Home / Section index

www.icosaedro.it

 PHPLint - Web tools - Sticky form

Last updated: 2018-04-16

This tutorial presents the "sticky form" class that allows to build simple, self-contained, event-driven, safe and secure web forms. This class helps implementing the usual "one PHP file per web page" style of developing web sites by taking care to handle secure data storage in the generated page, user's events dispatching to handler methods, and in general giving some defined structure to the code and to the usual input, validation and feedback interaction cycle.

Contents

References

• it\icosaedro\web\Form - Reference for the sticky form class, with source code available, subject of this tutorial.
• Sticky form sample page - Show a sample of all the basic controls available, with source code.
• PHPLint on-line - The PHPLint on-line evaluation tool mask made using the sticky form class. The source code is available from the page itself, menu Code samples → PHPLint on-line.
• PHPLint - A PHP source code validator program. Includes the "standard library" that comes along with several others PHP programming tools of general usage, including the sticky form class itself.

Hello world

A sticky form web page is a single PHP file containing the definition of a class that extends the it\icosaedro\web\Form class. It is mandatory to define the render method that actually displays the page, create and instance of the class, and invoke the request handler method:

<?php
require_once __DIR__ . "/../phplint/stdlib/all.php";
use it\icosaedro\web\Form;

class MyForm extends Form {

	function render()
	{
		header("Content-Type: text/html; charset=UTF-8");
		echo "<html><body>";
		$this->open(); // opens the form element
		echo "Hello, world!";
		$this->close(); // closes the form element
		echo "</body></html>";
	}

}

(new MyForm(FALSE))->processRequest();

It is really important to note that:

• While this web page can be located under the document root of the web server, library files should always be located outside that directory. In our example we assume the PHPLint package (and then its stdlib directory) be located right above the document root, hence the relative path in the require_once statement.
• Including all.php is not mandatory, but it helps a lot. In fact this module in turn loads the class autoloader, the error module (that turns errors into exceptions) and the cast() magic function. These modules make easier to build complex programs, help adding safety, and allow to build sources validable by PHPLint.
• Our form class, here named MyForm, must extend the abstract class Form, so also inheriting all the services it provides. Being Form abstract, it is mandatory to implement its only abstract method render() that creates the web page. This method will be invoked automatically as detailed below.
• Invoking the open() and close() methods is mandatory to put a form element in the page, as this class relies on it to save its state between requests to the same page. The action of the form, in fact, is set to "myself" in order to receive post-backs. Moreover, the close() method saves the status of the form into the page. The code that shows the content of the page can now be added between the open and close methods.
• Finally, the last line of the source code creates an instance of our class and invokes the request handler processRequest() that takes care of all the rest, by invoking the render method and restoring the form state after post-back. Note that the default constructor of the Form class requires a boolean argument: by setting FALSE here we ask to sign only the data stored in the user's page; by setting TRUE we may also ask the data being encrypted. Since there are no secrets nor private data to protect, signing only is just what we need here.

Once invoked from the remote client, our current page does not do very much: it simply displays its greeting message and that is it. To do something a bit more interesting we need to introduce events and controls.

Buttons, anchors and event handlers

To actually perform a post-back, our form needs at least a button or an anchor to submit the form. Adding a button or an anchor is simple as invoking a method:

$this->button("Do Something", "doSomethingEvent", 1, 2, 3);
$this->anchor("Do Something", "doSomethingEvent", 1, 2, 3);

The button() and anchor() methods are inherited from the Form class. What they do is very simple: they display respectively a button and an anchor with caption "Do Something"; if that control is clicked by the user, the specified handler method doSomethingEvent(1,2,3) is invoked with the specified arguments. That handler method can then do something with the form (for example, validating and saving the data on a data base) and then it may re-display the form again by invoking the render method, or it may re-direct the user to some other web page in the usual way. To make things just a little more interesting, the following example also adds two buttons; a feedback about the button that was actually pressed is given on the page:

<?php
require_once __DIR__ . "/../phplint/stdlib/all.php";
use it\icosaedro\web\Form;

class MyForm extends Form {

	private $feedback = "";


	function render()
	{
		header("Content-Type: text/html; charset=UTF-8");
		echo "<html><body>";
		$this->open();
		echo $this->feedback;
		$this->button("Do This", "buttonEvent", "Do this button!");
		$this->button("Do That", "buttonEvent", "Do that button!");
		$this->close();
		echo "</body></html>";
	}

	/**
	 * @param string $msg
	 */
	function buttonEvent($msg)
	{
		$this->feedback = $msg;
		$this->render();
	}

}

(new MyForm(FALSE))->processRequest();

Invokation flow between methods and window.

When the user invokes this page for the first time, here is what happens:

• An object of the MyForm class is created and the request handler is invoked.
• The request handler processRequest() detects the page has been requested for the first time, then it invokes the render() method.
• Our render() method displays the page using the current feedback message: the empty string. Then, two buttons are added and the form is closed. By closing the form with the close() method, the state of the form is saved in the page itself under a specific hidden field; data are compressed, signed and properly encoded. The only data that have to be saved, for now, are the two events related to the buttons, along with the handler methods to invoke and their arguments.
• Now the user looks at the finished page. If he clicks on the first button labeled "Do This", a form submit is performed to our same page.
• The PHP code in our page runs again: a new instance of our MyForm class is created, and the request handler is invoked again. This time, though, the request handler detects a post-back is coming and then decodes and verifies the state of the incoming data. The handler also detects the "Do This" button has been pressed, and then invokes our handler method buttonEvent("Do this button!").
• Our handler method buttonEvent() sets the $feedback private property and then invokes the render() method which, in turn, gives us feedback of which button has been actually pressed.

Note that you may add as many buttons and anchors as you want into the page, and each of these controls may have a distinct handler method, or the same handler method can be used with different parameters as we do in the example above. Generally, handler methods perform some change in the internal state of the form and then invoke the render method again to display the effect. Handler methods may also read data entered by the user through the $_POST[] superglobal variable, as usual. But the sticky form class comes with a complete set of control classes that make things much easier.

Adding sticky controls to the form

Under the it\icosaedro\web\controls are available several classes implementing the usual web controls: text input, check boxes, radio buttons, and so on. Sticky form is aware of their existence and will take care to save, resume and retrieve their current state to and from the form automatically for you. Lets take the Line control, for example. The Line control implements the single line text input box, that is the "<input type=text>" element. In the next example we will add a Line control to our form; feedback about the pressed control is appended to the string currently entered by the user. Not a very exciting example, but it demonstrates that data entered by the user are preserved between pages invocations and that our handler method works as expected:

<?php
require_once __DIR__ . "/../phplint/stdlib/all.php";
use it\icosaedro\web\Form;
use it\icosaedro\web\controls\Line;

class MyForm extends Form {

	/** @var Line */
	private $feedback;

	function __construct()
	{
		parent::__construct(FALSE);
		$this->feedback = new Line($this, "feedback");
	}

	function render()
	{
		header("Content-Type: text/html; charset=UTF-8");
		echo "<html><body>";
		$this->open();
		$this->feedback->render();
		$this->button("Do This", "buttonEvent", "Do this button!");
		$this->button("Do That", "buttonEvent", "Do that button!");
		$this->close();
		echo "</body></html>";
	}

	/**
	 * @param string $msg
	 */
	function buttonEvent($msg)
	{
		$s = $this->feedback->getValue();
		$this->feedback->setValue($msg.$s);
		$this->render();
	}

}

(new MyForm())->processRequest();

The final result will be this masterpiece of web page:

By inspecting the source code, we note that:

• The $feedback private property has been added to hold the Line control.
• A custom constructor has been defined. Our custom constructor must invoke the inherited base constructor first, and then it must create the controls. The controls (our $feedback field, in our example) can be set here to their initial default value, typically empty.
• The render method displays the content of the $feedback control by invoking its render(). If this name now sounds familiar, it is because all controls including the Form itself implement the same base abstract class named Control. In fact a Control is anything that has an internal state to keep between post-backs, it has a method to retrieve the current value from the post-back, and it has a method to render itself into the page. Both Form and Line share that same behavior and then both are controls.
• The handler method buttonEvent() prepends the message specific of the pressed button to the current value entered into the text box, giving feedback that all is working properly.

What happens at runtime is very similar to what happened in the previous example. The only difference is that the request handler invokes the retrieve() method of the Form which, in turn, invokes the retrieve() method on any control contained in it, recursively. In our example there is only one control: it's our $feedback text box. In turn, the retrieve() method of the text box control parses the request and retrieves the value entered by the user.

Save data between post-backs

Two methods, setData() and getData(), give access to the internal storage area of the form. These data are saved along with the state of the form in the page itself, so no session nor cookies are required. Note that the state of the private variables of our object are not saved automatically: you must explicitly save them before leaving the page, and restore them after each post-back. The Form handler provides two event handlers specific for this task: the save() method and the resume() method. The first is invoked by the close() method. As said, there is no need to explicitly save the controls, as each Control already implements its own save/resume methods as needed. It's your own class that might want to save specific custom data. Say for example we have a form to modify a record; we need a way to preserve the record ID between post-backs, so that we may update the proper record ID later when the user finally saves the form contents. To do that we add a private property $record_id and the implementations needed to save and restore its value:

<?php
require_once __DIR__ . "/../phplint/stdlib/all.php";
use it\icosaedro\web\Form;

class RecordForm extends Form {

	/** @var int */
	private $record_id = -1;

	function save()
	{
		parent::save();
		$this->setData("record_id", $this->record_id);
	}

	function resume()
	{
		parent::resume();
		$this->record_id = (int) $this->getData("record_id");
	}

	//...
}

(new RecordForm())->processRequest();

It is very important to note that our implementations MUST invoke the respective base methods parent::... in order to propagate the event to the nested controls. Most controls actually ignore these events as they do not need them, but complex controls and user's panels may fail to work properly and loose their internal state.

Joining pages together

The sticky form provides a very basic but effective tool to give structure to self-contained forms, and it helps building the simplest pages, but joining together several pages in more complex web applications, guiding users through these pages, and passing parameters between them in a safe and secure way requires something else, something that goes beyond the "one PHP file per web page" paradigm and gives a larger view to the application. And it's here that bee tee underscore comes.

→ Continue reading the bt_ tutorial.

Still no comments to this page. Use the Comments link above to add your contribute.