The page cannot be posted sucessfully with error “An error occurred while executing the application. Please try again or contact the administrator.”
The issue is I cannot insert ‘#Form.Email#’ value into the database
If I remove ‘#Form.Email#’ in page MemberExpressRegActionPage.cfm , I can insert sucesffully without issue. But if I include ‘#Form.Email#’, the page doesnt work.
Also, if in page MemberExpressRegActionPage.cfm, I put an exact value like belwo, it works
INSERT INTO Members
(HandleName, Age, BirthYear, State, CCountry, Email)
if you look in lucee-server\context\logs\exception.log you should see the error, sounds like you have some error handling in place, hiding the actual error which is great on prod but sucks in local dev.
I have also written a log viewer extension for the admin
you should always be using cfqueryparam for all user supplied data* going into a sql query, otherwise you can be easily hacked via sql injection attacks
also for trusted data, the database engine can cache they query plan and will run faster, basically any variables being passed into a query should be passed (bound) via cfqueryparam
The same goes for displaying data, always use encodeForHtml when outputting data, otherwise, it’s easily for anyone to XSS your wesbite
OWSAP maintain a nice list of things to be aware of
I also highly recommend using pure cfscript instead of cfml tags for all business logic, then you can use QueryExecute() which simplifies the secure query params.
Example (with Arguments scope for the params assuming the Form values are passed into a cfc component function):