form definitions in mysql

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I just took over a web site that implements input forms in a clever way: all
form definitions are centrally managed in a mysql table. For example, when a
page needs to build an input form that asks for name, ssn, dob, etc, it gets all
of the rows in the form table that has a form id of (n). Each of these rows has
the field size, display order, caption, post name, etc. for the name, ssn, dob,
etc inputs. There is also a function column that can call a php function for the
field display info (e.g., if a field is a pick list that is populated by a
select.) There are some obvious advantages of managing forms in this manner,
since if one needs to hide a field, lengthen it, change the caption, change the
order, add a field, or whatever, one modifies the forms table and not the web

Perhaps this is not an uncommon technique, but I haven't come across it before.
Has anyone seen this methodology described, either in print or on the web?  

Thanks -


Re: form definitions in mysql

zach wrote:
Quoted text here. Click to load it

Yes, I am currently writing (for fun) an form library for me.  The code is
used like so:

$contact = new form;
$pd = $contact->add_section('Personal Details');
$pd->add_text('First Name')->add_rule('max-len', 100);

It's pretty neat, but still unstable.


Carl Vondrick
To contact me, please use my website.

Re: form definitions in mysql

This is definitely a way to do the things quickly and with less code.

However, I, personally, would suggest not to directly map against
database tables.

If so, do some encoding on it. The reason is obvious. If you are not
checking against the actual fields in the database, SQL-Injection may
be possible by custom-data creation.

What if I hand-craft the data and send it. If you blindly execute the
SQL against the  names / values from the forms... things may be

Can't give an example for keys being SQL-injected... but I think that
should very much be possible.

Gaurav Vaish

Site Timeline