Issues

ZF-11709: $request->isPost($formName) to check for submitted form

Issue Type: Improvement Created: 2011-08-30T17:56:13.000+0000 Last Updated: 2012-03-06T14:26:53.000+0000 Status: Resolved Fix version(s): Reporter: Duccio Gasparri (duccio@citta.bo.it) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Controller

  • Zend_Form

Related issues: Attachments:

Description

I see in all the examples

<pre class="highlight">
class SomeController {
function someAction()
{
    $request = $this->getRequest();
    $form = new CustomForm();
    if($request->isPost()) {
        $form->populate($request->getPost());
        .... do stuff here
    }
    $this->view->form = $form;
}
}

This works fine all the times... almost.

If there's a _forward to someAction by another controller/action that received a POST as well (for example, a login controller/action), the someAction processes the original form, not its own form. It would be handy (and good practice) to actually check if the processed form is indeed the intended form.

Form name is not trasmitted over POST, but we can anyway have Zend_Controller_Request_Http::isPost() check for some hidden field of specific name:

<pre class="highlight">
    /**
     * Was the request made by POST?
     * 
     * @param string|bool $fieldName
     * @return boolean
     */
    public function isPost($requiredField = false)
    {
        if ('POST' != $this->getMethod())
            return false;
             
        if($requiredField === false)
            return true;

        return $this->__isset($requiredField);
      
    }

so a simple if($this->getRequest()->isPost('someform')) would do the trick. Of course it is up to the form creator to identify a form field (hidden input, submit button name, or similar) that is unique to that form.

The same purpose could be achieved with more precision by creating a specific form element (hidden input text) reporting the (md5?) form class name.

Comments

Posted by Adam Lundrigan (adamlundrigan) on 2012-03-05T23:30:47.000+0000

IMO, this (determining whether the right fields were submitted) is part of form validation and should be the responsibility of the application, not the framework.

Posted by Matthew Weier O'Phinney (matthew) on 2012-03-06T14:26:42.000+0000

I concur with Adam. If there's a possibility of multiple forms, or forms targeted at different actions of the same request, you should be namespacing them -- usually this is done by grouping all fields of a form under the form's name ("login[user]", "login[password]" vs "comment[subject]", "comment[body]"). This is logic that you as a developer need to perform -- not the framework (though the framework enables this practice in Zend_Form).

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts