GT 0><!---checking for errors--->
	<tr><td colspan="2" style="margin-left:20px">
		<ul class="errors">
	<td><input type="text" name="date" size="20" value="" class="#dateclass#"></td>
	<td><input type="text" name="distance" size="20" value="#FORM.distance#" class="#distanceclass#"></td>
	<td><input type="text" name="time" size="20" value="#FORM.time#" class="#timeclass#"></td>
	<td><input type="text" name="comments" size="50" value="#FORM.comments#" class="#commentsclass#"></td>
---- C O D E   O M I T T E D ----

This form only validates the first two fields.

  • The date must be a valid date.
  • The distance must be in the format "num units" (e.g, 9 miles).

If the form is submitted without filling any of the fields in, a page that looks like the screenshot below will appear:

The validation is handled as follows:

  1. An errors variable is created using <cfparam> containing an empty string.
  2. When the form is submitted, the fields needing validation are checked one by one. If an error is found, text is appended to the errors variable in the form of an HTML list item and a variable holding the class for that field is set to "errors". That variable is used inside the <input> fields to determine how the field should be displayed.
  3. After each field has been checked, the length of the string held in errors is checked. If it is a zero-length string, that means there are no errors and the entry is added to the log.
  4. Within the HTML form itself, the length of errors is checked again. If it is not a zero-length string, then the error message is output.


The IsValid() function is useful for checking whether a variable or value is of a certain data type or meets pattern, size or length constraints. There are three possible signatures for IsValid().

IsValid(type, value) isValid("range", value, min, max) isValid("regex", value, pattern)

Possible types are the same as those shown in the "<cfinput> and <cftextarea> Validate Values" table at the beginning of this lesson. In addition, the type can be any of the following:

Additional Types for IsValid()
Suffix Description
any Same as IsSimpleValue().
array Same as IsArray().
binary Same as IsBinary().
query Same as IsQuery().
struct Same as IsStruct().