There are a couple of ways to do this, I prefer to do the validation using CGI::Application::ValidateRM this can 'shadow, the javascript validation on the original form. But as jeffa says, NEVER EVER rely on Javascript, it is too easily hacked or bypassed. Following ValidateRM you can do one of two things. If the form does not validate, then ValidateRM will feed all the oroiginal values plus the error messages back to the original run-mode.

Once the form is validated you can either use the valid results from the returned object via the -valid() method of ValidateRM, or use the param() method of the CGI query to reload the form and send it back.

Confirmation is problematic - it is, in our frame of reference, a totally new form input. The form or the javascript can easily be hacked. Even using js and/or hidden values is of little use in ensuring the data is not changed.

My solution? Take the first form when it all validates, write it to the database with an 'unconfirmed' flag set. When the user confirms, clear the flag. If the user does not confirm then delete the data. Alternatively, write the hash of data to a session record, using something like CGI::Session and when it is confirmed, write it to the database.

How do I handle the checking of the confirmation. Persoanlly I write the form data to the session record. When the user confirms I comapre the two hashes and only if all fields remain validated and unchanged does the data get written to the database. It can all be done with one template, it is all in how you handle the data.

To see the CGI::Application::ValidateRM module in action see this tutorial by the modules maintainer markjugg.

jdtoronto