- Can I use Formitable with Smarty or another templating system?
- How do I set the default value for a form field?
- My form is failing when I submit it, how can I find out why?
- How can I make my form more secure?
- How do I use field validation?
- How do I use encryption with my form?
- What is a form signature?
- What is the "formitable_setcheck" field that is output with my form?
Can I use Formitable with Smarty or another templating system? Yes. Set the returnOutput attribute to true and expect returned values from the methods openForm, printField, closeForm, printForm, and submitForm. You can assign those values to variables then include them in your template.
How do I set the default value for a form field? Use setDefaultValue to set a value for any field in the form. To set multiple values for the set type use a comma seperated list of values (e.g. "value1,value2,value3".) setDefaultValue can also be used to set a value for a retrieved record, thereby overriding the value that is stored in the db.
My form is failing when I submit it, how can I find out why? Set the mysql_errors attribute to true to see why the MySQL query failed.
How can I make my form more secure? You should never trust data submitted from the browser. To make your form more secure use field validation and encryption.
How do I use field validation? Use registerValidation and validateField to validate input using regular expressions. If regular expressions are not enough you can use registerCallback to run a function against the field and cause the validation to fail for any reason you see fit.
How do I use encryption with my form? You should use encryption to provide an additional layer of security to your form. The first layer is field validation. When you set a password with setEncryptionKey it allows Formitable to encrypt hidden inputs (including the primary key when updating a record) and output a form signature to prevent tampering with the form.
What's a form signature? A form signature is an encrypted record of what fields were output when the form was created. The signature is checked when the form is submitted to ensure that no fields were added or removed from the form. If a field was added it is simply skipped. If a field was removed then it is reset with an empty value and included in the MySQL query. This adds an extra layer of security to public facing forms. A form signature is only used by Formitable when encryption is enabled.
What is the hidden input "formitable_setcheck" that is output with my form? This input catches a set of checkboxes or a multiselect input that is left empty so the record can be update correctly with a SQL query. This field is only output when encryption isn't enabled. When encryption is enabled this check is done using the form signature.