473,545 Members | 2,582 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

receipt of form values by an HTML page

I think I already know the answer to this one, but I'm giving it the
old college try.

My problem is this: I have an HTML form that sends a bunch of data to
a Perl script, where it is validated and read into a database. The
powers that be have decided in their infinite wisdom that the initial
page needs to be broken into two parts. (This is an attempt to correct
some common user errors, not because of any technical reasons.) So I'm
sitting here looking at revising a mess of script, insert queries,
etc.

If I could collect the form values from the first HTML page and pass
them to the second HTML page, I could go home early and watch the ball
game. Is there anyway to do this? Example below.

Thanks, CC.

------here's what I would like to do---------------
PAGE 1:
<html>
<body>
<form name="form1" action="page2.h tml">
What is your name: <input type="text" name="name" />
<input type="submit" value="Go to page 2" />
</form>
</body>
</html>

PAGE 2:
<html>
<body>
<!-- get name from page1 somehow -->
<form name="form2" action="cgi-bin/page3.pl">
What is your class: <input type="text" name="class" />
<!-- perhaps something like?
<input type="hidden" name="name" value="name-from-page-1" -->
<input type="submit" value="Go to page 3" />
</form>
</body>
</html>

Oct 10 '07 #1
7 4282
If I could collect the form values from the first HTML page and pass
them to the second HTML page, I could go home early and watch the ball
game. Is there anyway to do this? Example below.
Well, this is how I'd do it:

I'd modify your existing page to become page 1 and have it submit its
POST data to a new CGI script. If you can fiddle your server so that
requests for the initial page get redirected to this script then so much
the better, because the script that handles Page1 data might have to
redisplay page1 with error messages. It might as well handle GET
requests by displaying the initial page, then everything comes together
in one script.

Your new script validates Page1 data when POSTed and either rewrites
Page1 if the data has errors or writes page2, with the page1 data in
hidden fields, and the page 2 fields in the same form.

I'd have page2 drive the same (new) script again, as I find it easier to
keep everything in one script, but you could have a separate script to
handle page2.

I do this sort of thing all the time. (Inside my employer's private
network). I have sequences of several pages that gather data in stages,
carrying it forward in hidden fields. It's precisely what hidden fields
were designed for.

The prior poster seems to have some concerns that the hidden fields from
page 2 (which are actually the page1 data) may not come through
correctly, but anyone who could subvert these fields could do the same
to your original HTML form, so I don't see any new hazard.

--
Steve Swift
http://www.swiftys.org.uk/swifty.html
http://www.ringers.org.uk
Oct 11 '07 #2
Steve Swift wrote:
The prior poster seems to have some concerns that the hidden fields from
page 2 (which are actually the page1 data) may not come through
correctly, but anyone who could subvert these fields could do the same
to your original HTML form, so I don't see any new hazard.
It isn't a new hazard. The OP has to be aware that after receiving those
values back in hidden fields in the second form, the hazard exists a
second time. He can't assume that because he validated them once, they
are still good.
Oct 11 '07 #3
Scott Bryce <sb****@scottbr yce.comwrites:
Steve Swift wrote:
The prior poster seems to have some concerns that the hidden fields
from page 2 (which are actually the page1 data) may not come
through correctly, but anyone who could subvert these fields could
do the same to your original HTML form, so I don't see any new
hazard.

It isn't a new hazard. The OP has to be aware that after receiving
those values back in hidden fields in the second form, the hazard
exists a second time. He can't assume that because he validated them
once, they are still good.
However, by storing the data correctly in the hidden fields, you can
avoid having to revalidate it:
- serialise all the data you would put into the hidden
fields into a single string.
- one-way hash the data (e.g. sha1) with a secret salt.
- place the serialised data into a hidden field, and the hash into another.
(or add it on to the end of the serialised data in the same field)
- when the form is submitted, recalculate the hash, and if it
matches, unserialise the data (which you know is unchanged). If it doesn't
match, reject the submission.

You then don't have to validate anything other than the new data and a
single quick test for all the old data.

--
Chris
Oct 11 '07 #4
Chris Morris wrote:
However, by storing the data correctly in the hidden fields, you can
avoid having to revalidate it:
Not really.
- serialise all the data you would put into the hidden
fields into a single string.
- one-way hash the data (e.g. sha1) with a secret salt.
- place the serialised data into a hidden field, and the hash into another.
(or add it on to the end of the serialised data in the same field)
- when the form is submitted, recalculate the hash, and if it
matches, unserialise the data (which you know is unchanged). If it doesn't
match, reject the submission.
Which amounts to revalidating the data, albeit in a different manner.
You then don't have to validate anything other than the new data and a
single quick test for all the old data.
And you still need a way to handle a situation where the data from the
first form comes back different from the second form.

Your method is better than putting the data from the first from into
hidden fields with no way of knowing if the data had changed with the
submission of the second form. I would still prefer storing the data
from the first form on the server.
Oct 11 '07 #5
Scott Bryce <sb****@scottbr yce.comwrites:
Chris Morris wrote:
You then don't have to validate anything other than the new data and a
single quick test for all the old data.

And you still need a way to handle a situation where the data from the
first form comes back different from the second form.
Reject it outright, in that case; throw up an appropriate 40x
page. There's a difference between failing a validation check due to
user error (putting 15 instead of 1.5 in a field taking values from 0
to 10) and failing a validation check due to suspiciousness
(user-opaque hidden field gets edited)
Your method is better than putting the data from the first from into
hidden fields with no way of knowing if the data had changed with the
submission of the second form. I would still prefer storing the data
from the first form on the server.
You still need to store a pointer to the data on the client and have a
way to validate that, though. That is an even easier problem, of
course. I'd be inclined to store that pointer in a hidden field rather
than a cookie, too, since it makes XSRF harder.

I'd generally prefer to store temporary data in a multiple-stage form
on the client: less load on the database (if indeed there's a database
available at all), and no need to make decisions about how long a
session lasts before you clean up the server-stored data. Depends on
the form, of course, and even with client storage it's nice to provide
a way for them to save their progress and close the browser if they
need to.

--
Chris
Oct 11 '07 #6
Thank you all very much. I've decided to bite the bullet and spend a
day recoding the app. This is what I'm going to do:

1. Collect the info from the first (new) HTML page and send it to the
CGI script.
2. Read the values into variables (not hidden from controls) to a new
CGI script, which will collect the remainder of the info.
3. From there, continue with the app as it exists.

I was trying to avoid rewriting the HTML form but it doesn't seem to
be possible. At least I can start by incorporating the relevant
portions as a heredoc in the new CGI script.

Thanks, all, CC
Oct 11 '07 #7
ca******@gmail. com wrote:
I tend to stuff common code
in a library module and use a lot of heredocs. That way, HTML is HTML,
code is code, and (almost) everything is DRY. Personally, I do not
like to mix code and HTML
But that is my point. By stuffing the HTML into heredocs, you are mixing
HTML and code.

The HTML::Template module will allow you to put the HTML in a separate
file. Your code will only have to "fill in the blanks" by supplying the
values to be inserted into the template.

Trust me. It is a much better way to do CGI. At least read the docs.
Then you can do whatever you want.
Oct 12 '07 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
5392
by: Chris Thunell | last post by:
I'm using the system.web.mail in vb.net to send emails out in a vb.net application. The sending of emails works great. Is there a way to have it send me back a delivery receipt or a read receipt? (I think i prefer delivery receipt) Any help would be greatly appreciated! Chris Thunell cthunell@pierceassociates.com mycode currently is...
2
2257
by: Esa | last post by:
Hi, I'm having problems with one strange web system where submitting an application and making queries about its handling status require a series of form submits and response parsing - all in HTML. Luckily other interfaces are "modern" using xml file up/downloads without any difficulties... I'm not very used to .NET-environment yet, so...
3
2327
by: Bill | last post by:
I'm using the POST method to submit a simple form html page with yes/no and checkbox fields to an asp response page which stores the values in a new dim string, then uses it to build a new table using ADO. I'm getting sometimes correct values, sometimes null values (when I know I pass a valid default value) and other times multiple values! I...
1
9494
by: hasanainf | last post by:
Hi all and thanking you all in advance for your help My client wants to use a receipt printer. Since I have never used one before I have some questions. 1. Unlike other printers which are set by default to print a whole A4 size page, I want the receipt printer to print an unlimited lenght of receipt, that is to say that if five items are...
4
2253
by: Cerebral Believer | last post by:
Hi I need help! Forgive me I am a PHP newbie. I have a small script that enables me to send a form from an HTML page. I want to use the HTML formatted form because the design of my website is complex, and I don't want to have to mess around with formatting a page using HTML within php. So basically the "action" of the HTML page sends the...
26
2786
by: Jerim79 | last post by:
I need to create a form that takes a number that the user enters, and duplicates a question the number of times the user entered. For instance, if the customer enters 5 on the first page, when they press next the form generates "How old are you?" 5 times on the page. The customer will answer all 5 questions then press next. Finally, all the...
7
6031
by: ARC | last post by:
Hello all, What's the proper paper size setting if you want to do a receipt printer report, that's a continuous form? I don't really see an option for a continuous paper size. Thanks! Andy
2
1994
by: ravisuguna | last post by:
Hi, I have a php page which has some checkboxes ,textfields and values.If I select a checkbox ,a particular value will be displayed in a textfield.I have a "go"button in the same page.I want the selected values and textfields to be displayed in the next page if i click the button.Pl guide me how to do this. I am sending the sample code...
5
3199
by: jmartmem | last post by:
Greetings, I have built an Update Record Form in an ASP page. This form contains a number of fields, such as text boxes and menus, to name a few. Upon clicking the 'submit' button, I want the form values to pass to a confirmation page that shows the values entered and selected, with a CDONTS auto email generated at the same time. My problem...
0
7935
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7449
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7780
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
1
5351
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5069
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3465
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1911
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1037
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
734
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.