Add And Redirect

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Ok, Please don't kill me, i know i am a cheeky monk-ey, but i think this one would be better dealt with by javascript. So if anybody has any experience with this then please try to help. I could do it myself in Perl, but i don't want a perl script sitting on my server for somethign as simple as this.

I have a form on my website that has various check boxes and drop down menus. All of these items have numeric values associated with them, which is realy their cost in $. I.E checkbox1 has a value of '5' which realy means it costs $5.

I want this script to add up the values of checkbox1.value, checkbox2.value, checkbox3.value, when the submit button is pressed, and redirect the user to a website e.g http://www.blah.com/cgi-bin/cart.cgi?total=$total - where $total is the value of all those checkboxes added together.

Help is very much appreciated

Comment on Add And Redirect

Replies are listed 'Best First'.
Re: Add And Redirect by BrowserUk (Patriarch) on May 15, 2003 at 18:55 UTC
Think about what happens if I select 3 items worth $100 each, and then edit the url to ...cart.cgi?total=$0.01? Examine what is said, not who speaks. "Efficiency is intelligent laziness." -David Dunham "When I'm working on a problem, I never think about beauty. I think only how to solve the problem. But when I have finished, if the solution is not beautiful, I know it is wrong." -Richard Buckminster Fuller	[reply]
Re: Re: Add And Redirect by Skeeve (Parson) on May 16, 2003 at 07:56 UTC
I did that (almost) once and it worked! A company gave users Points for doing something on their page and I earned 1800 Points worth about 9 Euro (IIRC) When I wanted the money they just allowed me to transfer it in 500Point-Steps, leaving 300Points (worth 1.50 Eur). I saved the source of the "transfer-page", simply added 1800 to the selection, submitted and 2 weks later I had my 9 Euro ;-) So to everyone dealing with user input: Always check on the server too.	[reply]
Re: Add And Redirect by halley (Prior) on May 15, 2003 at 18:57 UTC
Just curious, what value would that have to the user? Any financial computation should be done on the server, for security's sake. Doing this in Javascript to alter the target URL seems very strange. I don't see why the URL must contain the results of a calculation at all. If the server computes the total, then requiring a redirect to get the total into the browser's URL will add complication and reduce portability for different browsers. It'll break the "Back" button, too. If the client calculates it, you need a client capable of doing the calculation (javascript might not be available, or may have been turned off), and as mentioned above, it's exposed for meddling. The client should only know the transaction ID and some authentication token. The server should not trust anything the client gives it. The server can offer any information the user must read, and can accept input from the user, but must double-check the validity of anything the client sends. -- `[ e d @ h a l l e y . c c ]`	[reply]
Re: Add And Redirect by Cody Pendant (Prior) on May 16, 2003 at 00:07 UTC
Please explain in more detail why you think it would be better done in JavaScript. You have to process the form anyway, so you need a server-side script. It's better, easier and more secure to add a line to your server-side script than it is to do it in JavaScript, plus there will be users for whom it won't work, as pointed out by other monks. Please tell us what's given you the impression that JS is better for this task. Apart from anything else, you should Be Afraid, Be Very Afraid of JS's ability to do floating point math. It has all the problems that Perl does in coming up with 99.9999999997 where you or I would come up with 100, but it doesn't have all the built-in functions that Perl does to take care of such problems. -- “Every bit of code is either naturally related to the problem at hand, or else it's an accidental side effect of the fact that you happened to solve the problem using a digital computer.” M-J D	[reply]
Re: Add And Redirect by artist (Parson) on May 15, 2003 at 18:53 UTC
but i don't want a perl script sitting on my server for somethign as simple as this. If you are in data processing, there could be plenty of other things for which you may require perl. Apart from that, your question is pure javascript adding numbers. Total is done with adding all the values.	[reply]