Chapter 7. Validating and processing input with the forms API
This chapter covers
- The main concepts of Play’s forms API
- How to process HTML form submits
- Generating HTML forms
- Parsing advanced types and building custom validations
A serious test of any web framework is the way it handles data thrown at it by clients. Clients can send data as a part of the URL (notably the query string), as HTTP request headers, or in the body of an HTTP request. In the latter case, there are various ways to encode the data; the usual ways are submitting HTML forms and sending JSON data.
When this data is received, you can’t trust it to be what you want or expect it to be. After all, the person using your application can shape a request any way they like, and can insert bogus or malicious data. What’s more, all (client) software is buggy. Before you can use the data, you need to validate it.