[Israel.pm] Re: Messing with Forms... Again...

Shlomi Fish shlomif at vipe.stud.technion.ac.il
Mon Jan 12 03:18:41 PST 2004


On Mon, 12 Jan 2004, Yuval Yaari wrote:

> Hi,
>
> Again, I'm trying to simplify the thing I hate most: handling forms.
>
> Usually the 3 steps occur:
> 1) Display the form
> 2) Check the submitted values.
>      if everything's ok, go to step 3, otherwise, go back to step 1 and
>      show the error.
> 3) Display a thank you message (or show the next part of the form...
> either way, that page will need access to the last POST data)
>
> I would like to simplify everything.
>
> As Pinkhas offered me, the forms won't contain _any_ form validation.
>
> The form validation will be done in mod_perl's handler subroutine.
>

That's always a good idea. You cannot tell if a malicious user bypasses
the JavaScript form validation and passes incorrect data to the form
handler. So, either way you have to do it in Perl as well.

> Then the validation function will either give an error (put it in the
> session, or using pnotes) and the autohandler of the forms will display
> it (so the forms won't contain any code, but the autohandler will) OR
> will redirect to the next page (either a thank you message or the next
> part of the form).
>
> This probably keeps everything clean(er).
>
> Now, since I am familiar with not-being-correct-about-field-names (the
> HTML coder uses FirstName and the Perl coder uses first_name etc)
> I would like to create some data-structure to keep this easy.
>
> Also this data strucute should keep some information about:
>
> * The form's next part (URI or something)
> * The form's validation function (subroutine reference, the params will
> be passed to it)
> * The form's "action" function (or maybe I should keep it inside the
> validation function?)
>
> I also have no idea what's the FORM's ACTION should be (since
> everything's done using the mod_perl handler subroutine).
>
> Any idea about how to implement everything would be appreciated.
> Anyone here ever created a big site and wants to share how he
> implemented forms handling?
>

I once created a front-end to edit seminars in the Technion (as a
student's project). For the forms, what we did was enumerate the fields in
an array of hashes (containing the param name, its type, its parameters,
constraints, etc.), and then render them to HTML one by one. Upon
receiving input we had much the same thing using the same data structure,
just checking the CGI params.

For the IGLU Jobs tracker (which is a much less substantial project), I'm
now using WWW::Form which does some of the job for me. After I started
working with it, I found it had some things that I could not do with it, so I
extended it and sent the modifications to the author. He and I are now
going to collaborate on it, and extend it and make it more modular and
extensible further.

There's also CGI::FormMagick which may be more suitable for you, but I
haven't tried working with it, yet.

Regards,

	Shlomi Fish


----------------------------------------------------------------------
Shlomi Fish        shlomif at vipe.technion.ac.il
Home Page:         http://t2.technion.ac.il/~shlomif/

You are banished! You are banished! You are banished!

Hey? I'm just kidding!



More information about the Perl mailing list