We're updating the issue view to help you get more done. 

Queryparam will first check maxLength and only after convert the value to the given type

Description

Giving a decimal number to a queryparam with type cf_sql_INTEGER will convert the number to an integer without decimals.
When maxLength is set however, there will first be a check on the length on the value and only if it's shorter or equal will Lucee convert the value to an integer.
In our application we have generated DAOs that set the maxlength based on the max length on that field in the database. In most cases the values with type cf_sql_INTEGER are verified beforehand, but not everywhere and in some cases the result of a calculation that results in a decimal for example is saved instead relying on the queryparam to convert the value to an integer.

Example:
maxlength = 5
1.43 works in Lucee and becomes 1
1.43523454 doesn't work and gives a database exception since it exceeds the maxlength

It is probably not desirable to convert values this way. Nevertheless, it already works this way in both ACF and Lucee. It's just that it seems like ACF first converts the value to an integer and only then checks the maxlength whilst Lucee does it the other way around resulting in an exception when the decimal number exceeds the max length despite the result of converting it to an integer not exceeding it.

Environment

None

Status

Assignee

Pothys - MitrahSoft

Reporter

Jan Wijnands

Labels

None

Sprint

None

Fix versions

Affects versions

5.3.2.74
5.2.9.31

Priority

New