[Zope] Problem with Zclass Property Sheet
Dylan Reinhardt
zope@dylanreinhardt.com
Thu, 30 Jan 2003 12:08:36 -0800
At 11:15 AM 1/30/2003, Jochen Haeberle wrote:
>as to 1) I guess you used a checkbox to represent yor boolean property??
>If so, those beasts are a little nasty to handle.
>If you uncheck a checkbox in a HTML from, it means that the value will not
>be posted to the recieving action at all!
That's true, and having this problem strongly suggests the original poster
is not doing any input validation.
Server-side input validation should be considered a baseline requirement in
any non-trivial project. That goes double for any user-supplied data that
gets supplied to a SQL database.
At a minimum, validation should consist of iterating over a list of
*expected* fields, not the list of fields that are posted to REQUEST.form.
Assuming you're now working with *expected* fields, you extract the posted
value with REQUEST.get(field_name, default_value) where default_value is
the appropriate value for the condition where the field is not found.
For checkboxes, that "not found" value should map to what value you
associate with "not checked", i.e., 0.
FWIW,
Dylan