I have few checkboxes in my template whos value is the id of database row. I am using AJAX to post these values back and forth.
{% for item in sale_order_items %}
<tr>
<td class="text-center">
<input type="checkbox" name="saleorderitem" value="{{item.id}}">
</td>
</tr>
item.id for instance renders to 1. Now what if the user changes the value from 1 to 2 in browser using "inspect" and submits the form. what can I do at the frontend or django backend to prevent this and check if the user is submitting the same values as intended?
This depends on many different things but to take you back to the basics: When you create a function in order to bulletproof it out of any errors you use type and value checks.
I would think the best approach to this is to add some back-end checks. The form values returned would have to adhere a set of rule such as a value threshold. If the value returned is beyond that threshold then that would mean that something has changed in the HTML.
You add a check if it fails then the back-end would return an error. In collaboration with front-end you refresh the page and return an error message. It might be really terrible UX but an average end user would never change values using their inspector.
The other alternative is to use javascript to detect any kind of HTML/DOM mutations or changes which I would advice against. Having values to be checked against specific criteria (using the back-end) is best as it foolproofs info passed on to your server against any change.
I found a solution, in this scenario django session variable can be used to store data between requests. When I load the form, I set the session variable to the required values, then on form submission, I check the submitted values with the values in session variable. And it works.
i made multiple steps form that the user needs to fill all of them
1st Form (personal details)
2nd Form (education details)
and both action pointed to one servlet which is SaveServlet
can any one of you help me on how to make the second servlet saved in the database? so far i tried only the first form managed to be saved in the database..
i also tried using one servlet for one form and both form were saved into the database but i dont know how to pass the id from the first form into the second form hence im trying to do multiple form in one servlet so that the id would be the same
At the time of 1st Form submitted, do 3 things,
1) Persist data in DB.
2) Set attributes in session and redirect to same JSP.
3) Make a hidden input parameter in 2nd form with the value of ID from 1st form. data-attributes can also be used in this case.
Now you have ID from 1st form to be used when 2nd form is submitted.
I guess you can use ajax for handling multiple forms.
I have a table where some fields have a validation rule set, and a validation message.
Data entry is done in a form, and when the data validation rule is broken then the validation error message is displayed in a pop-up. All good so far.
However I then want to have the form text box or combobox for the field that is triggering the validation message be highlighted on the form e.g. with a different background colour.
I assumed I would need to do this in the On Error procedure for the form, and specify the error number. But I have no idea how to find the error number? E.g. this method: How to Change Table Validation Error Message in MS Access
Perhaps I am going about this completely the wrong way and instead of specifying the error messages in the table properties I should be setting up it up with VBA?
V grateful if anyone can point me in the right direction with this as I am still a beginner :)
The error number you seek is 7753 - this is returned by the DataErr (1st argument) of the event procedure for the On Error event.
However, I personally don't like using Validation Rules in Access, and prefer to test the validity of input through VBA as part of the data submission (i.e. when the user clicks on a control to submit their data)
For example, this approach is similar to web forms flagging invalid fields when the form is submitted, as opposed to locking a user into a particular field until valid data has been specified.
I have the following workflow on a website:
Some user John Doe declares a company through form 1
(fields: name, head office location)
After John Doe submits (HTTP POST) form 1, he is redirected (HTTP 302) to company form 2 with additional legal information about the company.
The problem is, if John Doe hits the back button of his browser during step 2, he will land on the form 1, with data filled by the browser (using values he already submitted — that's what Firefox and major browsers seem to do).
John Doe might then think he can use this form to update some information (e.g. fix a typo in the name of the company) whereas he will actually create a new company doing so, as we don't know on the server side whether he wants to declare a new company or update the one he just created.
Do you know any simple solution to handle that problem ?
Use javascript/jquery script after the page is loaded to empty all the inputs. This will prevent confusion of "updating the company".
jQuery would look something like this:
$('#elementID').val('');
You can also handle the situation by manipulating the browser history
on load of form 2, and pass the CompanyId generated on submit of form 1 using querystring. So that you can actually update the company as the user
Suppose John submits form1.html, a unique CompanyId "1001" is generated and redirected to form2.html. Now on load of form2 you can modify the browser history form1.html?companyid=1001 using
var stateObj = { foo: "bar" };
history.pushState(stateObj, "page 1", "form1.html?companyid=1001");
Now, when the user click back button and submits the form1 again. you can check for companyid in querystring and update the company.
I think it is more user-friendly when user can return back to previous form and update it (instead preventing the described behavior).
I use in most cases similar way to handle described problem:
Let's assume that user is on the page /some-page, that contains "Create new company" button.
When the user opens this page, will be executed special method createOrFindCompanyDraft() on the server-side. This method creates new company "draft" record in DB (only for the current user). For example, draft record has primary key id=473. When you execute this method again it will return the same record with the id=473 (with "draft" status). "Draft" record should't display on any other interfaces.
And "Create new company" has link /company/common/473.
When user go to /company/common/473, you display form 1, that will be filled from "draft" record. At first time user will see empty form.
Technically user will update the existing record, but you can display "Create new company" title on the page.
Then user go to form 2, for example, /company/legal-info/473, you create similar draft record for the this form (similar to step 1).
When user submit the form 2, you will remove "draft" status from the record id=473 (and any related records).
Next time when user open page /some-page, will be created new draft record for the current user.
Browser history will contain:
/some-page
/company/common/473
/company/legal-info/473
/some-page2
I like this approach, because all form only update records. You can go to previous/next form many times (for example "Back"/"Forward" browser buttons). You can close browser, and open not completed forms tomorrow. This way doesn't require any additional manipulation with the browser history.
try this
<form autocomplete="off" ...></form>
And Another
Use temporary tables or session to store the Page 1 form data. If the page 2 form is submitted use the temporary data of page 1 which is stored in database or in session.
Use a Separate key (Hidden field ) in both page 1 and page 2.
Actually I thought of a trick to obtain that "create on first post, update after" behavior (just like the user thinks it should behave).
Let's say the step 1 form is at the URL /create_company/. Then I could have that page generate a random code XXX and redirect to /create_company/?token=XXX. When I create the company I save the information that it was created through page with token XXX (for instance, I save it in user's session as we don't need to keep that information forever) and when the form is submitted, if I know that a company was already generated using this token, I know the user used the same form instance and must have used the back button since the token would be different if he explicitly asked for another company.
What do you think ? (I initially thought there should be a simpler solution, as this seems a little bit over-engineered for such a simple issue)
This is more like a UX question.
I'd think that the solution lies within the information given to the user on that form, to help them understand what they're doing.
Set a title that says 'Create a company', for example, and set your submit button as 'Create Company' will help your user with that. Use a unique id when you create the company object, and pass the id back to the same URL in order to perform an update. You should then update your title and button that tells user that they are updating instead of creating.
In that sense I'd say it's better to use a more generic URL like /company and /company?id=12345.
You could also consider using Restful API protocol to help your server identifies the CRUD operation. http://www.restapitutorial.com/lessons/httpmethods.html
Without the "routing" part of django it is hard to help. I can just answer my experience from the express.js-router functionality:
you can specify a post on /company, which is for new users.
you can specify another route for post on /company/:companyid for a changing form
and as a response from the create-post you can redirect to the different location.
I have a form in which we are showing customer records in a grid.User clicks a row, and in a new form record is shown.After editing some values, user may click cancel. if so, in grid we need to return to original values.
How can I restore the original state of the entity.We are using linq-to-sql, and grid is bounded to List.One way I see is,using getoriginalentitystate method.
If a user cancels a process, no change is made at the Database and the control reverts back to the pre-action state. This is a normal and built-in behaviour.
In case, if this is not happening, try rebinding List to it's DataSource, like
myList.Databind()
As the user is entering data in the form, the values should be stored in your UI layer (not written to your "database"). The data in the form is held there temporarily until the user clicks 'OK'/commit. If the user clicks 'cancel' the form is simply discarded and not written to the database.
Until the user hits 'OK', the original data is still in the database. You can get the original values there.