I need some guidance...
I have some fields in my records that I don't want to have to worry about making sure they are created in the HTML form. For example... it started with some ADMIN only fields that I made hidden using $per_admin and IF THEN's. But it get tedious keeping up with them in the user forms vs the admin forms, and besides users could do a list source on the HTML code and see them anyway.
So I was poking around in the db.cgi sub modify_record and see:
if ($auth_user_field >= 0 and (!$per_admin or !$in{$db_cols[$auth_user_field]})) {
$in{$db_cols[$auth_user_field]} = $data[$auth_user_field];
}
$output .= &join_encode(%in);
$found = 1;
It occurs to me that the line "$output .= &join_encode(%in);" could be changed to parse the array of values in $IN from the URL and only overwrite those that exist in the URL.
For example: My database contains fields called AAA,BBB,CCC. If my html form only contains input's for AAA and BBB, then the DB.CGI should break down the $IN variable and _ONLY_ for fields that are included in the submitted form and use the value from the form, otherwise use the existing value read from the @data=&split_decode($line); for CCC which was not included in the form.
Perhaps a better example.
a record in the database has the following fields:
My html form only asks about AAA and BBB. CCC is not listed in the form at all. The user submits a url that looks like http://localhost/...AA=house&BBB=cat
The db.cgi script sees that $IN{"AAA"} exists and that $IN{"BBB"} exists. So when it comes time to set the values of the fields AAA and BBB it does something like...
$in{'AAA'} ? ($in{'AAA'} = $in{'AAA'}) : ($in{'AAA'} = $data[0]);
$in{'BBB'} ? ($in{'BBB'} = $in{'BBB'}) : ($in{'BBB'} = $data[0]);
$in{'CCC'} ? ($in{'CCC'} = $in{'CCC'}) : ($in{'CCC'} = $data[0]);
The result is the record is written as:
Note that CCC was NOT included in the submitted URL, but maintains it's value from the record. Since CCC doesn't exist in the submitted URL, db.cgi should use the value that was found during the @data=&split_decode($line); line of code. Since AAA and BBB were both present in the submitted form, they use the values from the form to supercede the values contained in the record previously (even if they are blank).
What I'm missing here (other that obvious syntactical goofs) is to parse the $IN array with a FOR NEXT loop and check any and all submitted values.
Can anyone help?
Wes
I have some fields in my records that I don't want to have to worry about making sure they are created in the HTML form. For example... it started with some ADMIN only fields that I made hidden using $per_admin and IF THEN's. But it get tedious keeping up with them in the user forms vs the admin forms, and besides users could do a list source on the HTML code and see them anyway.
So I was poking around in the db.cgi sub modify_record and see:
if ($auth_user_field >= 0 and (!$per_admin or !$in{$db_cols[$auth_user_field]})) {
$in{$db_cols[$auth_user_field]} = $data[$auth_user_field];
}
$output .= &join_encode(%in);
$found = 1;
It occurs to me that the line "$output .= &join_encode(%in);" could be changed to parse the array of values in $IN from the URL and only overwrite those that exist in the URL.
For example: My database contains fields called AAA,BBB,CCC. If my html form only contains input's for AAA and BBB, then the DB.CGI should break down the $IN variable and _ONLY_ for fields that are included in the submitted form and use the value from the form, otherwise use the existing value read from the @data=&split_decode($line); for CCC which was not included in the form.
Perhaps a better example.
a record in the database has the following fields:
AAA=house
BBB=dog
CCC=volkswagen
My html form only asks about AAA and BBB. CCC is not listed in the form at all. The user submits a url that looks like http://localhost/...AA=house&BBB=cat
The db.cgi script sees that $IN{"AAA"} exists and that $IN{"BBB"} exists. So when it comes time to set the values of the fields AAA and BBB it does something like...
$in{'AAA'} ? ($in{'AAA'} = $in{'AAA'}) : ($in{'AAA'} = $data[0]);
$in{'BBB'} ? ($in{'BBB'} = $in{'BBB'}) : ($in{'BBB'} = $data[0]);
$in{'CCC'} ? ($in{'CCC'} = $in{'CCC'}) : ($in{'CCC'} = $data[0]);
The result is the record is written as:
AAA=house
BBB=cat
CCC=volkswagen
Note that CCC was NOT included in the submitted URL, but maintains it's value from the record. Since CCC doesn't exist in the submitted URL, db.cgi should use the value that was found during the @data=&split_decode($line); line of code. Since AAA and BBB were both present in the submitted form, they use the values from the form to supercede the values contained in the record previously (even if they are blank).
What I'm missing here (other that obvious syntactical goofs) is to parse the $IN array with a FOR NEXT loop and check any and all submitted values.
Can anyone help?
Wes