Internal Server Error
what the voices in my head tell me to write
Monday, April 12, 2004
Something which I have been thinking about for a while
I am currently working on a very nice (when it works properly) templating system for Ingenta which uses a whole bunch of Java technologies. Mainly JSTL and JSF but there are some Struts things in there and goodness knows what else.
I was reading some documentation for the JSF (thats Java Server Faces if you didn't know) and it seems very useful. It is more orientated towards html forms and development of web based interfaces for complex databases.
It has some very powerful API interfaces for generating form elements that become in effect self validating. I was looking into developing something like this when I was working for Pulse but never got anywhere as I was running out of time and had to abandon it.
The idea was that each form element would have a name attribute that contained the name of the table and field within it that the form element contained data for. The submitting page then took the name, decomposed it and used a "describe &li;table name> <field>" to find out what sort of data the database expects for that form control and do various validation checks on it depending on what the database was expecting
For text input the validation process would be fairly simple. Check it was text if it was a smalltext or varchar datatype check to see if there is no too much text and finally check for rude words and that's about it. Then of course you would convert html entities and strip html tags from the data before passing it into the database.
Things got more interesting when you have a limited number of values for the data. E.g. enum or set datatypes. Then you could check that you were really getting valid data and no one had tried sneaking in a nasty thing. Also you could check that a Enum database field would only have one value sent to it and a set could have more than one. This of course should be done by the form controls themselves by using checkboxes and radio buttons, but
- who do you trust
- its easier to deal with these sorts of errors before you get to the database layer.
Then the other half of the equation is writing a series of functions so you could do the following
<form> <?php $write_elements->add_form_element($tablename, $fieldname, $type); ?> </form>
(where $type is optional)
I really should get round to working on this one day.
Permanent link and Comments posted by Rob Cornelius @ Monday, April 12, 2004