Server-Side HTML

Forms and POST

We value your feedback.

First, display user reviews on /item_view.

Update your "database" by adding lists of user reviews (name, comment) to each item
Update the item_view template to display that list as shown in the mockup

Next, create a POST route to handle adding new reviews.

Update the form to POST the new review data
Create a POST route to handle the request by adding the new review to the "database"
Send back item_view with the new review included

POSTing form data (8:08)

How traditional HTML forms send data in the request

the code: index.js, form.ejs

Handling POST data (5:50)

Catching the data on the server and doing something with it

the code: index.js, form.ejs

Hint! To update the database you have to send the id of the item being reviewed as part ot the request. You can send additional data in the URL or in the POST body. Either works here.

Finally, never, ever, ever trust data from the client! The client is in the hands of the enemy. You always need to see if the data is good (and safe!) before you do anything with it. In this exercise, we will ensure that the item id is valid, and neither the name or review text are blank.

Check the POST data to make sure the name and text are not blank
If either is blank, do not update the "database", send back item_view with one or more errors.
- Have separate errors for "Name can't be blank" and "Review can't be blank"
- Put the message(s) on the page as Bootstrap Alerts
If the item id is not a valid item, stop and res.sendStatus(404). That error can't be caused by normal user actions, so we don't want to give any feedback to a potential attacker.

Assignment Checklist

Update the HTML form to send the new review data

Create a POST route to handle data being POSTed

Add the new review to the "database"

Re-render the item view on success

Display an error on the form if the user didn't specify all the required data