http://qs321.pair.com?node_id=383262


in reply to How do I write a CGI script with form validation?

For eCommerce applications I would definitely use sessions to store the state of the transaction. Whether you pass the session id using a http parameters or a cookie depends on whether you will be in a position to 'demand' site-compliance from your customers.

Furthermore, especially when forced to use plain cgi, I like to separate the entry, validation and processing into separate scripts with their respective templates. The validation script I usually create has no output of it's own, but redirects to either the form page (in case of problems) or the processing page (it it's all ok) after setting the appropriate 'validated' flag in the user's session store...

I would definitely read up on the HTTP protocol, and more specifically on GET/POST parameters and Cookies so you get more of a feel for the issues you'll be dealing with.

I wouldn't rely on JavaScript for validation, as users may have it disabled, and more importantly developing multi-browser compatible JavaScript is an art on it's own. If you do decide to use it, I'd try to find prefab snippets for your purpose, and I'd still do server-side validation for security reasons.