User Information
Please fill out the following information:
Your full name:
Your email address:
Choose a password:
Please confirm it:
Your home zipcode:
Then, all we need to do add the "template" option, and the rest of the
code stays the same:
my $form = CGI::FormBuilder->new(
fields => \@fields,
header => 1,
validate => {
name => 'NAME',
email => 'EMAIL'
},
template => 'userinfo.tmpl'
);
So, our complete code thus far looks like this:
use CGI::FormBuilder;
my @fields = qw(name email password confirm_password zipcode);
my $form = CGI::FormBuilder->new(
fields => \@fields,
header => 1,
validate => {
name => 'NAME',
email => 'EMAIL'
},
template => 'userinfo.tmpl',
);
if ($form->submitted && $form->validate) {
# form was good, let's update database
my $fields = $form->field;
# update database (you write this part)
do_data_update($fields);
# print confirmation screen
print $form->confirm;
} else {
# print the form for them to fill out
print $form->render;
}
You may be surprised to learn that for many applications, the above is
probably all you'll need. Just fill in the parts that affect what you
want to do (like the database code), and you're on your way.
Note: If you are confused at all by the backslashes you see in front of
some data pieces above, such as "\@fields", skip down to the brief
section entitled "REFERENCES" at the bottom of this document (it's
short).
METHODS
This documentation is very extensive, but can be a bit dizzying due to
the enormous number of options that let you tweak just about anything.
As such, I recommend that you stop and visit:
www.formbuilder.org
And click on "Tutorials" and "Examples". Then, use the following
section as a reference later on.
new()
This method creates a new $form object, which you then use to generate
and process your form. In the very shortest version, you can just
specify a list of fields for your form:
my $form = CGI::FormBuilder->new(
fields => [qw(first_name birthday favorite_car)]
);
As of 3.02:
my $form = CGI::FormBuilder->new(
source => 'myform.conf' # form and field options
);
For details on the external file format, see
CGI::FormBuilder::Source::File.
Any of the options below, in addition to being specified to new(), can
also be manipulated directly with a method of the same name. For
example, to change the "header" and "stylesheet" options, either of
these works:
# Way 1
my $form = CGI::FormBuilder->new(
fields => \@fields,
header => 1,
stylesheet => '/path/to/style.css',
);
# Way 2
my $form = CGI::FormBuilder->new(
fields => \@fields
);
$form->header(1);
$form->stylesheet('/path/to/style.css');
The second form is useful if you want to wrap certain options in
conditionals:
if ($have_template) {
$form->header(0);
$form->template('template.tmpl');
} else {
$form->header(1);
$form->stylesheet('/path/to/style.css');
}
The following is a description of each option, in alphabetical order:
action => $script
What script to point the form to. Defaults to itself, which is the
recommended setting.
body => \%attr
This takes a hashref of attributes that will be stuck in the
"" tag verbatim (for example, bgcolor, alink, etc). See the
"fieldattr" tag for more details, and also the "template" option.
charset
This forcibly overrides the charset. Better handled by loading an
appropriate "messages" module, which will set this for you. See
CGI::FormBuilder::Messages for more details.
debug => 0 | 1 | 2 | 3
If set to 1, the module spits copious debugging info to STDERR. If
set to 2, it spits out even more gunk. 3 is too much. Defaults to
0.
fields => \@array | \%hash
As shown above, the "fields" option takes an arrayref of fields to
use in the form. The fields will be printed out in the same order
they are specified. This option is needed if you expect your form
to have any fields, and is the central option to FormBuilder.
You can also specify a hashref of key/value pairs. The advantage is
you can then bypass the "values" option. However, the big
disadvantage is you cannot control the order of the fields. This is
ok if you're using a template, but in real-life it turns out that
passing a hashref to "fields" is not very useful.
fieldtype => 'type'
This can be used to set the default type for all fields in the
form. You can then override it on a per-field basis using the
field() method.
fieldattr => \%attr
This option allows you to specify any HTML attribute and have it be
the default for all fields. This used to be good for stylesheets,
but now that there is a "stylesheet" option, this is fairly
useless.
fieldsets => \@attr
This allows you to define fieldsets for your form. Fieldsets are
used to group fields together. Fields are rendered in order, inside
the fieldset they belong to. If a field does not have a fieldset,
it is appended to the end of the form.
To use fieldsets, specify an arrayref of "" names:
fieldsets => [qw(account preferences contacts)]
You can get a different "" tag if you specify a nested
arrayref:
fieldsets => [
[ account => 'Account Information' ],
[ preferences => 'Website Preferences' ],
[ contacts => 'Email and Phone Numbers' ],
]
If you're using the source file, that looks like this:
fieldsets: account=Account Information,preferences=...
Then, for each field, specify which fieldset it belongs to:
$form->field(name => 'first_name', fieldset => 'account');
$form->field(name => 'last_name', fieldset => 'account');
$form->field(name => 'email_me', fieldset => 'preferences');
$form->field(name => 'home_phone', fieldset => 'contacts');
$form->field(name => 'work_phone', fieldset => 'contacts');
You can also automatically create a new "fieldset" on the fly by
specifying a new one:
$form->field(name => 'remember_me', fieldset => 'advanced');
To set the "" in this case, you have two options. First,
you can just choose a more readable "fieldset" name:
$form->field(name => 'remember_me',
fieldset => 'Advanced');
Or, you can change the name using the "fieldset" accessor:
$form->fieldset(advanced => 'Advanced Options');
Note that fieldsets without fields are silently ignored, so you can
also just specify a huge list of possible fieldsets to new(), and
then only add fields as you need them.
fieldsubs => 0 | 1
This allows autoloading of field names so you can directly access
them as:
$form->$fieldname(opt => 'val');
Instead of:
$form->field(name => $fieldname, opt => 'val');
Warning: If present, it will hide any attributes of the same name.
For example, if you define "name" field, you won't be able to
change your form's name dynamically. Also, you cannot use this
format to create new fields. Use with caution.
font => $font | \%attr
The font face to use for the form. This is output as a series of
"" tags for old browser compatibility, and will properly nest
them in all of the table elements. If you specify a hashref instead
of just a font name, then each key/value pair will be taken as part
of the "" tag:
font => {face => 'verdana', size => '-1', color => 'gray'}
The above becomes:
I used to use this all the time, but the "stylesheet" option is SO
MUCH BETTER. Trust me, take a day and learn the basics of CSS, it's
totally worth it.
header => 0 | 1
If set to 1, a valid "Content-type" header will be printed out,
along with a whole bunch of HTML "" code, a "" tag,
and so on. This defaults to 0, since often people end up using
templates or embedding forms in other HTML.
javascript => 0 | 1
If set to 1, JavaScript is generated in addition to HTML, the
default setting.
jserror => 'function_name'
If specified, this will get called instead of the standard JS
alert() function on error. The function signature is:
function_name(form, invalid, alertstr, invalid_fields)
The function can be named anything you like. A simple one might
look like this:
my $form = CGI::FormBuilder->new(
jserror => 'field_errors',
jshead => <<'EOJS',
function field_errors(form, invalid, alertstr, invalid_fields) {
// first reset all fields
for (var i=0; i < form.elements.length; i++) {
form.elements[i].className = 'normal_field';
}
// now attach a special style class to highlight the field
for (var i=0; i < invalid_fields.length; i++) {
form.elements[invalid_fields[i]].className = 'invalid_field';
}
alert(alertstr);
return false;
}
EOJS
);
Note that it should return false to prevent form submission.
This can be used in conjunction with "jsfunc", which can add
additional manual validations before "jserror" is called.
jsfunc => $jscode
This is verbatim JavaScript that will go into the "validate"
JavaScript function. It is useful for adding your own validation
code, while still getting all the automatic hooks. If something
fails, you should do two things:
1. append to the JavaScript string "alertstr"
2. increment the JavaScript number "invalid"
For example:
my $jsfunc = <<'EOJS'; # note single quote (see Hint)
if (form.password.value == 'password') {
alertstr += "Moron, you can't use 'password' for your password!\\n";
invalid++;
}
EOJS
my $form = CGI::FormBuilder->new(... jsfunc => $jsfunc);
Then, this code will be automatically called when form validation
is invoked. I find this option can be incredibly useful. Most
often, I use it to bypass validation on certain submit modes. The
submit button that was clicked is "form._submit.value":
my $jsfunc = <<'EOJS'; # note single quotes (see Hint)
if (form._submit.value == 'Delete') {
if (confirm("Really DELETE this entry?")) return true;
return false;
} else if (form._submit.value == 'Cancel') {
// skip validation since we're cancelling
return true;
}
EOJS
Hint: To prevent accidental expansion of embedding strings and
escapes, you should put your "HERE" string in single quotes, as
shown above.
jshead => $jscode
If using JavaScript, you can also specify some JavaScript code that
will be included verbatim in the section of the document.
I'm not very fond of this one, what you probably want is the
previous option.
keepextras => 0 | 1 | \@array
If set to 1, then extra parameters not set in your fields
declaration will be kept as hidden fields in the form. However, you
will need to use cgi_param(), NOT field(), to access the values.
This is useful if you want to keep some extra parameters like mode
or company available but not have them be valid form fields:
keepextras => 1
That will preserve any extra params. You can also specify an
arrayref, in which case only params in that list will be preserved.
For example:
keepextras => [qw(mode company)]
Will only preserve the params "mode" and "company". Again, to
access them:
my $mode = $form->cgi_param('mode');
$form->cgi_param(name => 'mode', value => 'relogin');
See "CGI.pm" for details on param() usage.
labels => \%hash
Like "values", this is a list of key/value pairs where the keys are
the names of "fields" specified above. By default, FormBuilder does
some snazzy case and character conversion to create pretty labels
for you. However, if you want to explicitly name your fields, use
this option.
For example:
my $form = CGI::FormBuilder->new(
fields => [qw(name email)],
labels => {
name => 'Your Full Name',
email => 'Primary Email Address'
}
);
Usually you'll find that if you're contemplating this option what
you really want is a template.
lalign => 'left' | 'right' | 'center'
A legacy shortcut for:
th => { align => 'left' }
Even better, use the "stylesheet" option and tweak the ".fb_label"
class. Either way, don't use this.
lang
This forcibly overrides the lang. Better handled by loading an
appropriate "messages" module, which will set this for you. See
CGI::FormBuilder::Messages for more details.
method => 'post' | 'get'
The type of CGI method to use, either "post" or "get". Defaults to
"get" if nothing is specified. Note that for forms that cause
changes on the server, such as database inserts, you should use the
"post" method.
messages => 'auto' | $file | \%hash | $locale
This option overrides the default FormBuilder messages in order to
provide multilingual locale support (or just different text for the
picky ones). For details on this option, please refer to
CGI::FormBuilder::Messages.
name => $string
This names the form. It is optional, but when used, it renames
several key variables and functions according to the name of the
form. In addition, it also adds the following "" tags to each
row of the table:
Label
Error
These changes allow you to (a) use multiple forms in a sequential
application and/or (b) display multiple forms inline in one
document. If you're trying to build a complex multi-form app and
are having problems, try naming your forms.
options => \%hash
This is one of several meta-options that allows you to specify
stuff for multiple fields at once:
my $form = CGI::FormBuilder->new(
fields => [qw(part_number department in_stock)],
options => {
department => [qw(hardware software)],
in_stock => [qw(yes no)],
}
);
This has the same effect as using field() for the "department" and
"in_stock" fields to set options individually.
params => $object
This specifies an object from which the parameters should be
derived. The object must have a param() method which will return
values for each parameter by name. By default a CGI object will be
automatically created and used.
However, you will want to specify this if you're using "mod_perl":
use Apache::Request;
use CGI::FormBuilder;
sub handler {
my $r = Apache::Request->new(shift);
my $form = CGI::FormBuilder->new(... params => $r);
print $form->render;
}
Or, if you need to initialize a "CGI.pm" object separately and are
using a "post" form method:
use CGI;
use CGI::FormBuilder;
my $q = new CGI;
my $form = CGI::FormBuilder->new(... params => $q);
Usually you don't need to do this, unless you need to access other
parameters outside of FormBuilder's control.
required => \@array | 'ALL' | 'NONE'
This is a list of those values that are required to be filled in.
Those fields named must be included by the user. If the "required"
option is not specified, by default any fields named in "validate"
will be required.
In addition, the "required" option also takes two other settings,
the strings "ALL" and "NONE". If you specify "ALL", then all fields
are required. If you specify "NONE", then none of them are in spite
of what may be set via the "validate" option.
This is useful if you have fields that are optional, but that you
want to be validated if filled in:
my $form = CGI::FormBuilder->new(
fields => qw[/name email/],
validate => { email => 'EMAIL' },
required => 'NONE'
);
This would make the "email" field optional, but if filled in then
it would have to match the "EMAIL" pattern.
In addition, it is very important to note that if the "required"
and "validate" options are specified, then they are taken as an
intersection. That is, only those fields specified as "required"
must be filled in, and the rest are optional. For example:
my $form = CGI::FormBuilder->new(
fields => qw[/name email/],
validate => { email => 'EMAIL' },
required => [qw(name)]
);
This would make the "name" field mandatory, but the "email" field
optional. However, if "email" is filled in, then it must match the
builtin "EMAIL" pattern.
reset => 0 | 1 | $string
If set to 0, then the "Reset" button is not printed. If set to
text, then that will be printed out as the reset button. Defaults
to printing out a button that says "Reset".
selectnum => $threshold
This detects how FormBuilder's auto-type generation works. If a
given field has options, then it will be a radio group by default.
However, if more than "selectnum" options are present, then it will
become a select list. The default is 5 or more options. For
example:
# This will be a radio group
my @opt = qw(Yes No);
$form->field(name => 'answer', options => \@opt);
# However, this will be a select list
my @states = qw(AK CA FL NY TX);
$form->field(name => 'state', options => \@states);
# Single items are checkboxes (allows unselect)
$form->field(name => 'answer', options => ['Yes']);
There is no threshold for checkboxes since, if you think about it,
they are really a multi-radio select group. As such, a radio group
becomes a checkbox group if the "multiple" option is specified and
the field has less than "selectnum" options. Got it?
smartness => 0 | 1 | 2
By default CGI::FormBuilder tries to be pretty smart for you, like
figuring out the types of fields based on their names and number of
options. If you don't want this behavior at all, set "smartness" to
0. If you want it to be really smart, like figuring out what type
of validation routines to use for you, set it to 2. It defaults to
1.
sortopts => BUILTIN | 1 | \&sub
If specified to new(), this has the same effect as the same-named
option to field(), only it applies to all fields.
source => $filename
You can use this option to initialize FormBuilder from an external
configuration file. This allows you to separate your field code
from your form layout, which is pretty cool. See
CGI::FormBuilder::Source::File for details on the format of the
external file.
static => 0 | 1 | 2
If set to 1, then the form will be output with static hidden
fields. If set to 2, then in addition fields without values will
be omitted. Defaults to 0.
sticky => 0 | 1
Determines whether or not form values should be sticky across
submissions. This defaults to 1, meaning values are sticky.
However, you may want to set it to 0 if you have a form which does
something like adding parts to a database. See the "EXAMPLES"
section for a good example.
submit => 0 | 1 | $string | \@array
If set to 0, then the "Submit" button is not printed. It defaults
to creating a button that says "Submit" verbatim. If given an
argument, then that argument becomes the text to show. For example:
print $form->render(submit => 'Do Lookup');
Would make it so the submit button says "Do Lookup" on it.
If you pass an arrayref of multiple values, you get a key benefit.
This will create multiple submit buttons, each with a different
value. In addition, though, when submitted only the one that was
clicked will be sent across CGI via some JavaScript tricks. So
this:
print $form->render(submit => ['Add A Gift', 'No Thank You']);
Would create two submit buttons. Clicking on either would submit
the form, but you would be able to see which one was submitted via
the submitted() function:
my $clicked = $form->submitted;
So if the user clicked "Add A Gift" then that is what would end up
in the variable $clicked above. This allows nice conditionality:
if ($form->submitted eq 'Add A Gift') {
# show the gift selection screen
} elsif ($form->submitted eq 'No Thank You')
# just process the form
}
See the "EXAMPLES" section for more details.
styleclass => $string
The string to use as the "style" name, if the following option is
enabled.
stylesheet => 0 | 1 | $path
This option turns on stylesheets in the HTML output by FormBuilder.
Each element is printed with the "class" of "styleclass" ("fb" by
default). It is up to you to provide the actual style definitions.
If you provide a $path rather than just a 1/0 toggle, then that
$path will be included in a "
" tag as well.
The following tags are created by this option:
${styleclass} top-level table/form class
${styleclass}_required labels for fields that are required
${styleclass}_invalid any fields that failed validate()
If you're contemplating stylesheets, the best thing is to just turn
this option on, then see what's spit out.
See the section on "STYLESHEETS" for more details on FormBuilder
style sheets.
table => 0 | 1 | \%tabletags
By default FormBuilder decides how to layout the form based on the
number of fields, values, etc. You can force it into a table by
specifying 1, or force it out of one with 0.
If you specify a hashref instead, then these will be used to create
the "
" tag. For example, to create a table with no
cellpadding or cellspacing, use:
table => {cellpadding => 0, cellspacing => 0}
Also, you can specify options to the "" and " " elements as
well in the same fashion.
template => $filename | \%hash | \&sub | $object
This points to a filename that contains an "HTML::Template"
compatible template to use to layout the HTML. You can also specify
the "template" option as a reference to a hash, allowing you to
further customize the template processing options, or use other
template engines.
If "template" points to a sub reference, that routine is called and
its return value directly returned. If it is an object, then that
object's render() routine is called and its value returned.
For lots more information, please see CGI::FormBuilder::Template.
text => $text
This is text that is included below the title but above the actual
form. Useful if you want to say something simple like "Contact $adm
for more help", but if you want lots of text check out the
"template" option above.
title => $title
This takes a string to use as the title of the form.
values => \%hash | \@array
The "values" option takes a hashref of key/value pairs specifying
the default values for the fields. These values will be overridden
by the values entered by the user across the CGI. The values are
used case-insensitively, making it easier to use DBI hashref
records (which are in upper or lower case depending on your
database).
This option is useful for selecting a record from a database or
hardwiring some sensible defaults, and then including them in the
form so that the user can change them if they wish. For example:
my $rec = $sth->fetchrow_hashref;
my $form = CGI::FormBuilder->new(fields => \@fields,
values => $rec);
You can also pass an arrayref, in which case each value is used
sequentially for each field as specified to the "fields" option.
validate => \%hash | $object
This option takes either a hashref of key/value pairs or a
Data::FormValidator object.
In the case of the hashref, each key is the name of a field from
the "fields" option, or the string "ALL" in which case it applies
to all fields. Each value is one of the following:
- a regular expression in 'quotes' to match against
- an arrayref of values, of which the field must be one
- a string that corresponds to one of the builtin patterns
- a string containing a literal code comparison to do
- a reference to a sub to be used to validate the field
(the sub will receive the value to check as the first arg)
In addition, each of these can also be grouped together as:
- a hashref containing pairings of comparisons to do for
the two different languages, "javascript" and "perl"
By default, the "validate" option also toggles each field to make
it required. However, you can use the "required" option to change
this, see it for more details.
Let's look at a concrete example. Note that the javascript
validation is a negative match, while the perl validation is a
positive match.
my $form = CGI::FormBuilder->new(
fields => [qw(
username password confirm_password
first_name last_name email
)],
validate => {
username => [qw(nate jim bob)],
first_name => '/^\w+$/', # note the
last_name => '/^\w+$/', # single quotes!
email => 'EMAIL',
password => \&check_password,
confirm_password => {
javascript => '!= form.password.value', # neg
perl => 'eq $form->field("password")', # pos
},
},
);
# simple sub example to check the password
sub check_password ($) {
my $v = shift; # first arg is value
return unless $v =~ /^.{6,8}/; # 6-8 chars
return if $v eq "password"; # dummy check
return unless passes_crack($v); # you write "passes_crack()"
return 1; # success
}
This would create both JavaScript and Perl routines on the fly that
would ensure:
- "username" was either "nate", "jim", or "bob"
- "first_name" and "last_name" both match the regex's specified
- "email" is a valid EMAIL format
- "password" passes the checks done by check_password(), meaning
that the sub returns true
- "confirm_password" is equal to the "password" field
Any regular expressions you specify must be enclosed in single
quotes because they need to be used in both JavaScript and Perl
code. As such, specifying a "qr//" will NOT work.
Note that for both the "javascript" and "perl" hashref code
options, the form will be present as the variable named "form". For
the Perl code, you actually get a complete $form object meaning
that you have full access to all its methods (although the field()
method is probably the only one you'll need for validation).
In addition to taking any regular expression you'd like, the
"validate" option also has many builtin defaults that can prove
helpful:
VALUE - is any type of non-null value
WORD - is a word (\w+)
NAME - matches [a-zA-Z] only
FNAME - person's first name, like "Jim" or "Joe-Bob"
LNAME - person's last name, like "Smith" or "King, Jr."
NUM - number, decimal or integer
INT - integer
FLOAT - floating-point number
PHONE - phone number in form "123-456-7890" or "(123) 456-7890"
INTPHONE- international phone number in form "+prefix local-number"
EMAIL - email addr in form "name@host.domain"
CARD - credit card, including Amex, with or without -'s
DATE - date in format MM/DD/YYYY
EUDATE - date in format DD/MM/YYYY
MMYY - date in format MM/YY or MMYY
MMYYYY - date in format MM/YYYY or MMYYYY
CCMM - strict checking for valid credit card 2-digit month ([0-9]|1[012])
CCYY - valid credit card 2-digit year
ZIPCODE - US postal code in format 12345 or 12345-6789
STATE - valid two-letter state in all uppercase
IPV4 - valid IPv4 address
NETMASK - valid IPv4 netmask
FILE - UNIX format filename (/usr/bin)
WINFILE - Windows format filename (C:\windows\system)
MACFILE - MacOS format filename (folder:subfolder:subfolder)
HOST - valid hostname (some-name)
DOMAIN - valid domainname (www.i-love-bacon.com)
ETHER - valid ethernet address using either : or . as separators
I know some of the above are US-centric, but then again that's
where I live. :-) So if you need different processing just create
your own regular expression and pass it in. If there's something
really useful let me know and maybe I'll add it.
You can also pass a Data::FormValidator object as the value of
"validate". This allows you to do things like requiring any one of
several fields (but where you don't care which one). In this case,
the "required" option to new() is ignored, since you should be
setting the required fields through your FormValidator profile.
By default, FormBuilder will try to use a profile named `fb' to
validate itself. You can change this by providing a different
profile name when you call validate().
Note that currently, doing validation through a FormValidator
object doesn't generate any JavaScript validation code for you.
Note that any other options specified are passed to the "
That's all you need for a sticky search form with the above HTML
layout. Notice that you can change the HTML layout as much as you want
without having to touch your CGI code.
Ex4: user_info.cgi
This script grabs the user's information out of a database and lets
them update it dynamically. The DBI information is provided as an
example, your mileage may vary:
#!/usr/bin/perl
use strict;
use CGI::FormBuilder;
use DBI;
use DBD::Oracle
my $dbh = DBI->connect('dbi:Oracle:db', 'user', 'pass');
# We create a new form. Note we've specified very little,
# since we're getting all our values from our database.
my $form = CGI::FormBuilder->new(
fields => [qw(username password confirm_password
first_name last_name email)]
);
# Now get the value of the username from our app
my $user = $form->cgi_param('user');
my $sth = $dbh->prepare("select * from user_info where user = '$user'");
$sth->execute;
my $default_hashref = $sth->fetchrow_hashref;
# Render our form with the defaults we got in our hashref
print $form->render(values => $default_hashref,
title => "User information for '$user'",
header => 1);
Ex5: add_part.cgi
This presents a screen for users to add parts to an inventory database.
Notice how it makes use of the "sticky" option. If there's an error,
then the form is presented with sticky values so that the user can
correct them and resubmit. If the submission is ok, though, then the
form is presented without sticky values so that the user can enter the
next part.
#!/usr/bin/perl
use strict;
use CGI::FormBuilder;
my $form = CGI::FormBuilder->new(
method => 'post',
fields => [qw(sn pn model qty comments)],
labels => {
sn => 'Serial Number',
pn => 'Part Number'
},
sticky => 0,
header => 1,
required => [qw(sn pn model qty)],
validate => {
sn => '/^[PL]\d{2}-\d{4}-\d{4}$/',
pn => '/^[AQM]\d{2}-\d{4}$/',
qty => 'INT'
},
font => 'arial,helvetica'
);
# shrink the qty field for prettiness, lengthen model
$form->field(name => 'qty', size => 4);
$form->field(name => 'model', size => 60);
if ($form->submitted) {
if ($form->validate) {
# Add part to database
} else {
# Invalid; show form and allow corrections
print $form->render(sticky => 1);
exit;
}
}
# Print form for next part addition.
print $form->render;
With the exception of the database code, that's the whole application.
Ex6: Session Management
This creates a session via "CGI::Session", and ties it in with
FormBuilder:
#!/usr/bin/perl
use CGI::Session;
use CGI::FormBuilder;
my $form = CGI::FormBuilder->new(fields => \@fields);
# Initialize session
my $session = CGI::Session->new('driver:File',
$form->sessionid,
{ Directory=>'/tmp' });
if ($form->submitted && $form->validate) {
# Automatically save all parameters
$session->save_param($form);
}
# Ensure we have the right sessionid (might be new)
$form->sessionid($session->id);
print $form->render;
Yes, it's pretty much that easy. See CGI::FormBuilder::Multi for how to
tie this into a multi-page form.
FREQUENTLY ASKED QUESTIONS (FAQ)
There are a couple questions and subtle traps that seem to poke people
on a regular basis. Here are some hints.
I'm confused. Why doesn't this work like CGI.pm?
If you're used to "CGI.pm", you have to do a little bit of a brain
shift when working with this module.
FormBuilder is designed to address fields as abstract entities. That
is, you don't create a "checkbox" or "radio group" per se. Instead,
you create a field for the data you want to collect. The HTML
representation is just one property of this field.
So, if you want a single-option checkbox, simply say something like
this:
$form->field(name => 'join_mailing_list',
options => ['Yes']);
If you want it to be checked by default, you add the "value" arg:
$form->field(name => 'join_mailing_list',
options => ['Yes'],
value => 'Yes');
You see, you're creating a field that has one possible option: "Yes".
Then, you're saying its current value is, in fact, "Yes". This will
result in FormBuilder creating a single-option field (which is a
checkbox by default) and selecting the requested value (meaning that
the box will be checked).
If you want multiple values, then all you have to do is specify
multiple options:
$form->field(name => 'join_mailing_list',
options => ['Yes', 'No'],
value => 'Yes');
Now you'll get a radio group, and "Yes" will be selected for you! By
viewing fields as data entities (instead of HTML tags) you get much
more flexibility and less code maintenance. If you want to be able to
accept multiple values, simply use the "multiple" arg:
$form->field(name => 'favorite_colors',
options => [qw(red green blue)],
multiple => 1);
In all of these examples, to get the data back you just use the field()
method:
my @colors = $form->field('favorite_colors');
And the rest is taken care of for you.
How do I make a multi-screen/multi-mode form?
This is easily doable, but you have to remember a couple things. Most
importantly, that FormBuilder only knows about those fields you've told
it about. So, let's assume that you're going to use a special parameter
called "mode" to control the mode of your application so that you can
call it like this:
myapp.cgi?mode=list&...
myapp.cgi?mode=edit&...
myapp.cgi?mode=remove&...
And so on. You need to do two things. First, you need the "keepextras"
option:
my $form = CGI::FormBuilder->new(..., keepextras => 1);
This will maintain the "mode" field as a hidden field across requests
automatically. Second, you need to realize that since the "mode" is not
a defined field, you have to get it via the cgi_param() method:
my $mode = $form->cgi_param('mode');
This will allow you to build a large multiscreen application easily,
even integrating it with modules like "CGI::Application" if you want.
You can also do this by simply defining "mode" as a field in your
"fields" declaration. The reason this is discouraged is because when
iterating over your fields you'll get "mode", which you likely don't
want (since it's not "real" data).
Why won't CGI::FormBuilder work with post requests?
It will, but chances are you're probably doing something like this:
use CGI qw(:standard);
use CGI::FormBuilder;
# Our "mode" parameter determines what we do
my $mode = param('mode');
# Change our form based on our mode
if ($mode eq 'view') {
my $form = CGI::FormBuilder->new(
method => 'post',
fields => [qw(...)],
);
} elsif ($mode eq 'edit') {
my $form = CGI::FormBuilder->new(
method => 'post',
fields => [qw(...)],
);
}
The problem is this: Once you read a "post" request, it's gone forever.
In the above code, what you're doing is having "CGI.pm" read the "post"
request (on the first call of param()).
Luckily, there is an easy solution. First, you need to modify your code
to use the OO form of "CGI.pm". Then, simply specify the "CGI" object
you create to the "params" option of FormBuilder:
use CGI;
use CGI::FormBuilder;
my $cgi = CGI->new;
# Our "mode" parameter determines what we do
my $mode = $cgi->param('mode');
# Change our form based on our mode
# Note: since it is post, must specify the 'params' option
if ($mode eq 'view') {
my $form = CGI::FormBuilder->new(
method => 'post',
fields => [qw(...)],
params => $cgi # get CGI params
);
} elsif ($mode eq 'edit') {
my $form = CGI::FormBuilder->new(
method => 'post',
fields => [qw(...)],
params => $cgi # get CGI params
);
}
Or, since FormBuilder gives you a cgi_param() function, you could also
modify your code so you use FormBuilder exclusively, as in the previous
question.
How can I change option XXX based on a conditional?
To change an option, simply use its accessor at any time:
my $form = CGI::FormBuilder->new(
method => 'post',
fields => [qw(name email phone)]
);
my $mode = $form->cgi_param('mode');
if ($mode eq 'add') {
$form->title('Add a new entry');
} elsif ($mode eq 'edit') {
$form->title('Edit existing entry');
# do something to select existing values
my %values = select_values();
$form->values(\%values);
}
print $form->render;
Using the accessors makes permanent changes to your object, so be aware
that if you want to reset something to its original value later, you'll
have to first save it and then reset it:
my $style = $form->stylesheet;
$form->stylesheet(0); # turn off
$form->stylesheet($style); # original setting
You can also specify options to render(), although using the accessors
is the preferred way.
How do I manually override the value of a field?
You must specify the "force" option:
$form->field(name => 'name_of_field',
value => $value,
force => 1);
If you don't specify "force", then the CGI value will always win. This
is because of the stateless nature of the CGI protocol.
How do I make it so that the values aren't shown in the form?
Turn off sticky:
my $form = CGI::FormBuilder->new(... sticky => 0);
By turning off the "sticky" option, you will still be able to access
the values, but they won't show up in the form.
I can't get "validate" to accept my regular expressions!
You're probably not specifying them within single quotes. See the
section on "validate" above.
Can FormBuilder handle file uploads?
It sure can, and it's really easy too. Just change the "enctype" as an
option to new():
use CGI::FormBuilder;
my $form = CGI::FormBuilder->new(
enctype => 'multipart/form-data',
method => 'post',
fields => [qw(filename)]
);
$form->field(name => 'filename', type => 'file');
And then get to your file the same way as "CGI.pm":
if ($form->submitted) {
my $file = $form->field('filename');
# save contents in file, etc ...
open F, ">$dir/$file" or die $!;
while (<$file>) {
print F;
}
close F;
print $form->confirm(header => 1);
} else {
print $form->render(header => 1);
}
In fact, that's a whole file upload program right there.
REFERENCES
This really doesn't belong here, but unfortunately many people are
confused by references in Perl. Don't be - they're not that tricky.
When you take a reference, you're basically turning something into a
scalar value. Sort of. You have to do this if you want to pass arrays
intact into functions in Perl 5.
A reference is taken by preceding the variable with a backslash (\).
In our examples above, you saw something similar to this:
my @fields = ('name', 'email'); # same as = qw(name email)
my $form = CGI::FormBuilder->new(fields => \@fields);
Here, "\@fields" is a reference. Specifically, it's an array reference,
or "arrayref" for short.
Similarly, we can do the same thing with hashes:
my %validate = (
name => 'NAME';
email => 'EMAIL',
);
my $form = CGI::FormBuilder->new( ... validate => \%validate);
Here, "\%validate" is a hash reference, or "hashref".
Basically, if you don't understand references and are having trouble
wrapping your brain around them, you can try this simple rule: Any time
you're passing an array or hash into a function, you must precede it
with a backslash. Usually that's true for CPAN modules.
Finally, there are two more types of references: anonymous arrayrefs
and anonymous hashrefs. These are created with "[]" and "{}",
respectively. So, for our purposes there is no real difference between
this code:
my @fields = qw(name email);
my %validate = (name => 'NAME', email => 'EMAIL');
my $form = CGI::FormBuilder->new(
fields => \@fields,
validate => \%validate
);
And this code:
my $form = CGI::FormBuilder->new(
fields => [ qw(name email) ],
validate => { name => 'NAME', email => 'EMAIL' }
);
Except that the latter doesn't require that we first create @fields and
%validate variables.
ENVIRONMENT VARIABLES
FORMBUILDER_DEBUG
This toggles the debug flag, so that you can control FormBuilder
debugging globally. Helpful in mod_perl.
NOTES
Parameters beginning with a leading underscore are reserved for future
use by this module. Use at your own peril.
The field() method has the alias param() for compatibility with other
modules, allowing you to pass a $form around just like a $cgi object.
The output of the HTML generated natively may change slightly from
release to release. If you need precise control, use a template.
Every attempt has been made to make this module taint-safe (-T).
However, due to the way tainting works, you may run into the message
"Insecure dependency" or "Insecure $ENV{PATH}". If so, make sure you
are setting $ENV{PATH} at the top of your script.
ACKNOWLEDGEMENTS
This module has really taken off, thanks to very useful input, bug
reports, and encouraging feedback from a number of people, including:
Norton Allen
Mark Belanger
Peter Billam
Brad Bowman
Jonathan Buhacoff
Godfrey Carnegie
Jakob Curdes
Laurent Dami
Bob Egert
Peter Eichman
Adam Foxson
Jorge Gonzalez
Florian Helmberger
Mark Hedges
Mark Houliston
Victor Igumnov
Robert James Kaes
Dimitry Kharitonov
Randy Kobes
William Large
Kevin Lubic
Robert Mathews
Mehryar
Klaas Naajikens
Koos Pol
Shawn Poulson
Victor Porton
Dan Collis Puro
Wolfgang Radke
David Siegal
Stephan Springl
Ryan Tate
John Theus
Remi Turboult
Andy Wardley
Raphael Wegmann
Emanuele Zeppieri
Thanks!
SEE ALSO
CGI::FormBuilder::Template, CGI::FormBuilder::Messages,
CGI::FormBuilder::Multi, CGI::FormBuilder::Source::File,
CGI::FormBuilder::Field, CGI::FormBuilder::Util,
CGI::FormBuilder::Util, HTML::Template, Text::Template
CGI::FastTemplate
REVISION
$Id: FormBuilder.pm 65 2006-09-07 18:11:43Z nwiger $
AUTHOR
Copyright (c) Nate Wiger . All Rights Reserved.
This module is free software; you may copy this under the terms of the
GNU General Public License, or the Artistic License, copies of which
should have accompanied your Perl kit.
perl v5.40.0 2024-09-01 CGI::FormBuilder(3)