Best way to build a form with user-defined required fields
Development and Programming
Hello,
When developping a module which would use a required parameter (ie: required=”name|email”), what’s the best way to pass parameters to the action page ?
I mean, using hidden fields to pass parameters seems too risky, shall we store user generated parameters in a database ?
Any help appreciated, thanks !
I like the idea to use them as a parameter: required=”name|email”. I also needed this recently and went the approach of having them as part of the form fields.
Example:
<input type="text" name="email:required:valid_email" />
<input type="text" name="name:required" />Then for the form validation:
if (isset($_POST))
{
// Check required fields
foreach ($_POST as $field => $data)
{
$original_field = $field;
if (strstr($field,':'))
{
$rules = '';
$validation = explode(':', $field);
$field_name = array_shift($validation);
foreach($validation AS $rule)
{
$rules .= $rule.'|';
}
$this->form_validation->set_rules($original_field, ucfirst($field_name), $rules);
}
}
}I’m not sure displaying required informations in the HTML is a good idea.
What if someone makes a fake form and remove required value ? The best way to handle this I guess is to define required fields from server side.
My idea was to associate a random unique id to the generated form (could we use XID ? or md5 on tag parameters ?), then on server side query database and see which fields are associated to this form and check if they’re required or not.
Is this a good solution ?
The problem is that we need to detect if form’s tag parameters change…
Yea you are right I use this just on stuff that isn’t “mission critical”. 😊
I would explore your first thought more:
{exp:module:form validation="field1|required,field2|valid_email,field3|trim"}
Then in form method:
$validation = $this->EE->TMPL->fetch_param('validation');
$fields = explode(',', $validation);
foreach ($fields AS $item)
{
$rules = explode('|', $item);
$field_name = array_shift($rules);
$this->form_validation->set_rules($field_name, ucfirst($field_name), $rules);
}Totally untested but that is what I am thinking anyway :D
Actually the idea of including validation parameters inline isn’t a bad one, providing the form template is parsed by your module/plugin and the rules removed before being output to the user.
It’s the approach used by eform in MODx.
While eform is MODx specific, it does contain an awful lot of form parsing routines that could be borrowed…
In fact, the problem isn’t passing parameters to the form generation tag, but to the action page.
Ie : {exp:mymodule:form required="name|email"} would generate a form like this <form action=”/results/” method=”post”>
But when on the /results/ page, “mymodule” would parse the input->post() data, then it has to check if there are defined required fields.
So my question is : is there any built-in EE function or any well known secure way to store parameters in the database, in order to get them back on the action page ?
http://phpformgen.sourceforge.net/new_demo/phpformgen/index.php
I dont think that now it is a problem. Nowadays there are tons of form builder software. It is possible to use it or see the generated code to customize your own form