Hi. I am designing a PHP4+MySQL web application. I am using the latest version of PHPLib for authentication, session management, and database abstraction.
My brain gets all mushy when I try to think of the best way to do everything, so I thought I'd ask what other people are doing.
My app is pretty simple, there are various sections and types of data, but there are basically 4 actions for any user: add, modify, delete, or view data.
Let's assume my typical user is an Administrator in the app, so he can do everything (add/mod/del/view). I'm calling my admin pages like this:
http://myserver/myapp/data_admin.php?q=add
Where q is set to the query action (add, mod, del, or view). I'm using a switch() statement in my code to determine the path of execution. However, it is getting quite messy with all the user/form input validation I'm doing on the server side.
My real problem: I need a way to return input validation errors back to the user, but I want them to be highlighted on the form that they already filled at (or listed at the top). There are different levels of forms and they are being included (a la PHPLib templates) as .ihtml so I don't have to edit my code if the UI/layout changes later.
Is there a secure, efficient way of grabbing form input, validating it, catching any errors during validation, and then outputting that back into the same form that the user submitted? Should I be calling my pages differently? Is there a better design than passing the query action via the URL?
Also, has anyone modified PHPLib to work with PEAR? I kind of like PEAR's database abstraction more than PHPLib's, but PHPLib re-uses MySQL connections and session management fails when PEAR is integrated.
Thanks,
omegatron at hush space mail.com
