Passing data between states PHP
So I am using Limonade PHP which has a RESTful design which emulates PUT, POST, D开发者_如何学PythonELETE routes for create, update, delete.
I am trying to develop some form validation which is going well. The major problem I am facing though is how to return my filtered data (which has failed validation) back to repopulate the create or edit form.
How would this be done? I currently have for creating a page:
/admin/page/new -> GET function
/admin/page -> POST function
+ validate
+ pass, update db
+ fail, add errors to flash, redirect to /admin/page/mew
It all falls down as I do not know how to populate the /admin/page/new with the invalid, but filtered data.
Have you used a session to carry the data to /admin/page/new? http://www.php.net/manual/en/session.examples.basic.php
edit: I just found this article: http://www.recessframework.org/page/towards-restful-php-5-basic-tips which recommends using a cookie over $_SESSION. It doesn't elaborate on why, but either one will achieve the result you want.
To get the data back to the redirected page, you either need to use session or litter the request with get vars for each element (not nice to look at, not nice for bookmarking, wouldn't suggest it).
I'd guess that 'add errors to flash' is using a session var (not familiar with Limonade).
Another alternative would be submitting the form with an AJAX call, then the form data wouldn't even change on an error.
Of course, you would still need a non-AJAX method working for backwards compatibility.
Update: Limonade Source confirms flash()
uses $_SESSION
. So you're already using session vars.
You can output the form without redirecting. Put the form in a script containing no other HTML elements. Have it set the value of any form input given in $_POST
(after calling htmlspecialchars
with the appropriate quote style). Include the form script in other scripts where appropriate.
In your utility functions:
function passthruFormInput($name) {
if (isset($_POST[$name])) {
echo htmlspecialchars($_POST[$name], ENT_QUOTES);
}
}
newForm.php (or whatever you want to call it):
<form action="..." method="POST" onsubmit="...(client side validation function)...">
...
<input name="foo" value="<?php passthruFormInput('foo'); ?>"/>
...
</form>
If you generate the form dynamically, adapt the above to match. A few things feel off about this implementation and approach, but I can't quite put my finger on it.
Leaving the form script publicly accessible may not be a security problem, but it should either be outside the document root hierarchy or in a branch protected with ORDER Allow,Deny
or mod_rewrite. It should probably go with the views.
精彩评论