HTML validation error message reveals correct value unintentionally - html

I am trying to use an HTML number input field to validate a one-time code a user has. The one-time code is a Django model attribute under the user model, with the user object passed into the HTML template. Currently it is set up as such:
<input type="number" name="auth_code" value="" min="{{user.auth_code}}" max="{{user.auth_code}}" onchange="this.setCustomValidity('')" onkeypress="this.setCustomValidity('')" oninput="this.setCustomValidity('')" oninvalid="this.setCustomValidity('This authorization code is incorrect.')" required />
If the user's code is 100000, and I enter 100001, I get the oninvalid message (as expected). However, if I delete a digit (or the whole number), I get a message stating "The value must be user.authcode." Clearly I don't want this value shown.
If I set any message in the onchange or oninput field other than ('') (i.e. ('Enter a code.')), I can't validate any code (correct or incorrect). I run into the "This authorization code is incorrect." message even when validating 100000.
How can I get around this?

Related

How to prevent users from tampering HTML Form in the browser?

I have few checkboxes in my template whos value is the id of database row. I am using AJAX to post these values back and forth.
{% for item in sale_order_items %}
<tr>
<td class="text-center">
<input type="checkbox" name="saleorderitem" value="{{item.id}}">
</td>
</tr>
item.id for instance renders to 1. Now what if the user changes the value from 1 to 2 in browser using "inspect" and submits the form. what can I do at the frontend or django backend to prevent this and check if the user is submitting the same values as intended?
This depends on many different things but to take you back to the basics: When you create a function in order to bulletproof it out of any errors you use type and value checks.
I would think the best approach to this is to add some back-end checks. The form values returned would have to adhere a set of rule such as a value threshold. If the value returned is beyond that threshold then that would mean that something has changed in the HTML.
You add a check if it fails then the back-end would return an error. In collaboration with front-end you refresh the page and return an error message. It might be really terrible UX but an average end user would never change values using their inspector.
The other alternative is to use javascript to detect any kind of HTML/DOM mutations or changes which I would advice against. Having values to be checked against specific criteria (using the back-end) is best as it foolproofs info passed on to your server against any change.
I found a solution, in this scenario django session variable can be used to store data between requests. When I load the form, I set the session variable to the required values, then on form submission, I check the submitted values with the values in session variable. And it works.

Passing variables with Jinja2 within 3 templates

I have this problem:
I have 3 templates:
Search_user
Show_user
Edit_user
Whit the search_user I'm getting the name value with the post method, then I'll search the data in the db, save the data in an array called user and then pass the array to the Show_user template.
In the Show_user template I show the data with {{ user[0] }}, {{ user[1] }}...{{ user[7] }}, under this data I have a button that bring me to the Edit_user template.
But in the Edit_user template I don't know how to pass the previous data, I don't know hot to export data with the post method or any other methods.
A walk around could be <input type="text" name="surname" value="user[0]" required> but I don't want to show the textbox in the Show_user template.
You don't need to pass any data except some kind of user identifier (a number or a user name) to fetch the user back from the database when needed.
It can be done in multiple ways:
add it to the endpoint URL in the form action (/user/edit/<user-id>)
or use your web framework session to store the user identifier
or add the identifier to your templates as a hidden form field (type=hidden)
...
In any case you just need to get that piece of information (from the URL endpoint, from the session, from the form data...), use it to fetch the user from the database, then pass the user to the edit template.
If you're using a web framework just read the docs, this is a trivial use case that we'll be very likely well documented.
If you need more details, please, share a few code fragments.

Find error number for validation error

I have a table where some fields have a validation rule set, and a validation message.
Data entry is done in a form, and when the data validation rule is broken then the validation error message is displayed in a pop-up. All good so far.
However I then want to have the form text box or combobox for the field that is triggering the validation message be highlighted on the form e.g. with a different background colour.
I assumed I would need to do this in the On Error procedure for the form, and specify the error number. But I have no idea how to find the error number? E.g. this method: How to Change Table Validation Error Message in MS Access
Perhaps I am going about this completely the wrong way and instead of specifying the error messages in the table properties I should be setting up it up with VBA?
V grateful if anyone can point me in the right direction with this as I am still a beginner :)
The error number you seek is 7753 - this is returned by the DataErr (1st argument) of the event procedure for the On Error event.
However, I personally don't like using Validation Rules in Access, and prefer to test the validity of input through VBA as part of the data submission (i.e. when the user clicks on a control to submit their data)
For example, this approach is similar to web forms flagging invalid fields when the form is submitted, as opposed to locking a user into a particular field until valid data has been specified.

what else can i use instead of htp.print and dbms_output on toad for oracle PL/SQL?

At the moment i have htp.print and DBMS_output to show the me the end result of user input. however, htp.print shows the confirmed message on the web browser and my DBMS_output doesn't work for some reason. But what i'm looking for is the confirmation message which will pop up and show to the user. i have tried java script and for some reason that is not working either. below are the syntax.
-- button and input text field
HTP.FORMOPEN ('BANINST1.UAP.P_UNSUSPEND_SEARCH', 'post');
HTP.P ('<input type="text" method="post" name="bannerid" id="bannerid" placeholder="e.g. 000123456" maxlength="9"
autocomplete="off" required>');
HTP.FORMSUBMIT ('', 'Submit', cattributes => 'onclick="confirmMsg()"');
HTP.FORMCLOSE;
-- javascript confirmation message which is not working
htp.p ('<script type="text/javascript">
function confirmMsg() {
var field1 = document.getElementById("bannerid").value;
alert(field1+" has been unsuspended");
}
</script>');
Assuming you are looking for ways to generate log messages from the DB Backend, I see basically 2 ways to achieve this:
(1) Persist your messages to a table inside an autonomous transaction. A complete example can be found here.
(2) If you have access to the DB servers file system, you can also write messages to text files using the UTIL_FILE package.

HTML form submission with special characters

I am trying to submit a form field whose value is Transaction ID - sample . When the date gets submitted the value is Transaction ID ? sample
How do I get rid of the ?
I used HTML special codes for dash/long dash/short dash but still value gets submitted as ?
Please help
The only way to ensure that all input characters get sent correctly is to use UTF-8 character encoding for the form data. This happens automatically if the page containing the form is UTF-8 encoded (and declared to be that); otherwise, use the parameter accept-charset=utf-8 in the form data.
Naturally, you form handler must then be prepared to handling UTF-8 encoded data.