How to apply values to hidden fields during registration..

I have a few fields I'd like to populate in my MySQL database when a user registers as a member using the client_Registration.php page, also a few fields when the client_Profile.php page is updated by the new member. I've added hidden fields next to the submit button that should contain this info.

Example:

On the client_Registration.php page:
client_status - this is a hard-coded value of "new" since they are new

created_by - this would be the email address entered in the form

created_dt - this would be the date and time they are registering

ip_address - I believe I would choose REMOTE_ADDR to do this


On the client_Profile.php page that can be updated:
last_updated_by - this would be the email address on the form or the current person logged in (better be the same person)

last_updated_dt - the current date and time when the form is submitted.

Any ideas on how this would be done using Security Assist (or Form Builder for that matter)?

thanks

I'm no expert, but the way that I did it was to use SA to enable the session variables from the login page (Step 3 of the Wizzard if you open the SA Authenticate User Server Behaviour)

Then on the pages that I wanted to update this information, created a form with Data Assist and then changed the text field type from text to hidden.

There might be a better way though.....

It is ok to add in hidden form fields to the form to add in this extra info. Once you have the form fields in place and have the values set for them you would make sure to update your update and insert server behaviors to bind the columns in your table with these new form fields.

For the fields you mentioned you should have the following values:

created_by - you can bind this to the existing email field since it is the same value

created_dt - if you want to make it always the time it was created you can just set the value directly in the insert server behavior. The code you would use the for the value of this column would be:

<?php time(); ?>

This will set the value of this form element to be the current timestamp. If you need it to be formated in a particular way you can format the timestamp using the date function in php.

ip_address - you can just set the remote address for this directly in your insert or update server behavior, this is more direct and does not give an opportunity to the user to manipulate this value.

On your update page you would want to set the last updated column to the same value you use for the inserted time column on the insert page.

I went back to where I was saving created_by in a hidden field and used the Insert Record behavior to have the hidden field point to the form's email field that was supplied by the user so that seems to have taken care of that problem (it defaulted to using itself as the value to be inserted which of course there was no value).

Regarding the created_dt hidden field, you mention "you can just set the value directly in the insert server behavior." Where is the insert server behavior value you are mentioning? Is this where it shows the value with a lightning bolt in the DW Properties inspector if you click on the hidden field?

Also, I'd like the created_dt to have a value like "2009-09-02 22:47:05" to be inserted in the database. Do you have an idea of what that php code would look like to associate it with the value of the created_dt hidden field?

thanks for your help. hopefully others will stumble on this and find some value in it.

steve

My response about setting the values directly in the insert server behavior would only apply if you are using DataAssist for the insert or updates. Based on your reply I assume you are using the regular built in DW insert that is created by default with Security Assist.

In this scenario you will need to have the hidden form elements in place with values to get them inserted correctly.

To get the value for the date formatted the way you would like it you can use the date function along with the time function like this:

<input type="hidden" name="created_dt" id="created_dt" value="<?php echo date("Y-m-d H:i:s", time()); ?>" />

The value of this form field will be the current date and time in the format you referenced:
2009-09-02 22:47:05

You can find out more about this awesome formatting function here:

php.net/manual/en/function.date.php

Thanks a lot Eric, that's exactly what I was looking for and I bet it will help others as well.

From a security standpoint, is adding a hidden field by using FB for a variety of things like this considered safe? just curious.

steve

There are security issues that could arise from relying on form values like this, since the values are in the form client side they could be manipulated by a user and the value that gets entered into the db as a result may not be accurate.

You could get around this by using a tool like DataAssist and setting the known values for the columns directly in the wizard, this way the values would be available only in the source code and not to the client.

Another possible solution would be to use some server side session variables to store the values, then populate the value of the form elements with the session variables that hold these values. You can then do some server side validation using the session variables to check to see if the values in the fields have been altered. If they have then the validation fails and you can send a message to the user letting them know the data was not inserted.