Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
There are a couple of ways to do this, I prefer to do the validation using CGI::Application::ValidateRM this can 'shadow, the javascript validation on the original form. But as jeffa says, NEVER EVER rely on Javascript, it is too easily hacked or bypassed. Following ValidateRM you can do one of two things. If the form does not validate, then ValidateRM will feed all the oroiginal values plus the error messages back to the original run-mode.

Once the form is validated you can either use the valid results from the returned object via the -valid() method of ValidateRM, or use the param() method of the CGI query to reload the form and send it back.

Confirmation is problematic - it is, in our frame of reference, a totally new form input. The form or the javascript can easily be hacked. Even using js and/or hidden values is of little use in ensuring the data is not changed.

My solution? Take the first form when it all validates, write it to the database with an 'unconfirmed' flag set. When the user confirms, clear the flag. If the user does not confirm then delete the data. Alternatively, write the hash of data to a session record, using something like CGI::Session and when it is confirmed, write it to the database.

How do I handle the checking of the confirmation. Persoanlly I write the form data to the session record. When the user confirms I comapre the two hashes and only if all fields remain validated and unchanged does the data get written to the database. It can all be done with one template, it is all in how you handle the data.

To see the CGI::Application::ValidateRM module in action see this tutorial by the modules maintainer markjugg.


In reply to Re: Confirmation page using HTML::Template & CGI::Application by jdtoronto
in thread Confirmation page using HTML::Template & CGI::Application by bar10der

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others having an uproarious good time at the Monastery: (5)
    As of 2020-02-29 11:06 GMT
    Find Nodes?
      Voting Booth?
      What numbers are you going to focus on primarily in 2020?

      Results (128 votes). Check out past polls.