Jump to:

2011 Posts in 1436 Topics by 620 members

Form Questions

SilverStripe Forums » Form Questions » Best way to handle forms when Form fields don't 1:1 match DataObject fields?

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 326 Views
  • vwd
    Avatar
    Community Member
    158 Posts

    Best way to handle forms when Form fields don't 1:1 match DataObject fields? Link to this post

    Hi,

    Just wondering how I would go about implementing the following functionality with a SilverStripe form:

    • - A form generated & handled by SilverStripe
    • - But some fields contain sensitive information and are not to be written into the DB directly.
    • - This set of sensitive fields are to be combined into a XML file format, encrypted and then stored in a separate (DB) field (either text or DBField blob subclass)

    So a couple of questions:

    • - What is the best way to handle the situation when the Form Fields don't 1:1 match the DataObject fields that I'm saving into?
    • - I understand that most of what I would want to to is the the form action/submit handler and that I won't be simply able to do a $form->saveInto($myDataObject).

    So for example:

    SensitiveData DataObject fields:

    • - Name: Varchar
    • - Email: Varchar
    • - EncryptedData: Text or Blob

    SensitiveDataForm fields:

    • - Name: TextField
    • - Email: EmailField
    • - SensitiveField1: Text
    • - SensitiveField2: Text
    • - SensitiveField3: Int

    Could I:

    • - In my submit handler, first call saveInto(….)
    • - Then go through process/encrypt SenstiveFields and manually save into the SensitveData->EncryptedData?

    Eg.

       <?php
       class SensitiveDataForm_Controller extends Page_Controller {
          // ...
          function doSubmitJob($data, $form) {
             $sensData = new SensitiveData();   // Sensitive
             $form->saveInto($sensData);
             $sensData->EncryptedData = encryptSensitiveFormFields($form);   // some function that processes & encrypts the appropriate form fields
             $sensData->write();
             // … continue on with form submit handler processing
          }
       }

    Is this the best way to go about what I'm trying to achieve? Does DataObject->write() properly escape all the data for SQL-injection etc?

    Thanks.
    VWD

  • Willr
    Avatar
    Forum Moderator
    5508 Posts

    Re: Best way to handle forms when Form fields don't 1:1 match DataObject fields? Link to this post

    Yes that would be the way to go about it. DataObject::write() won't escape the data in the database, however SilverStripe will escape the data if you use it in any filter() or exclude() methods.

    326 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.