Fair enough, I particularly have taken note of your security remark; it does seem feasible to turn Javascript off as means of sending toxic data to a PHP-based processing page that trusts its corresponding Javscript validator to do its thing.
On 6/2/2010 3:12 AM, D!J!X! wrote:
I have and extensively use javaScript on my sites, from ajax to validating and checking forms etc, but i always develop with the idea in mind "what if the user's browser doesn't have js support? Or what if they've chosen to disable it? Or what if they're using computers in an organization like their job or something and js is disabled for security reasons?" Then you have to have a plan b for checking user errors, you know the golden rule, never trust users, never trust user input. Certainly javaScript can and will pickup these errors and the page never has to do the work itself, but what about for those times when it does have to because js didn't catch it or a hacker bypassed something etc?D!J!X! ------------------------------------------------------------------------*From:* programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] *On Behalf Of *Jared Wright*Sent:* Tuesday, June 01, 2010 1:08 PM *To:* programmingblind@xxxxxxxxxxxxx *Subject:* Re: PHP Forms And self postingI'm guessing that if they're using multiple pages, they're probably also using Javascript for the error checking client side to avoid the back and forth you described. It's just the sort of thing that scales up better on account of being more modularized, but especially for quick hack-together work submitting to self seems like a useful little tool to me.On 6/1/2010 12:59 PM, D!J!X! wrote:That's my thing, it doesn't make sense to have the page go to another page for checking, then have that page send back all the info along with errors if there are any, then the user fixing tha, then the page seding it back to the processing script, then that page sending the response back etc. I rather have the page do the error checking within itself, then when it's error-free it can send the info off to the success page and continue from there. There are times when each project requires different things, for some projects it wouldn't make sense to use a single page, for other stuff like what i'm doing it just would be easier and more logical to use a single page; i just want to be sure that there are no security or problems involved. But every project requires different things.D!J!X! ------------------------------------------------------------------------*From:* programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] *On Behalf Of *qubit*Sent:* Tuesday, June 01, 2010 1:37 AM *To:* programmingblind@xxxxxxxxxxxxx *Subject:* Re: PHP Forms And self postingActually it was a single large form with multiple submit buttons and a clear button, and lots of form controls. Most of the submit buttons would go do something with the data and come back with the form fields updated. So it was coming back to the form. This made it natural to just reuse the same page as the form action. There were, however, some buttons that went off and did other things, and so required different code. Since the form on the form page was already using itself as the form action, I had to put the code to process the weird form actions on that same page. Thus the page had some convoluted logic in order to implement all the buttons. I guess it wasn't all that convoluted now that I think of it. It's just that it was a first time writing code to do this particular thing, and some of it started to sound like punctuation droppings with all the php and html. It did surprise my nephew however. He went to the page and kept clicking it but the address on top stayed the same even though he was doing different things...*smile* I do see why this strategy might not be recommended. It is counterintuitive to have the same page there for everything.Happy hacking. --le ----- Original Message ----- *From:* black ares <mailto:matematicianu2003@xxxxxxxxxxx> *To:* programmingblind@xxxxxxxxxxxxx <mailto:programmingblind@xxxxxxxxxxxxx> *Sent:* Tuesday, June 01, 2010 12:02 AM *Subject:* Re: PHP Forms And self posting I see no benefits here. I can not imagine how, processing 4 or 5 forms on a page, rewriten to use multiple pages, can dublicate code. But, maybe, I am not so familiarised with programming:) ----- Original Message ----- *From:* qubit <mailto:lauraeaves@xxxxxxxxx> *To:* programmingblind@xxxxxxxxxxxxx <mailto:programmingblind@xxxxxxxxxxxxx> *Sent:* Monday, May 31, 2010 10:50 PM *Subject:* Re: PHP Forms And self posting I wrote a page once that had 4 or 5 forms processed on the same page. It was a bit convoluted in its logic, but it also saved a lot of duplication of certain parts of the code. I suppose I could have put that code in functions in a header and included it on different pages, but in the end it all had migrated onto my monolithic page. That doesn't mean I recommend this approach; I'm only saying it has its benefits. --le ----- Original Message ----- *From:* D!J!X! <mailto:megamansuperior@xxxxxxxxxxx> *To:* programmingblind@xxxxxxxxxxxxx <mailto:programmingblind@xxxxxxxxxxxxx> *Sent:* Sunday, May 30, 2010 3:57 AM *Subject:* RE: PHP Forms And self posting I see your point, but this is a small form, just to send email. I just want to use the form itself to check and make sure all fields are filled out and then if so go ahead and send the mail and send the user to the appropriate page, and if not to display errors and take care of the issue. I have it working as a 2-page form now, where the processing is done separately, but i think it just makes more sense running it on 1 page and saving it all there. D!J!X! ------------------------------------------------------------------------ *From:* programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] *On Behalf Of *black ares *Sent:* Sunday, May 30, 2010 1:53 AM *To:* programmingblind@xxxxxxxxxxxxx *Subject:* Re: PHP Forms And self posting from a design point of view, to have one page to collect data, same page to process it, eventualy, to have all processing of a site in a single php script, is wrong. The antipatern is called god class. The problems are: 1. Maintainability. If you want to change something you have to search/find that portion of code to change and most times when processing of multiple things are in the same script, the flow is no so well intuitive and changing something could affect easily other parts. 2. Reusability, when you put all in a page/script, and if you have some other pages/scripts needing some logic you encapsuled in that first page, you must rewrite it, or reorganise that first page to pull out the comon code. For example validations like e-mails, card numbers etc, are supposed to be used in more than one page. 3. Encapsulation, writting all in a single page/script, could easily to get errors, because you have access at all things there and can use part of flows inapropiate. 4. Performance, when you put all things in a script/page, the processing of that page/script takes more time, than processing a little page. ----- Original Message ----- *From:* D!J!X! <mailto:megamansuperior@xxxxxxxxxxx> *To:* programmingblind@xxxxxxxxxxxxx <mailto:programmingblind@xxxxxxxxxxxxx> *Sent:* Saturday, May 29, 2010 9:54 PM *Subject:* RE: PHP Forms And self posting Well one of the most prevelling arguements is not to trust anything in the $_SERVER global, something i sort of knew and wasn't planning on doing. Another thing i've noticed is the use php_self seems to have some issues under apache? From what i've read people use php_self and $_SERVER together to post back, and that's "asking for trouble." And then there is the action="" method, which some browsers don't like, and again, i wouldn't use. I propose a direct url to the same page for processing. Other than that i haven't found anything that states a huge concern with security. The data i'm sending is not sensitive like ssn or ccn or things of that nature. HTH, D!J!X! ------------------------------------------------------------------------ *From:* programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] *On Behalf Of *Jared Wright *Sent:* Saturday, May 29, 2010 3:20 AM *To:* programmingblind@xxxxxxxxxxxxx *Subject:* Re: PHP Forms And self posting I'd be interested in anything you come up with that can explain why this might be a bad idea. I have always used them without much hesitation. On 5/29/2010 12:01 AM, D!J!X! wrote:Hey guys, i'm finishing up a site here and was just wondering, i've been reading online and it seems that some people strongly suggest against having php forms post back to themselves for error displaying and correction and processing. I can sort of understand why, but then again it seems that a lot of people are using it and recommend it, w3c included. Does anybody have any comments/opinions they can share that would help me shed some light on this matter? Self posting would make my life easier, but i have a solution that separates processing from the actual form page, except that there's a bit of code involved to redisplay the form with values filled in, error messages displayed etc. Any thoughts, comments, articles on the topic? THX, D!J!X!
