4

I have a registration form, and when the user clicks the submit button the value in every textbox will be sent to server to insert that data, and return true/false.

Client:

Template.cust_register.events({
    'click button': function(){
          var email = $('#tbxCustEmail').val();
          var msg = $('#tbxCustMsg').val();
          var isSuccess = insertMsg(email,msg);
          if(isSuccess){
             alert("Success");
          }else alert("Try again");
    }
});

Server:

function insertMsg(email,msg){
     Messages.insert({Email:email,Message:msg});
     return true;
}

This turned out to not work. How to solve this? Many people said "use publish/subscribe", but I don't understand how to use that.

JJJ
  • 32,902
  • 20
  • 89
  • 102
yozawiratama
  • 4,209
  • 12
  • 58
  • 106
  • 1
    You should really study the publish/subscribe model; it's pretty much the basic idea of Meteor and if you don't understand what it means using Meteor is going to be very rough. – JJJ Dec 17 '13 at 09:54

2 Answers2

4

First, watch the introductory screencast and read the Data and security section of the docs.

Your code in a publish/subscribe model would look like this:

Common:

Messages = new Meteor.Collection('messages');

Client:

Meteor.subscribe("messages");

Template.cust_register.events({
    'click button': function(){
          var email = $('#tbxCustEmail').val();
          var msg = $('#tbxCustMsg').val();
          Messages.insert({Email:email,Message:msg});
    }
});

Server:

Meteor.publish("messages", function() {
    return Messages.find();
});
rzymek
  • 9,064
  • 2
  • 45
  • 59
  • So in Meteor, we can do insert on client side? wow that's dangerous :( – yozawiratama Dec 17 '13 at 10:14
  • 1
    Read the chapter. After initial prototyping you `meteor remove insecure` and have to define access rules to collections. – rzymek Dec 17 '13 at 10:27
  • 2
    @yozawiratama its not dangerous you use the allow rules to check them before they're inserted on the server its like having permissions – Tarang Dec 17 '13 at 11:35
  • 1
    @yozawiratama u must write some different project with meteor for understand it. It is not dangerous. It is so secure. – delibalta Dec 17 '13 at 12:20
4

An alternative solution is to use Meteor.call('yourMethodName') (on the client).

Then, on the server, you can have 

Meteor.methods({
    yourMethodName: function() { /* validate input + return some data */ }
});

You can consider setting a session variable to the return value.

Meteor.call('yourMethodName', function (err, data) {
    if (!err) {
        Session.set('myData', data);
    } 
});

And then in some some template...

Template.whatever.helpers({
    messages: function() {
        return Session.get('myData');
    }
});

Why do all this? 

1) You can explicitly deny all direct `insert/update/find` queries from the client, and force usage of pre-defined Meteor methods.

2) You can manually determine when certain data is "refreshed".

Obviously, this methodology undermines the value of the subscription/publication model, and it should only be used in cases where real-time data isn't required.

Brad M
  • 7,857
  • 1
  • 23
  • 40