Smarty Forum Index Smarty
The discussions here are for Smarty, a template engine for the PHP programming language.

SmartyValidate: a simple yet powerful form validation plugin
Goto page Previous  1, 2, 3, 4, 5 ... 16, 17, 18  Next
 
Post new topic   Reply to topic    Smarty Forum Index -> Add-ons
View previous topic :: View next topic  
Author Message
electr0n
Smarty Rookie


Joined: 26 Mar 2004
Posts: 32
Location: Germany

PostPosted: Mon Jun 07, 2004 3:12 pm    Post subject: Reply with quote

Could someone do a hack or something else, which let's just the checked POST Variables in $_POST? If you say me, where the variables are checked and tranformed, I'll do that.
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7367
Location: Lincoln Nebraska, USA

PostPosted: Mon Jun 07, 2004 3:51 pm    Post subject: Reply with quote

I don't understand the question.
Back to top
View user's profile Send private message Visit poster's website
boots
Administrator


Joined: 16 Apr 2003
Posts: 5611
Location: Toronto, Canada

PostPosted: Mon Jun 07, 2004 4:07 pm    Post subject: Reply with quote

I think electr0n wants non-validated entries automatically removed from $_POST ?
Back to top
View user's profile Send private message
electr0n
Smarty Rookie


Joined: 26 Mar 2004
Posts: 32
Location: Germany

PostPosted: Mon Jun 07, 2004 5:18 pm    Post subject: Reply with quote

Yeah. Sorry for my unclear formulation.
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7367
Location: Lincoln Nebraska, USA

PostPosted: Mon Jun 07, 2004 6:05 pm    Post subject: Reply with quote

You want to clear the value of a POST var that fails validation? That could be done a few ways, individually with a new attribute:

{validate reset=true ...}

Or applied globally via a new parameter to is_valid:

SmartyValidate::is_valid($_POST,'myform',true);

Or, a global behavior setting:

SmartyValidate::reset_on_error(true):
if(SmartyValidate::is_valid($_POST)) { ... }
Back to top
View user's profile Send private message Visit poster's website
electr0n
Smarty Rookie


Joined: 26 Mar 2004
Posts: 32
Location: Germany

PostPosted: Mon Jun 07, 2004 6:28 pm    Post subject: Reply with quote

It would be great in the connect() method. Like boots said, just the variables, which aren't checked, for example:
Code:
<form method="post" action="index4.php">
    {validate field="FullName" criteria="notEmpty" transform="trim" message="Full Name Cannot Be Empty"}
    Full Name: <input type="text" name="FullName" value="{$FullName|escape}"><br />
    <input type="text" name="additional" value="test">
    <input type="submit">
    </form>

the field "additional" should not be in the $_POST Array after checking them.
I need this feature, because I can insert the data in the database for example without checking them twice.
Back to top
View user's profile Send private message
boots
Administrator


Joined: 16 Apr 2003
Posts: 5611
Location: Toronto, Canada

PostPosted: Mon Jun 07, 2004 6:43 pm    Post subject: Reply with quote

electr0n wrote:
I need this feature, because I can insert the data in the database for example without checking them twice.


I think that this is a useful request, but if I can insert my 2c's here (try to stop me!)

IMO, database interfaces shouldn't trust anything that is supposedly "pre-validated" but rather should implement private validation. ie: Your upstreams should be atomic/stand-alone, AFAIC, in that they should not rely on things like SmartyValidation to ensure correctness.

This is the crux of the issue I see with putting validation at the template level. If anything, I would expect template-level validation to function at the client-side rather than server-side as appears to be the case here. Yet, the validation services provided SmartyValidate seem to only shift the processing of the validation to the server while still being a form of client-side validation, if you get my drift.

My main point is that no unit should trust another unit to validate its interface, even if you end up having to do multiple validation routines.
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7367
Location: Lincoln Nebraska, USA

PostPosted: Mon Jun 07, 2004 6:46 pm    Post subject: Reply with quote

I see, you want to remove the POST vars from the array that were not validated. I can think of a couple ways. First, it could be set with register_form() so you can control this on a form-by-form level:

Code:

SmartyValidate::register_form('myform',true);


Or, it could be done manually for maximum flexability:

Code:

if(SmartyValidate::is_valid($_POST, 'myform')) {
  $myform_vars = SmartyValidate::get_valid_vars($_POST, 'myform');
   ... continue ...
}


It is possible to have several forms on one page, so this way you could extract them for each form.
Back to top
View user's profile Send private message Visit poster's website
electr0n
Smarty Rookie


Joined: 26 Mar 2004
Posts: 32
Location: Germany

PostPosted: Tue Jun 08, 2004 4:29 pm    Post subject: Reply with quote

boots wrote:
IMO, database interfaces shouldn't trust anything that is supposedly "pre-validated" but rather should implement private validation. ie: Your upstreams should be atomic/stand-alone, AFAIC, in that they should not rely on things like SmartyValidation to ensure correctness.

Yes you are right, but I've another mechanism which protects everything.
My CMS is built with a OO Database scheme, like in the framework board(Mocean), so I don't want to include files, except Smarty, SmartyValidate and my database abstraction class.
The second mechanism, which should protect the CMS, is that the values, have to be published by a admin Wink
mohrt wrote:

Code:

if(SmartyValidate::is_valid($_POST, 'myform')) {
  $myform_vars = SmartyValidate::get_valid_vars($_POST, 'myform');
   ... continue ...
}


It is possible to have several forms on one page, so this way you could extract them for each form.

That would be great because I probably need more than 1 form.
And like said before, if you say me where the variables are transformed I'll code a hack. You don't have to put this feature in Smile
Back to top
View user's profile Send private message
hihat
Smarty Rookie


Joined: 02 May 2004
Posts: 7

PostPosted: Wed Jun 09, 2004 9:54 am    Post subject: Reply with quote

how about a criterium website / url?

can you add this?
a suggestion for a great additional feature: an url can be tested whether it is reachable or not.

thanks.
Back to top
View user's profile Send private message
xces
Smarty Regular


Joined: 09 Apr 2004
Posts: 77

PostPosted: Wed Jun 09, 2004 1:02 pm    Post subject: Reply with quote

hihat, sorry to cut your idea's but smarty_validate is a form validation extension to smarty, not an all-covering-validation.

@Mohrt, sorry to say that i have been absent lately been way to busy, i will implement version 2.0RC1 tonight in my CMS and give it a test run.

@Boots, You tell in a previous post that you should rely a template to validate your code. I can see where you are going with that, because of the fact if someone else would write a different template without the {validate ... } code then you could allready have a security flaw. Are you thinking that way?
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7367
Location: Lincoln Nebraska, USA

PostPosted: Wed Jun 09, 2004 1:51 pm    Post subject: Reply with quote

I've been putting SmartyValidate to the test on a pretty good sized project, I already have some more feature changes in place... One is registering of objects. Example:

// in PHP script
SmartyValidate::connect($smarty);
SmartyValidate::register_object('myobj',$myobj);
SmartyValidate::register_criteria('myobj->foobar');

// in template
{validate ... criteria="isCustom" function="myobj->foobar"}


This works quite well, it creates an internal reference to the object so methods of that object can be used as validation criteria.

I should probably put this into a new version (2.1) because of the changes. In that respect, I don't know if I should even bother with an official 2.0 release.
Back to top
View user's profile Send private message Visit poster's website
hihat
Smarty Rookie


Joined: 02 May 2004
Posts: 7

PostPosted: Wed Jun 09, 2004 2:14 pm    Post subject: Reply with quote

Ok, no friends for this idea with the url-checking (although not far from isEmail) yet.

How about the possibility to combine several criteria, f.ex. an eMail-Adress that should not be longer than 64 chars or a price not higher than 100 Dollar or such?

Just some suggestions.
Back to top
View user's profile Send private message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7367
Location: Lincoln Nebraska, USA

PostPosted: Wed Jun 09, 2004 2:26 pm    Post subject: Reply with quote

hihat wrote:
Ok, no friends for this idea with the url-checking (although not far from isEmail) yet.


isEmail only checks the syntax, it does not test if the address is actually receiving mail. However, you can add any criteria you wish through the isCustom method (If you want to make one that checks URLs, etc.)

hihat wrote:
How about the possibility to combine several criteria, f.ex. an eMail-Adress that should not be longer than 64 chars or a price not higher than 100 Dollar or such?


You can apply multiple criteria to a single form element.
Back to top
View user's profile Send private message Visit poster's website
hihat
Smarty Rookie


Joined: 02 May 2004
Posts: 7

PostPosted: Wed Jun 09, 2004 2:52 pm    Post subject: Reply with quote

...by just putting in more validate blocks. Thanks for the hint.

the checking was meant as an additional feature, but just a validation, whether format is like an url could be nice as well.

However, thanks for the well done work!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Smarty Forum Index -> Add-ons All times are GMT
Goto page Previous  1, 2, 3, 4, 5 ... 16, 17, 18  Next
Page 4 of 18

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP