This concerns a quality-of-life improvement, but also potentially a security concern.
With large forms, one is tempted to simply use an Object
and refer tot the form, as follows:
Form.data
While this is convenient from a DX perspective, it does introduce some potential vulnerabilities in regards to mass assignment. Any value in the form will be considered to be valid and although I haven't tested this out, I assume there is no safeguard or validation in place to check against any unintended values (?)
In any case, one way is mitigate this, is to be very intentional/strict on what columns and values to allow to be inserted in the database. The way to do so is using key-value pairs. But this quickly becomes a pain when you're dealing with countless columns. Making a mistake or missing something is overlooked quite easily.
Therefore I would advocate in favor of using a "Generate" button to have the form's keys automatically be set. That way, you're confident you're using all of the right columns and not potentially allowing users to add anything either.
This "Generate" button (a lightning bolt, perhaps?) would be included at the end of these buttons:
Anyway, I hope you'll take this into consideration.
Thanks