| View previous topic :: View next topic |
| Author |
Message |
gerard
Smarty Regular
Joined: 18 Apr 2003
Posts: 84
|
 Posted: Tue Oct 25, 2005 1:11 am Post subject: $smarty.files / $_FILES ? |
 |
|
| Why isn't $_FILES included in $smarty (i.e. $smarty.files)? |
|
| Back to top |
|
boots
Administrator
Joined: 16 Apr 2003
Posts: 5611
Location: Toronto, Canada
|
| Posted: Tue Oct 25, 2005 1:23 am Post subject: |
|
|
Personally, I favour removing the entire request variables interface altogether. In my view, data ought be explicitly assigned.
Historically, $_FILES came later to PHP and after many objections to Smarty's request variables. I suspect no one added to Smarty's interface just so as to not continue down that particular path (so-to-speak). Anyways, that's what I think may have happened; I do agree it is a little odd that it is missing, all-things considered. Never-the-less, I for one still don't favour it being added at this point. |
|
| Back to top |
|
gerard
Smarty Regular
Joined: 18 Apr 2003
Posts: 84
|
| Posted: Tue Oct 25, 2005 1:32 am Post subject: |
|
|
| I understand that line of thought, but I think it should be all or none for consistency's sake (personally, I'm in favor of all - just for convenience). |
|
| Back to top |
|
mohrt
Administrator
Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA
|
| Posted: Tue Oct 25, 2005 4:05 am Post subject: |
|
|
I would venture to say that $_FILES isn't in the same category as $_GET or $_POST when we are talking about the presentation layer of an application. You can directly access $_GET and $_POST from the template for convenience sake (although ideally you shouldn't, as boots said), but $_FILES most certainly isn't info the templates should be accessing directly. Let the application access/assign that stuff. I don't think consistancy is relevant, it would just lend itself to programming styles designed for job security 
If you really want it, put it in your constructor:
[php:1:385e9ed014]$smarty->assign($_FILES,'files');[/php:1:385e9ed014] |
|
| Back to top |
|
gerard
Smarty Regular
Joined: 18 Apr 2003
Posts: 84
|
| Posted: Tue Oct 25, 2005 4:27 am Post subject: |
|
|
| mohrt wrote: | | $_FILES most certainly isn't info the templates should be accessing directly |
Why not? I was coding some file upload pages and put this on the second page:
File {$files.upload.name}
Size {$files.upload.size}
Type {$files.upload.type}
Pretty useful info ($files.error too) - don't see anything wrong with templates having access to that info ($files.tmp_name probably isn't useful to templates though). $_FILES is really just part of $_POST. |
|
| Back to top |
|
mohrt
Administrator
Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA
|
| Posted: Tue Oct 25, 2005 1:32 pm Post subject: |
|
|
| For instance, what if there was an error uploading the file(s), such as file size too big for the server to allow. Are you going to start doing error checking routines in your templates? |
|
| Back to top |
|
gerard
Smarty Regular
Joined: 18 Apr 2003
Posts: 84
|
| Posted: Tue Oct 25, 2005 6:26 pm Post subject: |
|
|
Sure:
| Code: | {if $smarty.files.upload.error}
{$smarty.files.upload.error}
{else}
File {$files.upload.name}
Size {$files.upload.size}
Type {$files.upload.type}
{/if} |
|
|
| Back to top |
|
mohrt
Administrator
Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA
|
| Posted: Tue Oct 25, 2005 6:56 pm Post subject: |
|
|
| IMHO, that is application logic. The application should be aware of the submission error and decide how it is handled and what is assigned/displayed. |
|
| Back to top |
|
gerard
Smarty Regular
Joined: 18 Apr 2003
Posts: 84
|
| Posted: Tue Oct 25, 2005 7:21 pm Post subject: |
|
|
Sure there's stuff behind the scenes in the app, but templates are definitely involved in deciding what's displayed. e.g.
| Code: | {obj->getUser assign='user' id=$smarty.cookies.userID}
{if $user}
Hello {$user.name}!
{else}
Login ...
{/if} |
I also write templates like:
| Code: | {if $smarty.post.addStuff}
{obj->addStuff stuff=$smarty.post.stuff assign='result'}
{if $result}
Stuff saved
{else}
Error saving stuff
{/if}
{else}
Enter stuff:
<form method="post" ...>
...
</form>
{/if} |
I've tried various other ways. I like this way because it's the most simple. It's deciding what's displayed and sending/retrieving stuff from the app which does non-display stuff. |
|
| Back to top |
|
mohrt
Administrator
Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA
|
| Posted: Tue Oct 25, 2005 7:34 pm Post subject: |
|
|
| Quote: | | but templates are definitely involved in deciding what's displayed |
Templates are involved with display, but the deciding factor should come from the application, not directly from $_POST or $_FILES in the templates.
So example:
| Code: | {if $is_error}
... display error ...
{else}
... blah ...
{/if}
|
The $is_error variable is something assigned from the application. This way the application decides the value of $is_error, (which could be determined from $_FILES or other targetted information.) Ideally, the template should only be using information assigned from the application, so the application is always in control of what is happening on the presentation layer. |
|
| Back to top |
|
boots
Administrator
Joined: 16 Apr 2003
Posts: 5611
Location: Toronto, Canada
|
| Posted: Tue Oct 25, 2005 7:49 pm Post subject: |
|
|
| gerard wrote: | | $_FILES is really just part of $_POST. |
As I said earlier, there is a (strong) sentiment that the view should not have access to data that has not been processed by the application (ie: raw data). In other words: do you really want to trust your templates (and template designers) to scrub your data and inputs? I realize that for a small project where one person is wearing all the hats, it may seem like a convenience to have direct access but I posit that it is a rather questionable practice that degrades the view layer abstraction. |
|
| Back to top |
|
gerard
Smarty Regular
Joined: 18 Apr 2003
Posts: 84
|
| Posted: Tue Oct 25, 2005 8:01 pm Post subject: |
|
|
| boots wrote: | | gerard wrote: | | $_FILES is really just part of $_POST. |
As I said earlier, there is a (strong) sentiment that the view should not have access to data that has not been processed by the application (ie: raw data). In other words: do you really want to trust your templates (and template designers) to scrub your data and inputs? |
No...but nevertheless, $smart.post, .get, .request, .cookies, etc. are there - for consistency's sake I think .files should be too and for those of us who want access to them. If you don't trust your template authors - just set $smarty->request_use_auto_globals=false. |
|
| Back to top |
|
|
