Hi,
Just wondering how I would go about implementing the following functionality with a SilverStripe form:
- - A form generated & handled by SilverStripe
- - But some fields contain sensitive information and are not to be written into the DB directly.
- - This set of sensitive fields are to be combined into a XML file format, encrypted and then stored in a separate (DB) field (either text or DBField blob subclass)
So a couple of questions:
- - What is the best way to handle the situation when the Form Fields don't 1:1 match the DataObject fields that I'm saving into?
- - I understand that most of what I would want to to is the the form action/submit handler and that I won't be simply able to do a $form->saveInto($myDataObject).
So for example:
SensitiveData DataObject fields:
- - Name: Varchar
- - Email: Varchar
- - EncryptedData: Text or Blob
SensitiveDataForm fields:
- - Name: TextField
- - Email: EmailField
- - SensitiveField1: Text
- - SensitiveField2: Text
- - SensitiveField3: Int
Could I:
- - In my submit handler, first call saveInto(….)
- - Then go through process/encrypt SenstiveFields and manually save into the SensitveData->EncryptedData?
Eg.
<?php
class SensitiveDataForm_Controller extends Page_Controller {
// ...
function doSubmitJob($data, $form) {
$sensData = new SensitiveData(); // Sensitive
$form->saveInto($sensData);
$sensData->EncryptedData = encryptSensitiveFormFields($form); // some function that processes & encrypts the appropriate form fields
$sensData->write();
// … continue on with form submit handler processing
}
}
Is this the best way to go about what I'm trying to achieve? Does DataObject->write() properly escape all the data for SQL-injection etc?
Thanks.
VWD