Re: [phplib] OOHForms process From: Hellekin O. Wolf (hellekin <email protected>)
Date: 07/26/00

Ulf Wendel wrote:
>
> "Hellekin O. Wolf" wrote:
> > 1. Display a form
> > 2. Validate data and return the form with correct fields frozen,
> > incorrect fields with an error string above
> > 3. Process data if all is ok, then return a result page
>
> Just wait another decade for the new code...
>
*** Can't wait... Just coding ;-)

>
> > The documentation is quite obscure and I don't know how to use the
> > self_* methods.
>
> Obscure - hmm the code is obscure but not the docs. It's sometimes 100%
> OO, sometimes not. The name of the self_* function for example is
> confusing. Instead of defining "abstract" functions show(),
> show_frozen() and so on he defined self_show, self_show_frozen etc.
>
> This would be pure OO (as far as possible in PHP):
>
> class foo {
>
> function show() { die(); }
> function show_frozen() { die(); }
>
> }
>
> class bar extends foo {
>
> function show() {
> [your code goes here]
> }
>
> function show_frozen() {
> [your code goes here]
> }
>
> }
>
> Instead of this way the author choosed to define self_* function in
> several files where the self_ indicates that you can override it with
> you own functionality.
>
*** OK, altough I wouldn't use die() in a method. Do nothing or spit an
error would seem better.
 
> >
> > Right now I'm passing the following code :
> >
> > $f->new Form;
> >
> > $field["field_name"] = array(
> > "type" => "text",
> > "name" => "field_name"
> > [...]
> > );
> > $f->add_element($field["field_name"]);
> >
> > [...]
> >
> > $f->show_element("field_name");
> >
> > [...]
> >
> > if ($submit) {
> > // Validate elements
> > $f->start();
> > while (list($k,$v) = each($HTTP_POST_VARS)) {
> > if ($err = $f->validate(FALSE,array($k,$v))) {
> > // Display error and the field again
> > echo "<p><font color=\"#ff3300\">Error :
> > $err</font></p>\n";
> > $f->add_element($field[$k]);
> > $f->show_element($k);
> > } else {
> > // display the frozen element
> > $f->add_element($field[$k]);
> > $f->freeze(array($k));
> > $f->show_element($k,$v);
> > }
> > }
> > $f->finish();
> > } else {
> > // Display empty Form
> > [...]
> > }
>
> Sorry, I do not understand your code. You should call add_element()
> first to define you form elements, then call validate() for each one and
> finally decide wether to call freeze() or not before calling
> show_element().
>
*** I'm building a $field array which holds all my fields for this form.
That allows me to regenerate the form dynamically after validation,
including the field value.

The fact is that I probably didn't catch the behavior of freeze()...

So, should I :
        1. define the form once for all
        2. submit and validate every field
        3. if the field is correct : freeze() it then show_element()
        4. else show_element with an empty value ?

The fact is that freeze() did nothing but put an empty hidden field.
I assumed that, as freeze wouldn't display anything, that I'd need to
re-add_element() for all values.
Hence the $HTTP_POST_VARS loop.

Gasp.

> By the way it's not a good style to loop trough $HTTP_POST_VARS.
>
*** I don't understand. Could you expand on that ? (I've been learning
code on my own, style is still something abstract).

BTW, I'm handling user input before doing anything else with it by
checking the contents of $HTTP_POST_VARS (and GET and COOKIE) for
possible attack patterns. If one is found, the access is denied and the
attempt logged.
Only then I'm playing with loops.

Thanks for your input !

regards,

hellekin

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>