[TYPO3] suggestions on form submit

[Ries van Twisk]

hey,

in typo3 you kost to the system. And when your form is setup correctly
you will find the posted variables back in $this -> pivars['...'];

Then you can do your post processing, accept the values and do  
something with them,
or show the form again and fill in the inputs.

Just make sure you understand how to setup forms and how to
create correct post/get names.

Ries

On Jun 2, 2007, at 6:21 PM, M.Couperus wrote:

> Hello all,
>
> We created a simple extension with kickstarter and added custom  
> code to it.
> Everything seems to work fine except for one detail with which I'm not
> happy. One of our PHP developers decided to submit the form to itself.
> Normally I would post the form to a handler which checks the  
> submitted data
> and then submits this data (if the data adhered to specified rules)  
> to the
> database. As far as I know (in theory) this should be more secure.  
> But how
> to do this?  Personally I'm not that advanced in PHP programming  
> and TYPO3
> and so  I would post to -- for example--  'process.php'. This  
> wouldn't work
> in our case because I want to 'echo' the submitted data again to  
> the user
> without leaving the location in the CMS. In addition it would be  
> vulnerable
> to sql injections because it would be wide open to the internet  
> i.e. (post
> to www.domain.com/process.php)
>
>  So the question: "How to process form data in typo3 effective and  
> secure?"
>
> Thanks in advance.
>
> Regards,
>
> Marco
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english

-- 
Ries van Twisk
Freelance Typo3 Developer
email: ries at vantwisk.nl
web:   http://www.rvantwisk.nl/
skype: callto://r.vantwisk