[ZWeb] Validating Form Data

Christian Theune ct@gocept.com
Tue, 5 Mar 2002 16:44:24 +0100


Hi.

First, you shouldn' rely on JScript to validate forms, as everybody
could bypass them by constructing the url manually.

As a hint, you should try to look what data is contained in the REQUEST.

On Tue, Mar 05, 2002 at 09:24:36AM -0700, Mike Tran wrote:
> I am using the Javascript below to validate data on my form.  The part where
> it validate form data works fine.  My problem is when I call on the method
> "insertResume", my form variables does not get passed.
> For example, on the form i have a textbox field called "age".  I reference
> this in the "insertResume" method with <dtml-var age>, but the age variable
> does not get passed from the form to the "insertResume" method.
> 
> Does anyone have any idea on how to fix this or maybe show me how to validate
> form data in Zope?  I've tried <dtml-unless> but the user have to go to
> another page and go back to the form itself to correct the data. With
> Javascript the user can stay on the same page.
> 
> Thanks,
> 
> <SCRIPT LANGUAGE="JavaScript">
> <!--
> function valid(form) {
>   var field = form.age;
>   var userAge = parseInt(field.value);
>   if (!userAge) {
>     alert("You must indicate your age.");
>     return false;
>   } else if (userAge >= 18) {
>       alert("Thank your for your resume.");
>       return true;
>     } else {
>         alert("You are only " + userAge + ". Try again when you are 18.");
>         field.focus();
>         field.select();
>         return false;
>       }
> }
> // -->
> </SCRIPT>
> 
> <FORM METHOD="POST" ACTION="insertResume" onSubmit="return valid(this)">
> 
> Your age:<BR><INPUT TYPE="text" NAME="age" SIZE="2"><BR>
> Desired Job:<BR><INPUT TYPE="text" NAME="job" SIZE="40"><BR>
> Resume:<BR><TEXTAREA NAME="resume" COLS="40" ROWS="5"></TEXTAREA><BR>
> <INPUT TYPE="submit" VALUE="Send Resume">
> </FORM>
> 
> --
> Mike
> 
> -------------------------------------------------------
> 
> -- 
> Mike Doanh Tran
> Shuffle Master Gaming Inc.
> 
> _______________________________________________
> Zope-web maillist  -  Zope-web@zope.org
> http://lists.zope.org/mailman/listinfo/zope-web

-- 
Christian Theune - ct@gocept.com
gocept gmbh & co.kg - schalaunische strasse 6 - 06366 koethen/anhalt
tel.+49 3496 3099112 - fax.+49 3496 3099118 mob. - 0178 48 33 981

reduce(lambda x,y:x+y,[chr(ord(x)^42) for x in 'zS^BED\nX_FOY\x0b'])