[ic] Forms done right
Stefan Hornburg (Racke)
racke at linuxia.de
Sun Sep 18 09:02:25 UTC 2016
On 09/18/2016 02:40 AM, Grant wrote:
>>>> My IC forms are non-standard and kind of cobbled together. Is there
>>>> an example online of how to do simple form validation and then
>>>> conditional ITL execution?
>>>
>>> Typically, one would just do something like:
>>>
>>> [set mycheck]
>>> &update=yes
>>> fname=required
>>> [/set]
>>>
>>> [set doSomething]
>>> [usertag here or other action]
>>> [/set]
>>>
>>> <form action="[area my-next-page]" method="post">
>>> <input type=hidden name=mv_action value=go>
>>> <input type=hidden name=mv_form_profile value=mycheck>
>>> <input type=hidden name=mv_click value=doSomething>
>>>
>>> The mv_form_profile will happen before the mv_click, and the mv_click is
>>> conditional on the profile passing. "mv_check", however, is _not_
>>> conditional on the profile succeeding:
>>> http://www.icdevgroup.org/pipermail/interchange-users/2003-February/031679.html
>>>
>>> Also see:
>>> http://interchange.rtfm.info/icdocs/category:Interchange_forms.html
>>>
>>
>> I would rather use an ActionMap than this old style IC form processing.
>>
>> You can run $Tag->run_profile inside of it which allows you to use
>> your profiles defined in the catalog.
>>
>> Aside of that, it is safer as you can circumvent the magic variables
>> by posting the form by a bot / from a script.
>
>
> Thank you Josh and Stefan. Stefan, so I'm sure I understand, the
> magic variables are mv_action, mv_form_profile, and mv_click in the
> above example? If I don't use an ActionMap then I need to be sure I
> consider that those variables could be set by the user?
Yes, for example if would be possible to skip the data validation
through the form profile. I didn't see that happen, but it is still
wrong to allow the user to manipulate it.
Regards
Racke
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration.
More information about the interchange-users
mailing list