Re: create_from_cgi question

[prev] [thread] [next] [Date index for 2004/06/02]

On Wed, Jun 02, 2004 at 09:10:27AM +0100, Tony Bowden wrote:
> On Tue, Jun 01, 2004 at 10:54:10AM -0400, Jesse Sheidlower wrote:
> > Since then I've been wondering, though, why it is that on a
> > create, "If this fails, $obj will be a defined object,
> > containting [sic] the errors, as with an update, but will not
> > contain the values submitted". I'd think that it would be
> > pretty critical for it to contain the values submitted, so
> > that in a typical application you could re-fill the form based
> > on what was submitted and give the errors so the user knows
> > what to change.
> 
> It's only really an object to maintain consistency of the error
> reporting. If the untainting has failed, then the object isn't well
> defined. And if the values don't untaint properly, then you certainly
> don't want to be using them...

But that's an explanation of the programming side of things, not
the functionality. I would still think that an end-user, having
filled out a page-long form and typoed one field, would not like
to get a message saying "email does not untaint with specified
pattern," and then have to re-fill the entire form, with an
explanation about the nature of the underlying object. So what
can we do as programmers to make this work for FromCGI in a
way that the end-user will expect?

Jesse Sheidlower