|
Posted by cartercc on October 10, 2007, 2:56 pm
Please log in for more thread options
I think I already know the answer to this one, but I'm giving it the
old college try.
My problem is this: I have an HTML form that sends a bunch of data to
a Perl script, where it is validated and read into a database. The
powers that be have decided in their infinite wisdom that the initial
page needs to be broken into two parts. (This is an attempt to correct
some common user errors, not because of any technical reasons.) So I'm
sitting here looking at revising a mess of script, insert queries,
etc.
If I could collect the form values from the first HTML page and pass
them to the second HTML page, I could go home early and watch the ball
game. Is there anyway to do this? Example below.
Thanks, CC.
------here's what I would like to do---------------
PAGE 1:
<html>
<body>
<form name="form1" action="page2.html">
What is your name: <input type="text" name="name" />
<input type="submit" value="Go to page 2" />
</form>
</body>
</html>
PAGE 2:
<html>
<body>
<!-- get name from page1 somehow -->
<form name="form2" action="cgi-bin/page3.pl">
What is your class: <input type="text" name="class" />
<!-- perhaps something like?
<input type="hidden" name="name" value="name-from-page-1" -->
<input type="submit" value="Go to page 3" />
</form>
</body>
</html>
|
|
Posted by Scott Bryce on October 10, 2007, 3:13 pm
Please log in for more thread options
cartercc@gmail.com wrote:
> I think I already know the answer to this one, but I'm giving it the
> old college try.
>
> My problem is this: I have an HTML form that sends a bunch of data to
> a Perl script, where it is validated and read into a database. The
> powers that be have decided in their infinite wisdom that the initial
> page needs to be broken into two parts. (This is an attempt to correct
> some common user errors, not because of any technical reasons.) So I'm
> sitting here looking at revising a mess of script, insert queries,
> etc.
>
> If I could collect the form values from the first HTML page and pass
> them to the second HTML page, I could go home early and watch the ball
> game. Is there anyway to do this? Example below.
Sorry, wrong approach.
Well, it could work, but I wouldn't do it that way. If you do, you will
need to validate ALL of the data you receive from the second form,
including data that you already validated when the first form was
submitted. If some of that data from the first form comes back from the
second form dirty, you need a way to deal with that.
If you do it that way, your script will need to write the second form.
It can include hidden fields with all data submitted from the first
field. DON'T assume that what you get back from these hidden fields is
the same data that was submitted in the first form.
A better approach:
Form 1 is submitted. The data is validated. It is written to a temporary
record in the database. A unique identifier is attached to that
temporary data. The second form is displayed. The unique identifier is
either written into a hidden field, or stored in a cookie.
Form 2 is submitted. Part of the process of validating its data is
validating the unique identifier by finding the temporary record. If the
data validates, it is written to a permanent record in the database, and
the temporary record is deleted.
All temporary records older than X amount of time are purged from the
database periodically. This can be done as part of the script, (whenever
data is written to a permanent record, for example) or done separately
by another script activated by a cron job.
Either approach you use, this will help:
http://search.cpan.org/~samtregar/HTML-Template-2.9/Template.pm
as will:
http://search.cpan.org/~gaas/HTML-Parser-3.56/lib/HTML/Entities.pm
|
|
Posted by Steve Swift on October 11, 2007, 6:51 am
Please log in for more thread options > If I could collect the form values from the first HTML page and pass
> them to the second HTML page, I could go home early and watch the ball
> game. Is there anyway to do this? Example below.
Well, this is how I'd do it:
I'd modify your existing page to become page 1 and have it submit its
POST data to a new CGI script. If you can fiddle your server so that
requests for the initial page get redirected to this script then so much
the better, because the script that handles Page1 data might have to
redisplay page1 with error messages. It might as well handle GET
requests by displaying the initial page, then everything comes together
in one script.
Your new script validates Page1 data when POSTed and either rewrites
Page1 if the data has errors or writes page2, with the page1 data in
hidden fields, and the page 2 fields in the same form.
I'd have page2 drive the same (new) script again, as I find it easier to
keep everything in one script, but you could have a separate script to
handle page2.
I do this sort of thing all the time. (Inside my employer's private
network). I have sequences of several pages that gather data in stages,
carrying it forward in hidden fields. It's precisely what hidden fields
were designed for.
The prior poster seems to have some concerns that the hidden fields from
page 2 (which are actually the page1 data) may not come through
correctly, but anyone who could subvert these fields could do the same
to your original HTML form, so I don't see any new hazard.
--
Steve Swift
http://www.swiftys.org.uk/swifty.html
http://www.ringers.org.uk
|
|
Posted by Scott Bryce on October 11, 2007, 10:49 am
Please log in for more thread options Steve Swift wrote:
> The prior poster seems to have some concerns that the hidden fields from
> page 2 (which are actually the page1 data) may not come through
> correctly, but anyone who could subvert these fields could do the same
> to your original HTML form, so I don't see any new hazard.
It isn't a new hazard. The OP has to be aware that after receiving those
values back in hidden fields in the second form, the hazard exists a
second time. He can't assume that because he validated them once, they
are still good.
|
|
Posted by Chris Morris on October 11, 2007, 11:23 am
Please log in for more thread options > Steve Swift wrote:
> > The prior poster seems to have some concerns that the hidden fields
> > from page 2 (which are actually the page1 data) may not come
> > through correctly, but anyone who could subvert these fields could
> > do the same to your original HTML form, so I don't see any new
> > hazard.
>
> It isn't a new hazard. The OP has to be aware that after receiving
> those values back in hidden fields in the second form, the hazard
> exists a second time. He can't assume that because he validated them
> once, they are still good.
However, by storing the data correctly in the hidden fields, you can
avoid having to revalidate it:
- serialise all the data you would put into the hidden
fields into a single string.
- one-way hash the data (e.g. sha1) with a secret salt.
- place the serialised data into a hidden field, and the hash into another.
(or add it on to the end of the serialised data in the same field)
- when the form is submitted, recalculate the hash, and if it
matches, unserialise the data (which you know is unchanged). If it doesn't
match, reject the submission.
You then don't have to validate anything other than the new data and a
single quick test for all the old data.
--
Chris
|
| Similar Threads | Posted | | Form Reload with Tainted Values | April 28, 2008, 5:13 pm |
| User hits back button - has to enter form values from scratch | January 31, 2008, 8:39 pm |
| sending hidden values AND option values at the same time ? | September 12, 2006, 12:52 am |
| html contact form on front page | January 19, 2007, 11:52 pm |
| Help with a Form page | February 10, 2005, 7:49 am |
| Multiple Page Form | September 8, 2004, 6:46 am |
| Re: print form value on the web page etc? | January 23, 2008, 5:47 am |
| Forward to new page after competed form. | September 17, 2004, 3:36 am |
| Validation of ASP.Net page - name attribute of form tag | May 25, 2006, 10:14 am |
| How to keep | July 31, 2007, 2:49 pm |
|
XML Sitemap