如何正确部署“卫星”形式
与我不这样做的建议相反,我必须建立一个表格,我们可以将其交给我们的附属机构,并将它们放在他们的网站上 - 一旦它离开我,我就无法控制任何事情,我希望这方面的专业知识社区可以为我提供解决此问题的替代方法。我需要使用元素控件编写一个无样式的表单,附属机构(希望)不会更改。然后,附属机构可以在他们的网站上设置表单,根据需要设置样式,并将其提交到我网站上的 PHP 脚本,该脚本将 A) 将其提交到我们的数据库,B) 将一些信息发送给第三方。我可以用 PHP 做些什么吗?不是专家,但我通常可以弄清楚。 
附属公司的技术知识水平参差不齐,大部分属于低端,没有共同的技术使用(我们使用 PHP)。一些潜在的问题
- 实施如果联属公司更改(无论出于何种原因)输入 ID 和/或名称,它不会提交到我们的数据库中
- 由于他们的技能水平/编程语言差异,我无法提供客户端验证
- 我无法控制联属网站上的任何内容,我猜这会让我们的数据库容易受到攻击?
- 主要是用户体验,如果他们提交无效的表单并且我们的服务器端验证捕获它,请将他们发送回联属页面或我们网站上的错误消息。由于存在技能水平/技术问题,我不能指望附属机构设置一个curl脚本并处理来自其网站上的表单提交脚本的错误消息,因此我必须将它们发送到我们网站上的错误页面。然后附属公司就会失去领先地位。
这些是我提出的主要问题,我确信还有其他问题。因此,我需要有一些东西可以交给附属机构,他们将其插入页面并使其工作。以前有其他人必须这样做吗?有更好的方法来处理这个问题吗?可能是 iFrame?由于跨域安全问题,我从未对它们有太多用处。我感谢你们提供的任何建议和指导。如果问题不够彻底或经过深思熟虑,我深表歉意。我会根据要求进行更新。谢谢!
Against my recommendations to not do it, I have to set up a form that we can hand off to our affiliates and have them put on their site - I have no control over anything once it leaves me, I am hoping that the expertise in this community can give me an alternative approach to this issue. I need to code an unstyled form with the element controls which the affiliate (hopefully) will not change. The affiliate can then set the form up on their site, style it however they need to and submit it to a PHP script on my site that will A) submit it to our database and B)send some of the info to a third party. Is there something I can do with PHP - not an expert but I can usually figure it out.
The affiliates have varying levels of technical knowledge, most of it to the low end, and there is no common technology being used (we use PHP). Some potential issues
- Implementation if affiliates change (for whatever reason) the input ID's and or Names it won't submit into our database
- No Client Side validation supplied by me due to their skill level/programming language differences
- I cant control ANYTHING on the affiliate sites, I would guess this would leave our database vulnerable?
- mainly the user experience, if they submit a form that is invalid and our server side validation catches it, send them back to the affiliate page or to an error message on our site. Since the skill level/technology issue is there I can't expect the affiliates to set up a curl script and process the error message from the form submission script on their site, so I have to send them to an error page on our site. Then the affiliate would loose the lead.
These were the main issues I came up with, Im sure there are others. So I need to have something I can just hand off to the affiliates, they plug it into a page and have it work. Has anyone else had to do this before? Is there a better way to handle this? Possibly an iFrame? Ive never had much use for them due to cross domain security issues. I appreciate any advice and guidance you all can provide. I apologize if the question isn't thorough enough or viewed as well thought out. I will update it upon request. Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
与其将表单代码提供给您的附属机构,您只需向他们提供 javascript(代码本身,或者更好,一个缩小的 javascript 文件)即可在他们的网站上创建表单。这样,您就可以包含客户端验证并指定表单元素的布局(包括表单字段的 ID)?所有附属机构需要做的就是将 javascript 添加到所需位置。你可以给他们一些关于 javascript 的替代方案;例如,一个用于显示表单,一个用于弹出对话框等。如果表单的操作是您网站上的 PHP 脚本,我认为这不会导致跨站点脚本问题。缩小脚本将降低附属公司“修复”它的风险。如果需要,您甚至可以为他们提供一个单独的 CSS 文件来设置表单中元素的样式,但这会增加他们的复杂性。
How about instead of giving the form code to your affiliates, you simply give them javascript--either the code itself or, perhaps even better, a minified javascript file--that will create the form on their site. That way, you could include client-side validation and dictate the layout of the form elements including the ids for the form fields? All the affiliates would need to do would be to add the javascript in the desired location. You could give them some alternatives regarding the javascript; e.g., one for a form to display, one for a pop-up dialog, etc. I don't think this would cause you a cross-site scripting issue if the form's action were your PHP script on your site. Minifying the script would reduce the risk of the affiliates "fixing" it. You could even give them a separate CSS file to style the elements in the form if needed, but that would add complexity for them.
您可以为每个客户端提供一个要加载的 iframe 代码。这个 iframe 将加载类似的内容,
您可以使用 AFFILIATE_ID 以特定方式设置表单样式,或者加载他们为您提供的样式表。
You could give each client an iframe code to load. This iframe will load something like
You could use the AFFILIATE_ID to style the form a particular way or maybe load a stylesheet that they supply you.
至于验证,它实际上与任何其他形式没有什么不同。客户端验证只是建议性的。无论如何,您必须确保表单处理脚本中的输入结构和格式。
然后你有两个关于如何处理错误的选择。 (1) 如果业务需求不禁止它,我会简单地使其成为一个成熟的表单处理程序。如果任何收到的 $_POST 字段有错误,请再次打印您自己的漂亮版本的表单。在此处包含错误消息,并添加 Clippy(一些 Javascript 帮助程序)以帮助用户正确填写表单。
如果不允许在您端显示表单的自定义版本,则(2)只需打印错误消息。让它显示几秒钟,并自动重定向回合作伙伴网站上的原始表单。通常只需提供:
这样就可以详细解释错误,但用户仍然可以返回到之前的表单(所有内容仍已填写)。
As for validation it's really no different than any other form. Client-side validation is just advisory. You have to ensure the input structure and format in your form processing script anyway.
Then you have two options on how to handle errors. (1) If the business requirements do not forbid it, I would simply make it a full-fledged form handler. If any received $_POST field has errors, print your own pretty version of the form again. Include error messsages right there, and add Clippy (some Javascript helper) to help users fill out the form correctly.
If it's not permitted to show a customized version of the form on your end, then (2) just print the error message. Make it show up for a few seconds and provide an auto-redirect back to the original form on the partner site. It's often even sufficient to provide just:
That way the error is explained in detail, but the user can still go back to the previous form (with everything still filled in).