I've been meaning to post about this technique I'm using in some of my Model-Glue applications, but I couldn't decide on the best way to explain what led me to develop it. So I'm going to start with the code first rather than the explanation:
<cffunction name="collectFormDataAndTrim" access="public" returntype="void" output="false" hint="I collect the form values"> <cfargument name="event" type="any"> <cfset var loc= StructNew()> <cfset loc.propertyList= arguments.event.getArgument("propertyList","")> <cfif loc.propertyList EQ ""> <cfset loc.propertyList= arguments.event.getValue("fieldnames")> </cfif> <cfset loc.form= StructNew()> <cfloop index="loc.prop" list="#loc.propertyList#" delimiters=","> <cfset loc.propValue= arguments.event.getValue(loc.prop)> <cfif IsNumeric(loc.propValue)> <cfset loc.form[loc.prop]= loc.propValue> <cfelse> <cfset loc.form[loc.prop]= Trim(HTMLEditFormat(beans.miscService.removeMSWordChars(loc.propValue)))> </cfif> </cfloop> <cfset arguments.event.setValue("form",loc.form)> </cffunction>
This collectFormDataAndTrim function lives in my main controller CFC in my Model-Glue appplications. I call it via a message broadcast any time I need to process typical form input.
Like many of the ColdFusion application frameworks, Model-Glue takes both the URL variables and any values submitted by an HTML form and puts them into one data structure for easy retrieval. In the case of Model-Glue, that data structure is the event object. My function supports two different methods for retrieving the form values from the Model-Glue event object: it can use the list of form field names contained in the "fieldnames" variable created by ColdFusion, or it can process the event variables named in an argument called "propertyList" submitted in the message broadcast, like so...
<broadcasts> <message name="collectFormDataAndTrim"> <argument name="propertyList" value="firstName,lastName,email,acceptTerms" /> </message> ...
Once the form fields names are copied into the local propertyList variable, the function loops through the form variables, sanitizes them for further processing using Trim() and HTMLEditFormat(), and adds them to the loc.form struct variable. I also submit the non-numeric form values to the removeMSWordChars function in my miscService bean to replace any Microsoft Word characters within the content with web-friendly equivalent values (my users have an annoying habit of copying and pasting text from Word into longer text fields).
Finally, the loc.form struct variable containing the santized form
submissions is saved back into the Model-Glue event object to be
utilized by subsequent message broadcasts (for the functions that will
validate the form data and save it to the database).