Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.015 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'subsequent': 0.05; 'duplicate': 0.07; 'next,': 0.09; 'system;': 0.09; '(either': 0.16; '*must*': 0.16; 'ah,': 0.16; 'clunky': 0.16; 'earlier.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'inclined': 0.16; 'inserting': 0.16; 'itself,': 0.16; 'optional': 0.16; 'selects': 0.16; 'stored.': 0.16; 'subject:GUI': 0.16; 'subject:library': 0.16; 'syntactic': 0.16; 'with?': 0.16; 'appropriate': 0.16; 'wrote:': 0.18; 'resend': 0.19; 'server,': 0.19; 'entered': 0.20; 'saying': 0.22; 'diverse': 0.24; 'sends': 0.24; 'question': 0.24; 'gets': 0.27; 'header:In-Reply-To:1': 0.27; 'record': 0.27; 'absolute': 0.30; 'message- id:@mail.gmail.com': 0.30; 'too.': 0.31; 'with,': 0.31; 'allows': 0.31; 'fri,': 0.33; 'could': 0.34; "can't": 0.35; 'case,': 0.35; 'but': 0.35; 'received:google.com': 0.35; '14,': 0.36; 'useful': 0.36; 'being': 0.38; 'server': 0.38; 'ajax': 0.38; 'checks': 0.38; 'form,': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'anything': 0.39; 'does': 0.39; 'to:addr:python.org': 0.39; 'easy': 0.60; 'transaction.': 0.60; 'issues,': 0.61; 'entire': 0.61; 'simply': 0.61; 'simple': 0.61; 'telling': 0.64; 'more': 0.64; 'capable': 0.67; 'response.': 0.68; 'frank': 0.68; 'confirmed,': 0.84; 'different.': 0.84; 'moves': 0.84; 'mean.': 0.91; 'responses': 0.93; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=1VoJZHt0DbXd1D0PWkHzvykTuTXkaxs8iimBtRIfq6o=; b=HObx0rRDSbNj7omz9tWU0vbv57rUErweYTHn9A9H+tqkMOsFVcl11I66biGGO4Du0s Xwo+UADs6PA/waGMkRu8rjXm8pyavHbEnYjpW+V3ZKvycp1XjvBWyufWvZqSZxHhB3Eh /tB6H5OA5IEebSlH00cPhFvRJgWOrUr/oNKmhxkj/37qhx8zKlTJdCDDa+rK2d+Kcs7Y 1Oiwlj4uRYgJ4fXQkb1hpx+/8/rRgMSseTVj5TwOrX49L7VoMXucbjfIO2rO0XT9ts0y ayxAmO79exQH1ki+UBk9Dgt+U6mM5K+Mh5dFrKj+kD0aw2FCcdBd0g834pHjiN7rccND ibBQ== MIME-Version: 1.0 X-Received: by 10.58.41.105 with SMTP id e9mr592563vel.14.1371201027419; Fri, 14 Jun 2013 02:10:27 -0700 (PDT) In-Reply-To: References: <20130522154233.fe5263cb231c375fc60c7c9b@gmx.net> <20130523174145.22a6c46f586b0a1f656d2412@gmx.net> <20130526194310.9cdb1be80b42c7fdf0ba502f@gmx.net> <20130527172250.a8b0ce44f29398d63a4ec650@gmx.net> <20130530184045.6d15530be70e18d96e5654ad@gmx.net> <20130601201817.55d3361dda93dac387a9eab6@gmx.net> <20130612222819.2a044e86ab4b6defe1939a04@gmx.net> Date: Fri, 14 Jun 2013 19:10:27 +1000 Subject: Re: Future standard GUI library From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 35 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1371201035 news.xs4all.nl 15928 [2001:888:2000:d::a6]:54778 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:48097 On Fri, Jun 14, 2013 at 3:39 PM, Frank Millman wrote: >> It's not either-or. The server *MUST* perform the checks at the time >> of form submission; the question is whether or not to perform >> duplicate checks earlier. This is an absolute rule of anything where >> the client is capable of being tampered with, and technically, you >> could violate it on a closed system; but it's so easy to migrate from >> closed system to diverse system without adding all the appropriate >> checks, so just have the checks from the beginning. >> > > In my case, it is either-or. I do not just do field-by-field validation, I > do field-by-field submission. The server builds up a record of the data > entered while it is being entered. When the user selects 'Save', it does not > resend the entire form, it simply sends a message to the server telling it > to process the data it has already stored. Ah, I see what you mean. What I was actually saying was that it's mandatory to check on the server, at time of form submission, and optional to pre-check (either on the client itself, for simple syntactic issues, or via AJAX or equivalent) for faster response. As a general rule, I would be inclined to go with a more classic approach for reasons of atomicity. What happens if the user never gets around to selecting Save? Does the server have a whole pile of data that it can't do anything with? Do you garbage-collect that eventually? The classic model allows you to hold off inserting anything into the database until it's fully confirmed, and then do the whole job in a single transaction. But if you want to use a "wizard" approach, where the user enters one thing and then moves on to the next, that can work too. It gets clunky quickly, but it can be useful if the early responses make the subsequent questions drastically different. ChrisA