Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
habari-dev
Home
+ new post
About this group
Join this group
Message from discussion FormUI Thoughts
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Caius Durling  
View profile  
 More options Aug 16 2009, 9:18 am
From: Caius Durling <ca...@caius.name>
Date: Sun, 16 Aug 2009 14:18:36 +0100
Local: Sun, Aug 16 2009 9:18 am
Subject: Re: [habari-dev] Re: FormUI Thoughts
Print | View thread | Show original | Report this message | Find messages by this author
On 16 Aug 2009, at 14:02, Arthus Erea wrote:

> Sorry, but I don't see the benefit.

> Since this is FormUI, we already know the names of the fields we're
> looking for. In fact, there's absolutely no reason you should ever
> have to access the raw $_POST data for a FormUI form.

But even now we have to specify the field names in both the place we  
create the form, and the place we handle the form data. So yes, you do  
have to know what the name of the fields are in the $_POST array.

> That's why I'd prefer a random string. FormUI knows what its looking
> for, but it makes the form less vulnerable to sniffing/attack/
> mistakes.

Um, how is this making a form more secure? Making the id random means  
you can never target that input with CSS (bad idea.) and to stop  
people submitting fake data, just means I request the form before  
posting my data, and use the "random" values the form gives me when I  
request it.

Plus you'd have to store which random values you used for the form  
against the user that requested them somehow, which is just a whole  
load of overhead for no benefit.

The reason I'm suggesting it is because you could then grab the  
comment form object, loop over $_POST["comment"] and assign the values  
of the array to the formui object as attributes, which means you get a  
fully populated formui object to validate, save, redisplay - without  
having to know what the name of each field is. The field names are  
just defined in the creation of the comment FormUI object.

C
---
Caius Durling
ca...@caius.name
+44 (0) 7960 268 100
http://caius.name/


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google