[thelist] PHP - centralised processing for multiple forms

Paul Bennett Paul.Bennett at wcc.govt.nz
Mon Sep 4 22:57:02 CDT 2006 

Hi all,

I've been racking my brain over this one for a few days ...

We currently have forms of all descriptions strewn over our site. Each form is a php page full of spaghetti code which controls (and I use the term loosely) the display, validation and emailing of form data to interested parties.

The forms can be anything from resource consent submissions to requests for information to feedback on the site etc etc .

I've hated working with the 'templates' since I started - they're buggy, easy to break and nasty to work with. Lately I patched a security hole in one and then realise there would be other vulnerable pages on the site. Rather than going through and reworking tens of different files, I'm now looking for a way to build a centralised processing script / app for all our forms. (We're talking PHP here..)

Any ideas of thoughts are welcome - my progress so far follows:

Requirements:
* html coders to be able to quickly and easily get a form running
* html coders to be able to tightly control visual display of forms (i.e. - no templating systems, no apps which generate code)
* html forms need to be able to be physically located anywhere in the site (no central 'forms' directory)
* script /app needs to validate data, show an error page if data isn't valid,  email form contents to appropriate staff (enter data into a db if required) and display a confirmation page containing all the sent data

Issues:
* config - how does a centralised app know what validation rules apply to the form data without allowing the client to set them (and thus open up security holes)?
* how can I avoid having the html coders produce config files for every form (to overcome the above validation issue)?
* how can I avoid wrapper / controller scripts needing to be built for every directory containing forms (to allow the user to remain in the same folder location while the central script does the processing)?

Am I making sense? I feel like I'm just not seeing something right today...

Paul

More information about the thelist mailing list