During Bob Silverberg's awesome ORM presentation today the topic of SQL injection came up. There was a question was about whether or not the Hibernate ORM service built into ColdFusion 9 would prevent SQL injection. On the surface it would seem that it does, but just like everything else, there are exceptions.
After a week of being sick I am finally getting back on track with my blogging. This is going to be one of the final entries in my Building an Application with ColdBox series. There are a lot of other things I want to blog about. I will still blog on ColdBox topics, just separate from this series.
Last time we talked about how to go about validation. Validation is a really complicated subject that I am still struggling with. I understand the concepts of the different ways of doing it, I just cannot seem to make the time to figure out how I want to do it. I think I will be looking at ValidateThis! in the near future.
I decided to start a new sub-series on Validation, since it is a huge and controversial subject, I suspect it will take a post or two, or three.
So, I was chatting with Peter Farrell some time ago:
me: Peter, I have a quick question for you
Peter: Sure, what?
me: Where should input validation go? In the Controller or In the service layer?
Peter: THAT is NOT a quick question.
Now we are really getting into this ColdBox stuff. We've got a view set up, we've got some handlers, we've auto-wired our handlers, and we've added ColdSpring into our application. Now we can start to do stuff.
So where did we leave off last time? Thinking.... thinking... thinking... oh yeah.
Accepting user inputBefore we went off on a tangent of setting up ColdSpring and Autowiring Handlers, we had two simple handler methods inside of the list.cfc handler. We had addList() and doAddList().
As Luis stated in the comments section of my last post, we need to set up autowiring in our handler component. This is really cool stuff. I did not do this the first time around because my post was getting to long and because I wanted to demonstrate both ways of doing it.
What is autowiring?When you are using object factories (like Lightwire and ColdSpring) in your ColdBox applications, you can set up dependency injection for handlers, plugins and interceptors. This is done using the Autowire Interceptor.
In the last post, we looked at how to create a view and how to use handlers to display that view and to receive user input from the view. Now we need to do something with that user input. Here is what we need to get done first:
- Create our todoService.cfc
- Set up ColdSpring to create our todoService object and inject its dependencies
- Instantiate our todoService object in our handlers so that we can start to do something useful
Wow! That's a lot. It may not seem like a lot, but it is. So let's get started. here is our doAddList() handler method so far.
So we've set up our Coldbox Application, we've built our model, now we need to build some front-end pieces and handlers to work with our model through the service layer.
Today we will begin by creating a form and some handlers. In the next few posts we will look at creating the service layer, form validation, and persistence.
In my last post we began creating out Gateway Object. It was a lot more work then I thought it was going to be, hence, this is the second part of creating a gateway object. Hopefully, we won't get to three. But the fact of the matter is, we need these things in place so that we can create our ColdBox application. So suck-it-up :)
Previously...In the last post we created 10 methods, for some we used the Illudium PU-36 code generator, and for some we used our insanely fast typing abilities. The methods we've created so far are:
After we created our methods, we modified our readList() method to return a List object with its child Item objects in a private property of type Array.
Modifying updateList() to include child objectsNow we need to make the same modifications to the updateList() and deleteList() methods.
Geez, it doesn't seem like we are doing much with ColdBox in this ColdBox series, does it?
Of course, to get to the point where we are actually using something like ColdBox to manage the communication between our model and our views, we need to have a model and some views.
So in the last post we discussed creating our Domain Objects(beans). So now we have two domain objects. We have our TodoList bean and our TodoItem bean.
Now that we have our database tables set up from our UML and our folder structure has been created we can begin creating our domain objects (Technically we could have done it first, it could probably be argued both ways).