I have a very long order form that enables saving drafts. If saved as draft, only order name is required but when actually placing an order a more thorough validation is required. I implemented this by using different validation groups. When editing the order I display two buttons: "Save draft" and "Place order". Each of them performs validation using a different validation group.
But now I would like to make a button on the list of orders which enables to change order status from 'draft' to 'placed' directly. To do so, validation must be performed without displaying edit form and submitting it. I would just like to validate the entity that is already in the database. I can use the validator service and everything is simple as long as the data is valid. But in case data isn't valid, I would like to redirect user to the edit form with fields with missing data highlighted. The idea seems to load data from database into the form and run validation as if that data were sent using a browser but execution of this doesn't seem to be trivial because Symfony2 triggers validation on form only when binding the request.
I was going through the Symfony source code and found s class called Symfony\Component\Form\Extension\Validator\EventListener\ValidationListener. It seems to attach itself on the FormEvents::POST_SUBMIT event. Is there a way to trigger this event manually from the controller without request binding? Or are there any alternative approaches to my problem?
Just to point out the correct answer already given by Matjaž Drolc in the comments:
If you want to validate a form without getting the data from the request, you have to call the form->submit() function, because Symfony does not validate the fields if they are not marked as submitted, which is done by this function.
Call the function like this
$form->submit(array(), false);
With an empty array as the submitted data and not clearing the missing fields.
Related
Lets assume one uses a form to update a doc in a collection.
Generally, upon submit, one would use some type of form validation process to verify the sanity of the fields in the form. Then after the data verifies, lets assume that the data is passed to a meteor method to actually update the collection.
But theoretically, a user could use the javascript console to fabricate a meteor call to the same update method. For reasons of security, in order to validate submissions made via the console, doesn't this imply that the fields must be verified for sanity in methods too?
So, for normal submission cases via the form, this will cause the same fields to be verified twice (once during form validation, and once within the method).
Is there an elegant way to get around the redundant verification, or must all methods have a redundant field verification step?
You should consider using aldeed:collection2 for validating updates to collections. Normally you define your schema in /lib and then updates will be validated both on the client and on the server but you only have to write the code once. If you want to avoid double work then only validate on the server because you can't trust the client. This is not recommended because the cost of client-side validation is borne by your user, not your server. You can create a better UX if you validate the fields as they are entered instead of onSubmit because you will give the user feedback earlier.
My basic validation approach:
Event handler on each form field on change event change(){}. This does things like making the field border green for a valid entry, red X for an invalid one.
Collection2 validates document inserts/updates on client
Methods validate their arguments
Collection2 validates document inserts/updates on server
More reading:
http://0rocketscience.blogspot.com/2015/07/meteor-security-no-2-all-praise-aldeed.html
http://0rocketscience.blogspot.com/2015/12/meteor-security-no-4-extending-match.html
In ATG form Handling, i have a scenario, where the success and error URL are same? This Formhandler is for creating/Editing/Deleting the Gift certificate.
When ever we add a Gift certificate entering all the fields in the page, it gets added to the cart? but the form fields are getting retained in the input fields? It should get retained only in case of error in validation, but on success it should remove all the user enter fields in the input fields.
i cannot set value="", as this will fail in error flow where i need to show the user entered values along with the invalid field data entered.
Do we need to manually reset the values to empty string or is there any better way?
Please suggest?
Is your form handler session scoped? If you do not need the values post submission in the form handler input fields, you can make it request scoped, the values will be cleared after the request is handled.
If you are saying the fields are stored even when your form handler is session scoped, I would like to know how that is happening.
If you want to display the incorrect entry by the user, add it to the form Exceptions with the formatted message, so you don't need it later.
Hope this helps.
Is it possible in Codeigniter to run a multi-step Form validation, such that, when an error has been found, the form validation will stop (not validating the other Form validation rules)?
With the set_rules() and run() method of the Form_validation class, all the rules are checked even if it does not pass the first one.
Or is it better to validate those criteria in my model in the particular order (such that it stops on a validation error) and pass the single error message to my view?
Ralph, I am not sure you can do it with standard CI validation library.. You may need to extend/overwrite it in order to achieve what you want. You can display a first error message individually, but in the background the full data check would run.
Depending on how complex the data validation you need, you could also get some jQuery plugin to roughly check the data before the form is submitted. This will reduce the risk of bad data being sent and may reduce the overhead on server side.
I am writing a search form in CakePHP 2.0, current I have set it up running with the index action and view (it also posts to the index action) with validation against the model so that if anything incorrect is entered into a search field (fields include date, price) there is a nice validation error message next to the element. Basically it is a bit like a scaffolded add form.
If validation is successful I need to actually run a query and return some data. I don't want to display this data in the index view - should I:
Run the query then render a different view (which means the URL doesn't change - not sure I want that).
Store the search parameters in a session, redirect off to another action then retrieve the search details.
Is there any other way?
Both options are ok. You must decide what you like more, to not change the url or to change it?
you may also use the named parameters to pass the info so a user can bookmark their request, though it would need to do the validations in the same page as where it shows results. I usually do this with the cakedc search plugin.
Returning to your two options, if you mean which is better in performance i would choose number one, since the second one needs to load a new model/controller etc
I doing a multi page form, but I'm not using sub form - just persisting the data in mySQL.
I want to use validators on each form, but to allow the form to submit even if validation fails. I want to use the validators instead to post a flag in my database to say whether or not the form passed or failed validation.
The reason for this is to allow each form to be updated over a period of weeks, but the final submission of all the forms is then subject to whether each separate form validated (according the the flag set in the database).
Any tips would be apprecited, especially on modifying the validation script.
I don't think you need to modify anything.
Zend doesn't to JavaScript form validation, it is done server-side, so a form is submitted and POST/GET data is generated regardless. It is only in your action that you call $form->isValid($_POST);
The action you are submitting your preliminary and final steps should be different, such as processPreliminaryAction() and processFinalAction().
In your preliminary steps, you can iterate through submitted form Elements and call isValid() on each element, then you can save whether or not the field was valid in MySQL along with its value.
In your final submission, you call isValid() on the entire form and proceed with what you need to do only if it is TRUE.