Re: [AOLSERVER] Input data verification
This sounds like your trying to create something very like what we have in the OpenACS i.e. the forms API and ad_page_contract. Both of which provide extensive and well organised facilites for doing this. Much of what goes on in the OpenACS' request broker is not database specific or dependent, and for that matter isn't all that dependent on the OpenACS datamodel in general. I'm wondering whether there's a case emerging here for creating the OpenACS request processor as an extension to AOLServer (rather than as a component of OpenACS) Thoughts? Patrick Spence wrote: 000801c2845e$1a0431f0$6a7ba8c0@ERIS"> why not the tcl command "string"like: string is integer $string:) http://tcl.activestate.com/man/tcl8.4/TclCmd/string.htm-- Patrick Spence arivenATarivenDOTcom www.RandomRamblings.com www.Ariven.com- Original Message -From: "Danil Mantione" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Sent: Monday, November 04, 2002 2:41 PMSubject: [AOLSERVER] Input data verification Hello,You have propably all build a simple a html form and ascript that processes the form. Now how do you verify your input data?For example, you want the user to enter a number. How do you verify on theserver side that someone indeed sent a number?Usually I use the scan command, i.e.:set r [ns_conn form]set variabletxt [ns_set iget $r variable]if {[scan %d $variabletxt variable] == 0} then {ns_returnnotfoundreturn -code return} else {.}Now this is quite a lot of code for such a simple check and you write itin each form again. I got a bit bored and wrote a library for it. Now itis much easier, at the start of a script I just do:bind_form_vars {mode req num} {actionurl req} {tabledef req} {index num} {action} What does this do?- A form variable "mode" is assigned to the variable "mode". The variable is required ("req") and it must be numeric ("num").- The form variable "actionurl" is assign to the variable "actionurl" and it is required.- The same for "tabledef".- "index" is not required, if it is not present the variable "index" will be set to {}, but if it is present it should be numeric- "action" is not requiredNow, since it is a very basic task that allmost every AOLserver user hasto do, is it perhaps an idea to make such a library part of the standardAOLserver distribution?Danil . -- Simon Millward Director OpenMSG Limited +44 (0) 7818 045 801 Tel: +44 (0)1225 48 48 05 Fax: +44 (0)1225 31 6789 Web http://www.open-msg.net Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of OpenMSG Ltd.
Re: [AOLSERVER] Input data verification
On Tue, 5 Nov 2002, Simon Millward wrote: This sounds like your trying to create something very like what we have in the OpenACS i.e. the forms API and ad_page_contract. Both of which provide extensive and well organised facilites for doing this. Much of what goes on in the OpenACS' request broker is not database specific or dependent, and for that matter isn't all that dependent on the OpenACS datamodel in general. I'm wondering whether there's a case emerging here for creating the OpenACS request processor as an extension to AOLServer (rather than as a component of OpenACS) Hmmm. At least OpenACS does not use it itself very well, I've yet to see an example of a page that does verify it's input data... But ok, we should take a look at it then. Daniël
Re: [AOLSERVER] Input data verification
Daniel, I'm surprised you say that, unless I'm missing what your trying to achieve. OpenACS has numerous mechanisms an opportunities for data validation. The ad_page_contract section offers a series of ways to restrict, validate and correct data posted between pages. The newer forms API offers a really simple way to create forms ina single tcl file, that can be defined as widget types, each conforming to a data standard, furthermore each widget can be customised to have further, bespoke validation applied and so on. I suspect that lack of documentation (hey ho, here I go again ;o), and also a lack of good exemplar code and practices in some packages has more to do with it. However,we may be discussing a different kind of issue here? I am understanding correctly? The introduction of a request processor/filter that might offer the chance to peform such validation is what your after? Cheers Simon Danil Mantione wrote: [EMAIL PROTECTED]"> On Tue, 5 Nov 2002, Simon Millward wrote: This sounds like your trying to create something very like what we havein the OpenACS i.e. the forms API and ad_page_contract. Both of whichprovide extensive and well organised facilites for doing this.Much of what goes on in the OpenACS' request broker is not databasespecific or dependent, and for that matter isn't all that dependent onthe OpenACS datamodel in general.I'm wondering whether there's a case emerging here for creating theOpenACS request processor as an extension to AOLServer (rather than as acomponent of OpenACS) Hmmm. At least OpenACS does not use it itself very well, I've yet to seean example of a page that does verify it's input data...But ok, we should take a look at it then.Danil. -- Simon Millward Director OpenMSG Limited +44 (0) 7818 045 801 Tel: +44 (0)1225 48 48 05 Fax: +44 (0)1225 31 6789 Web http://www.open-msg.net Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of OpenMSG Ltd.
Re: [AOLSERVER] Input data verification
On Mon, 4 Nov 2002, Scott Goodwin wrote: Hi Daniël, Yes, this would be useful, maybe as a standard ns_* style command, something like an ns_bind_vars. Right now the focus is on setting up a core AOLserver team, getting AOLserver 3.5.0 fully documented, getting the current modules cleaned up/documented, getting AOLserver 4.0 released, and a few other things. When the majority of that work is done, I think we can look at improvements to the server and modules such as you've outlined below. How are your C skills? Your man page creation skills? Thats where we could use some help right now. Ehm, you are asking me to join the team? Well, I'm honoured but I'm also on of the main programmers of Free Pascal, a Pascal compiler, and I'm quite busy with that too. But if there is some work to do, I'm prepared to help. My C skills are ok and I haven't yet written a manpage, but I guess it's as easy as writing html. Daniël
Re: [AOLSERVER] Input data verification
Sure. I'm not going to say that a number of packages and areas of code aren't subject to fairly bad practice. Theres a lot of work gone into getting the core of the system right, and i accept there's still quite a bit to do going forward with many of the packages. However, in principle at least the function of much of what goes on in OpenACS's request broker is certainly something that might have a place both in the OpenACS community and the AOLServer one in the wider sense. Possibly not everything is there/done/correct, but my thinking is that surely there may be an opportunity to combine a degree of effort/common interest and possibly consider something that neither is 'dependent on' but both could use? Just thought it might be worthwhile taking a look at least to the principle of the way data validation in forms is handled via the 'form' command/API. Cheers Simon On Tuesday, November 5, 2002, at 05:10 pm, Daniël Mantione wrote: On Tue, 5 Nov 2002, Simon Millward wrote: I'm surprised you say that, unless I'm missing what your trying to achieve. I just checked again and I did found indeed validation code, so sorry about the my false claims, but the are many cases where it is omitted. For example take admin/bboard/administer.tcl, the variable topic_id is never checked if it is a proper integer. Also, the checking done in check_for_form_variable_naughtiness isn't a proper library, these are just OpenACS specific checks. Daniël
Re: [AOLSERVER] Input data verification
In a message dated 11/5/02 12:31:57 PM, [EMAIL PROTECTED] writes: Just thought it might be worthwhile taking a look at least to the principle of the way data validation in forms is handled via the 'form' command/API. If someone is willing to submit this as a slightly more formal request, the AOLserver Core Team can take look and make a determination about if/how to integrate into the AOLserver core. That said, the core team is still in the midst of being formed, so feel free to send directly to me ([EMAIL PROTECTED]). I'd also suggest taking a look at the TIP format used by the Tcl folks (http://www.scriptics.com/cgi-bin/tct/tip/3.html) as we'll most likely adopt that in the future. Let me know if there are any questions. Thanks! - Nathan
Re: [AOLSERVER] Input data verification
On Tue, Nov 05, 2002 at 03:43:42PM +0100, Daniël Mantione wrote: Hmmm. At least OpenACS does not use it itself very well, I've yet to see an example of a page that does verify it's input data... On Tue, Nov 05, 2002 at 02:53:15PM +, Simon Millward wrote: Daniel, I'm surprised you say that, unless I'm missing what your trying to achieve. OpenACS has numerous mechanisms an opportunities for data validation. The ad_page_contract section offers a series of ways to restrict, I concur with Simon, OpenACS has LOTS of input validation, both tools to do it, and real live examples of those tools being used. Incidentally, virtually all of those validation (and other) utilities CAN be used in a non-OpenACS AOLserver environment (and I've done so in some cases), but they are not set up to be easily reused in a non-OpenACS environment - something I'd like to change in the future, when I have time. -- Andrew Piskorski [EMAIL PROTECTED] http://www.piskorski.com
Re: [AOLSERVER] Input data verification
I was asking if you would be able to sign up for any tasks as they come up. Right now if you can identify a man page to document that hasn't been signed up for yet, we could use your help there. Go to the SourceForge Tasks section, Documentation. We're signing up for man pages by file (ns_sock.n for example). If you're in doubt about how to sign up for a man page, contant Nathan ([EMAIL PROTECTED]) or myself. Thanks, /s. -Original Message- From: AOLserver Discussion [mailto:AOLSERVER;LISTSERV.AOL.COM] On Behalf Of Daniël Mantione Sent: Tuesday, November 05, 2002 11:15 AM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] Input data verification On Mon, 4 Nov 2002, Scott Goodwin wrote: Hi Daniël, Yes, this would be useful, maybe as a standard ns_* style command, something like an ns_bind_vars. Right now the focus is on setting up a core AOLserver team, getting AOLserver 3.5.0 fully documented, getting the current modules cleaned up/documented, getting AOLserver 4.0 released, and a few other things. When the majority of that work is done, I think we can look at improvements to the server and modules such as you've outlined below. How are your C skills? Your man page creation skills? Thats where we could use some help right now. Ehm, you are asking me to join the team? Well, I'm honoured but I'm also on of the main programmers of Free Pascal, a Pascal compiler, and I'm quite busy with that too. But if there is some work to do, I'm prepared to help. My C skills are ok and I haven't yet written a manpage, but I guess it's as easy as writing html. Daniël
Re: [AOLSERVER] Input data verification
Hi Daniël, Yes, this would be useful, maybe as a standard ns_* style command, something like an ns_bind_vars. Right now the focus is on setting up a core AOLserver team, getting AOLserver 3.5.0 fully documented, getting the current modules cleaned up/documented, getting AOLserver 4.0 released, and a few other things. When the majority of that work is done, I think we can look at improvements to the server and modules such as you've outlined below. How are your C skills? Your man page creation skills? Thats where we could use some help right now. /s. -Original Message- From: AOLserver Discussion [mailto:AOLSERVER;LISTSERV.AOL.COM] On Behalf Of Daniël Mantione Sent: Monday, November 04, 2002 3:42 PM To: [EMAIL PROTECTED] Subject: [AOLSERVER] Input data verification Hello, You have propably all build a simple a html form and a script that processes the form. Now how do you verify your input data? For example, you want the user to enter a number. How do you verify on the server side that someone indeed sent a number? Usually I use the scan command, i.e.: set r [ns_conn form] set variabletxt [ns_set iget $r variable] if {[scan %d $variabletxt variable] == 0} then { ns_returnnotfound return -code return } else { . } Now this is quite a lot of code for such a simple check and you write it in each form again. I got a bit bored and wrote a library for it. Now it is much easier, at the start of a script I just do: bind_form_vars {mode req num} {actionurl req} {tabledef req} {index num} {action} What does this do? - A form variable mode is assigned to the variable mode. The variable is required (req) and it must be numeric (num). - The form variable actionurl is assign to the variable actionurl and it is required. - The same for tabledef. - index is not required, if it is not present the variable index will be set to {}, but if it is present it should be numeric - action is not required Now, since it is a very basic task that allmost every AOLserver user has to do, is it perhaps an idea to make such a library part of the standard AOLserver distribution? Daniël