[cgiapp] Usefulness of the FillInForm plugin since the
HTML::FillInForm 2.0 release?
Brad Cathey
breadwild at gmail.com
Fri Mar 27 11:45:32 EDT 2009
Mark,
I use both, but only HTML::FillInForm in legacy code before I started
using C::A exclusively.
I've had no issues with either.
I do a ton of online forms where I untaint and validate the data and
use CAP::FillInForm to repopulate the form if I need to re-output the
form do to a validation error.
So:
($sql{'link'}, $error) = $self->val_text( 0, 128, $self->query-
>param('link') );
if ( $error-> { msg } ) { $self->push_error("Link $error-
>{ msg }"); }
#where val_text is my validation method and the %sql is used later to
populate a notification email or database record
#if there is an error:
foreach (keys %sql ) { $fif->{$_} = $self->query->param($_); }
$template->param( errors => $self->get_error_list() ); #get the
errors pushed into an array
return $self->fill_form( \$template->output, $fif );
I suppose I could nix the Plugin, but not sure why, at this point.
Brad
On Mar 25, 2009, at 8:32 PM, Mark Stosberg wrote:
>
> I'm wondering if it's time to quit recommending the FillInForm plugin.
> The way I see it, it has about 3 features, all now of questionable
> value:
>
> 1. It provides a more convenient syntax than HTML::FillInForm 1.x
> did. These
> deficiences were fixed in HTML::FillInForm 2.0.
>
> 2. It defaults the data source to $self->query.
> I don't find that exceptionally useful. It could even be considered
> an security
> risk to be passing data unchecked from the query on to a new HTML
> page. Using a
> trusted data source like a Data::FormValidator result or a database
> row is
> usually a better option.
>
> 3. It automatically ignores the 'rm' field for you, by taking it as
> the value
> of mode_param(). That's a nice bit of integration, but it seems that
> mode_param() can work several different ways, and it won't always
> return the
> name of a query parameter that holds the name of the run mode call.
> This
> feature also adds no value in the context of dispatching.
>
> What I'm finding is that now that HTML::FillInForm 2.x is out, I
> just use that
> directly instead. The syntax is now clear and easy:
>
> HTML::FillInForm->fill($html,$data);
>
> That ease-of-use completes really well with what the plugin offers:
>
> $self->fill_form($html,$data);
>
> By eliminating the plugin layer, there's less code, documentation
> and just
> complexity involved in what's happening.
>
> I'd like to hear from other users: Do use the FillInForm plugin, or
> do you use
> HTML::FillInForm directly now?
>
> Mark
>
>
> --
> http://mark.stosberg.com/
>
>
>
>
> ##### CGI::Application community mailing list ################
> ## ##
> ## To unsubscribe, or change your message delivery options, ##
> ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
> ## ##
> ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
> ## Wiki: http://cgiapp.erlbaum.net/ ##
> ## ##
> ################################################################
>
More information about the cgiapp
mailing list