Geek Answers Handbook

Magento Server Side Form Validation

Is there any server side check in magento? I created from and using the magenta form validation, but this will not work if someone disables javascipt and enters something that could be harmful. if there is no built-in class for this. can someone point me in the direction of how to implement server side validation as a backup. here is my my code for the form

<div style="border:0px solid red; margin:0px auto;"> <?php $_product = $this->getProduct(); ?> <form id="test" action="<?php echo Mage::getUrl('pricenotify/pricenotify/db') ?>" method="post"> <label for="price">Price *</label> <input type="text" id="price" name="price" value="" class="required-entry validate-number"/><br /> <label for="email">Email Address *</label> <input type="text" id="email" name="email" value="" class="required-entry validate-email"/> <input type="hidden" id="id" name="id" value="<?php echo $_product->getId() ?>" /> <input type="hidden" id="propri" name="propri" value="<?php echo $_product->getPrice() ?>" /> <input type="submit" name="submit" value="<?php echo $this->__('Submit') ?>" onclick="if(customForm.validator && customForm.validator.validate()) this.form.request(); return false;" /> </form> <script type="text/javascript"> //< ![CDATA[ var customForm = new VarienForm('test',false); //]]> </script>

+4
source share
3 answers

If you want to keep it simple, you can perform a check in your controller

 try { $postObject = new Varien_Object(); $postObject->setData($post); $error = false; if (!Zend_Validate::is($postObject->getPrice(), 'NotEmpty')) { $error = true; } if (!Zend_Validate::is($postObject->getEmail(), 'EmailAddress')) { $error = true; } if ($error) { throw new Exception(); } //save to db return; } catch (Exception $e) { Mage::getSingleton('customer/session')->addError(Mage::helper('pricenotify')->__('Unable to submit your request. Please, try again later')); $this->_redirect('/'); return; }

Zend_Validate: http://files.zend.com/help/Zend-Framework/zend.validate.html

+8
source

Yes, Magento has server side validation for some forms. However, the module that added the form is responsible for checking it - therefore, if you are dealing with third-party code, such as a plug-in, it may be missing.

Typically, the verification code contains part of the module model. For example, in the Magento built-in analysis function, when submitting a review form, its data is checked by the validate() function in the file /app/code/core/Mage/Review/Model/Review.php . I would start by looking at this code and the code in existing Mage / Core modules for examples.

In the situation you give, the usual place for the validation logic would be /app/code/local/YourCompany/PriceNotify/Model/Pricenotify.php

+3
source

Magento uses a prototype to validate forms. To implement this check, simply add the required-entry to your input tag.

-4
source

More articles:


All Articles