I think I already know the answer to this one, but I'm giving it the
old college try.
My problem is this: I have an HTML form that sends a bunch of data to
a Perl script, where it is validated and read into a database. The
powers that be have decided in their infinite wisdom that the initial
page needs to be broken into two parts. (This is an attempt to correct
some common user errors, not because of any technical reasons.) So I'm
sitting here looking at revising a mess of script, insert queries,
etc.
If I could collect the form values from the first HTML page and pass
them to the second HTML page, I could go home early and watch the ball
game. Is there anyway to do this? Example below.
Thanks, CC.
------here's what I would like to do---------------
PAGE 1:
<html>
<body>
<form name="form1" action="page2.h tml">
What is your name: <input type="text" name="name" />
<input type="submit" value="Go to page 2" />
</form>
</body>
</html>
PAGE 2:
<html>
<body>
<!-- get name from page1 somehow -->
<form name="form2" action="cgi-bin/page3.pl">
What is your class: <input type="text" name="class" />
<!-- perhaps something like?
<input type="hidden" name="name" value="name-from-page-1" -->
<input type="submit" value="Go to page 3" />
</form>
</body>
</html>
7  4293 
If I could collect the form values from the first HTML page and pass
them to the second HTML page, I could go home early and watch the ball
game. Is there anyway to do this? Example below.
Well, this is how I'd do it:
I'd modify your existing page to become page 1 and have it submit its
POST data to a new CGI script. If you can fiddle your server so that
requests for the initial page get redirected to this script then so much
the better, because the script that handles Page1 data might have to
redisplay page1 with error messages. It might as well handle GET
requests by displaying the initial page, then everything comes together
in one script.
Your new script validates Page1 data when POSTed and either rewrites
Page1 if the data has errors or writes page2, with the page1 data in
hidden fields, and the page 2 fields in the same form.
I'd have page2 drive the same (new) script again, as I find it easier to
keep everything in one script, but you could have a separate script to
handle page2.
I do this sort of thing all the time. (Inside my employer's private
network). I have sequences of several pages that gather data in stages,
carrying it forward in hidden fields. It's precisely what hidden fields
were designed for.
The prior poster seems to have some concerns that the hidden fields from
page 2 (which are actually the page1 data) may not come through
correctly, but anyone who could subvert these fields could do the same
to your original HTML form, so I don't see any new hazard.
--
Steve Swift http://www.swiftys.org.uk/swifty.html http://www.ringers.org.uk
Steve Swift wrote:
The prior poster seems to have some concerns that the hidden fields from
page 2 (which are actually the page1 data) may not come through
correctly, but anyone who could subvert these fields could do the same
to your original HTML form, so I don't see any new hazard.
It isn't a new hazard. The OP has to be aware that after receiving those
values back in hidden fields in the second form, the hazard exists a
second time. He can't assume that because he validated them once, they
are still good.
Scott Bryce <sb****@scottbr yce.comwrites:
Steve Swift wrote:
The prior poster seems to have some concerns that the hidden fields
from page 2 (which are actually the page1 data) may not come
through correctly, but anyone who could subvert these fields could
do the same to your original HTML form, so I don't see any new
hazard.
It isn't a new hazard. The OP has to be aware that after receiving
those values back in hidden fields in the second form, the hazard
exists a second time. He can't assume that because he validated them
once, they are still good.
However, by storing the data correctly in the hidden fields, you can
avoid having to revalidate it:
- serialise all the data you would put into the hidden
fields into a single string.
- one-way hash the data (e.g. sha1) with a secret salt.
- place the serialised data into a hidden field, and the hash into another.
(or add it on to the end of the serialised data in the same field)
- when the form is submitted, recalculate the hash, and if it
matches, unserialise the data (which you know is unchanged). If it doesn't
match, reject the submission.
You then don't have to validate anything other than the new data and a
single quick test for all the old data.
--
Chris
Chris Morris wrote:
However, by storing the data correctly in the hidden fields, you can
avoid having to revalidate it:
Not really.
- serialise all the data you would put into the hidden
fields into a single string.
- one-way hash the data (e.g. sha1) with a secret salt.
- place the serialised data into a hidden field, and the hash into another.
(or add it on to the end of the serialised data in the same field)
- when the form is submitted, recalculate the hash, and if it
matches, unserialise the data (which you know is unchanged). If it doesn't
match, reject the submission.
Which amounts to revalidating the data, albeit in a different manner.
You then don't have to validate anything other than the new data and a
single quick test for all the old data.
And you still need a way to handle a situation where the data from the
first form comes back different from the second form.
Your method is better than putting the data from the first from into
hidden fields with no way of knowing if the data had changed with the
submission of the second form. I would still prefer storing the data
from the first form on the server.
Scott Bryce <sb****@scottbr yce.comwrites:
Chris Morris wrote:
You then don't have to validate anything other than the new data and a
single quick test for all the old data.
And you still need a way to handle a situation where the data from the
first form comes back different from the second form.
Reject it outright, in that case; throw up an appropriate 40x
page. There's a difference between failing a validation check due to
user error (putting 15 instead of 1.5 in a field taking values from 0
to 10) and failing a validation check due to suspiciousness
(user-opaque hidden field gets edited)
Your method is better than putting the data from the first from into
hidden fields with no way of knowing if the data had changed with the
submission of the second form. I would still prefer storing the data
from the first form on the server.
You still need to store a pointer to the data on the client and have a
way to validate that, though. That is an even easier problem, of
course. I'd be inclined to store that pointer in a hidden field rather
than a cookie, too, since it makes XSRF harder.
I'd generally prefer to store temporary data in a multiple-stage form
on the client: less load on the database (if indeed there's a database
available at all), and no need to make decisions about how long a
session lasts before you clean up the server-stored data. Depends on
the form, of course, and even with client storage it's nice to provide
a way for them to save their progress and close the browser if they
need to.
--
Chris
Thank you all very much. I've decided to bite the bullet and spend a
day recoding the app. This is what I'm going to do:
1. Collect the info from the first (new) HTML page and send it to the
CGI script.
2. Read the values into variables (not hidden from controls) to a new
CGI script, which will collect the remainder of the info.
3. From there, continue with the app as it exists.
I was trying to avoid rewriting the HTML form but it doesn't seem to
be possible. At least I can start by incorporating the relevant
portions as a heredoc in the new CGI script.
Thanks, all, CC
ca******@gmail. com wrote:
I tend to stuff common code
in a library module and use a lot of heredocs. That way, HTML is HTML,
code is code, and (almost) everything is DRY. Personally, I do not
like to mix code and HTML
But that is my point. By stuffing the HTML into heredocs, you are mixing
HTML and code.
The HTML::Template module will allow you to put the HTML in a separate
file. Your code will only have to "fill in the blanks" by supplying the
values to be inserted into the template.
Trust me. It is a much better way to do CGI. At least read the docs.
Then you can do whatever you want. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Chris Thunell |
last post by:
I'm using the system.web.mail in vb.net to send emails out in a vb.net
application. The sending of emails works great. Is there a way to have it
send me back a delivery receipt or a read receipt? (I think i prefer
delivery receipt)
Any help would be greatly appreciated!
Chris Thunell
cthunell@pierceassociates.com
mycode currently is the following:
|
by: Esa |
last post by:
Hi,
I'm having problems with one strange web system where submitting an
application and making queries about its handling status require a series of
form submits and response parsing - all in HTML. Luckily other interfaces
are "modern" using xml file up/downloads without any difficulties...
I'm not very used to .NET-environment yet, so I'd appreciate some clues
about the classes I should use to implement this stupid interface - stupid...
|
by: Bill |
last post by:
I'm using the POST method to submit a simple form html page with yes/no
and checkbox fields to an asp response page which stores the values in
a new dim string, then uses it to build a new table using ADO. I'm
getting sometimes correct values, sometimes null values (when I know I
pass a valid default value) and other times multiple values! I know
what the values coming over are because I do a response.write to see it
before the error...
|
by: hasanainf |
last post by:
Hi all and thanking you all in advance for your help
My client wants to use a receipt printer. Since I have never used one
before I have some questions.
1. Unlike other printers which are set by default to print a whole A4
size page, I want the receipt printer to print an unlimited lenght of
receipt, that is to say that if five items are sold, the receipt
printer should print company details with five items and a total figure
and stop...
|
by: Cerebral Believer |
last post by:
Hi I need help!
Forgive me I am a PHP newbie. I have a small script that enables me to send
a form from an HTML page. I want to use the HTML formatted form because the
design of my website is complex, and I don't want to have to mess around
with formatting a page using HTML within php. So basically the "action" of
the HTML page sends the form to "ProcReg.php". This is the code:
<?php
/* Script name: ProcReg.php
| | |
by: Jerim79 |
last post by:
I need to create a form that takes a number that the user enters, and
duplicates a question the number of times the user entered. For
instance, if the customer enters 5 on the first page, when they press
next the form generates "How old are you?" 5 times on the page. The
customer will answer all 5 questions then press next. Finally, all the
local variables get dynamically created and written to a database.
I have already taken care of...
|
by: ARC |
last post by:
Hello all,
What's the proper paper size setting if you want to do a receipt printer
report, that's a continuous form? I don't really see an option for a
continuous paper size.
Thanks!
Andy
|
by: ravisuguna |
last post by:
Hi,
I have a php page which has some checkboxes ,textfields and values.If I select a checkbox ,a particular value will be displayed in a textfield.I have a "go"button in the same page.I want the selected values and textfields to be displayed in the next page if i click the button.Pl guide me how to do this.
I am sending the sample code below.
arical.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
|
by: jmartmem |
last post by:
Greetings,
I have built an Update Record Form in an ASP page. This form contains a number of fields, such as text boxes and menus, to name a few.
Upon clicking the 'submit' button, I want the form values to pass to a confirmation page that shows the values entered and selected, with a CDONTS auto email generated at the same time. My problem is that I'm having trouble passing the values from the form to both the confirmation page and the...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
