Gossamer Forum
Home : Products : DBMan : Customization :

hidden fields / not keeping track of all fields in a database in html form.

Quote Reply
hidden fields / not keeping track of all fields in a database in html form.
I need some guidance...

I have some fields in my records that I don't want to have to worry about making sure they are created in the HTML form. For example... it started with some ADMIN only fields that I made hidden using $per_admin and IF THEN's. But it get tedious keeping up with them in the user forms vs the admin forms, and besides users could do a list source on the HTML code and see them anyway.

So I was poking around in the db.cgi sub modify_record and see:
if ($auth_user_field >= 0 and (!$per_admin or !$in{$db_cols[$auth_user_field]})) {
$in{$db_cols[$auth_user_field]} = $data[$auth_user_field];
}
$output .= &join_encode(%in);
$found = 1;

It occurs to me that the line "$output .= &join_encode(%in);" could be changed to parse the array of values in $IN from the URL and only overwrite those that exist in the URL.

For example: My database contains fields called AAA,BBB,CCC. If my html form only contains input's for AAA and BBB, then the DB.CGI should break down the $IN variable and _ONLY_ for fields that are included in the submitted form and use the value from the form, otherwise use the existing value read from the @data=&split_decode($line); for CCC which was not included in the form.
Perhaps a better example.
a record in the database has the following fields:


AAA=house
BBB=dog
CCC=volkswagen


My html form only asks about AAA and BBB. CCC is not listed in the form at all. The user submits a url that looks like http://localhost/...AA=house&BBB=cat
The db.cgi script sees that $IN{"AAA"} exists and that $IN{"BBB"} exists. So when it comes time to set the values of the fields AAA and BBB it does something like...

$in{'AAA'} ? ($in{'AAA'} = $in{'AAA'}) : ($in{'AAA'} = $data[0]);
$in{'BBB'} ? ($in{'BBB'} = $in{'BBB'}) : ($in{'BBB'} = $data[0]);
$in{'CCC'} ? ($in{'CCC'} = $in{'CCC'}) : ($in{'CCC'} = $data[0]);

The result is the record is written as:

AAA=house
BBB=cat
CCC=volkswagen


Note that CCC was NOT included in the submitted URL, but maintains it's value from the record. Since CCC doesn't exist in the submitted URL, db.cgi should use the value that was found during the @data=&split_decode($line); line of code. Since AAA and BBB were both present in the submitted form, they use the values from the form to supercede the values contained in the record previously (even if they are blank).

What I'm missing here (other that obvious syntactical goofs) is to parse the $IN array with a FOR NEXT loop and check any and all submitted values.

Can anyone help?

Wes
Quote Reply
Re: [kd4rdb] hidden fields / not keeping track of all fields in a database in html form. In reply to
The problem is that when you alter the database -- through an add form, modify form or delete form -- the values are not in the URL. Those forms are submitted via the "post" method. The ones where the values are in the URL use the "get" method and are only for searching.

It would be conceivably possible to do what you want, even with the "post" method, so that only those fields that have had a value sent to the database would be recorded, but (you knew that was coming, didn't you ;) ) you would never be able to clear a field. Let's say that you had "Volkswagen" in your CCC field and you sold your car so you don't have one any more. You'd modify your record, delete the value in the field and nothing would change in the record, because nothing would have been submitted for that field. You would never be able to get rid of that Volkswagen. :)

Quote:

But it get tedious keeping up with them in the user forms vs the admin forms, and besides users could do a list source on the HTML code and see them anyway.

There should only be one form for all users. That's the point of having the $per_admin value. And once you get the form set up, you never have to worry about it again.


JPD
----------------------------------------------------
JPDeni's DBMan-ual
How to ask questions the smart way.
Quote Reply
Re: [kd4rdb] hidden fields / not keeping track of all fields in a database in html form. In reply to
In my database, I need to create limited forms that do not contain all the fields in a record. For example, in my database I keep track of equipment issued to various members of our group. The equipment database is quite extensive and contains relatively static fields such as equipment name, serial number and the barcode that is attached. But in day to day use, all my users need to do is change one field... who it is assigned to. The way I'm doing the assigning is to generate a pick list for each piece of equipment when I do a "list all". The pick list contains a pre-fab'ed URL. Problem is.... what if someone changes the barcode attached to the radio at the same time I'm choosing a person to assign it to? Let's say the pre-fab'ed URL is 5 minutes old, and someone made a change to the serial number of the radio AFTER my prefabb'ed URL was generated. If I submit the prefabbed URL, the serial number field in my record goes back to it's original value. It would be better if I could just submit a form that ONLY contained the fields I intended to change and not ALL of the fields as dbman requires now.
I gave this some thought and realized that there is a difference between NOT including a field in the URL submitted and including blank data in a field. In the normal DBMan, a --- represents a null value and is stripped out in the sub parse_form. What I've done is to make any field that is blank in the submitted URL contain ---, and postpone removing the --- until the sub join_encode.
The slick part about this mod is that it allows you to create a VERY short form without having to hide the fields (ie input type="hidden"). You must include the db_key field (such as ID for example) and atleast one other field. All other fields that are NOT listed in your form will maintain the values they presently have in the database.
Presently the only problem yet to be solved is that fields that are NOT_NULL and are not included in the submitted URL will cause the database to generate a %fieldname% cannot be blank message during the sub validate_record. I have a solution in mind, but have not implemented it yet.

All of these changes are made to db.cgi.
In sub parse_form after line:
$value =~ s/<!--(.|\n)*-->//g;
add:
if ($value eq "" ) {
$value="---";
}

and comment out:
# if ($value eq "---" ) { next PAIR; }

In sub modify_record after line:
# If we have userid's and this is not an admin, then we force the record to keep it's own
# userid.
if ($auth_user_field >= 0 and (!$per_admin or !$in{$db_cols[$auth_user_field]})) {
$in{$db_cols[$auth_user_field]} = $data[$auth_user_field];
}
add:
$count=0;
foreach $col (@db_cols) {
$value=$data[$count];
$count=$count+1;
$tmp = $in{$col};
if ($tmp eq ''){
$in{$col}=$value;
}
}
and finally in sub join_encode after line:
$tmp =~ s/\n/``/g; # Change newline to `` symbol.
add:
$tmp =~ s/---//g; # Change newline to `` symbol.
Quote Reply
Re: [kd4rdb] hidden fields / not keeping track of all fields in a database in html form. In reply to
If you find a workaround that works for you, that's great. There is a built-in way to do what you want, which is to use hidden fields, but if you don't want to use them and you can come up with something else, that's your choice.


JPD
----------------------------------------------------
JPDeni's DBMan-ual
How to ask questions the smart way.