On Fri, Mar 04, 2005 at 15:57:47 -0800,
operationsengineer1@yahoo.com wrote:
>
> --- Bruno Wolff III <bruno@wolff.to> wrote:
> > On Fri, Mar 04, 2005 at 00:27:05 -0600,
> > Ross Gohlke <ross@grinz.com> wrote:
> > >
> > > Code your form manually with the proper element
> > names. Add a hidden
> > > element for each visible element to pass the
> > field's type for validation
> > > purposes.
> >
> > This should be in an additional table in the
> > database, not on the form.
> > Otherwise the end users can send back incorrect
> > types to check against
> > which could potentially be a security issue.
>
> bruno, help me out here. are you saying that a table
> in the db should have columns for table, column name
> and field type (same as data type, right?)?
If you want to use the suggestion regarding generating automatic forms,
that would be a good idea. If your types map exactly postgres types,
the type information will already by in the system catalogs and the
information schema. The idea is that you can do input validation based
on the type early on while process the form results.
> Would the layout look as follows?
If you were to do this I would use one table for all of your forms rather
than having a table per form. You might also include positioning information
in this table if you are using a fairly simple position system while
generating the forms.
>
> Table: t_form
>
> Columns: table, column, data_type
>
> Sample Entry: customer, customer_name, varchar
> Sample Entry: customer, customer_phone, varchar
>
> tia...