[thelist] PHP - centralised processing for multiple forms

Lee kowalkowski lee.kowalkowski at googlemail.com
Tue Sep 5 05:26:39 CDT 2006

On 05/09/06, Paul Bennett <Paul.Bennett at wcc.govt.nz> wrote:
> Issues:
> * config - how does a centralised app know what validation rules apply to the form data without allowing the client to set them (and thus open up security holes)?

Perhaps define the field names and enforce them, or, adopt a naming
convention, for example, any field name ending with "email" will be
validated as an email address.

> * how can I avoid having the html coders produce config files for every form (to overcome the above validation issue)?

Hmm, same as above, but you may need to perform maintenance on the
centralised app from time to time, for instance, when a new validation
rule or field type is required.

> * how can I avoid wrapper / controller scripts needing to be built for every directory containing forms (to allow the user to remain in the same folder location while the central script does the processing)?

Er, try allowing some hidden fields that point to the confirmation /
results pages.  You can always reject absolute URLs.  How reliable is
the referrer for this kind of thing?

Or, if the HTML coders can use php, you could do something like make
the forms post to themselves (can this be done with action="" or would
you need to specify it explicitly?) and have them insert a standard
include that detects that the request method is a post and does or
forwards to the form processing rather than re-render the form.  That
way your requests stay in the originating folder.


More information about the thelist mailing list