Hello,

I have an app that I am developing that I need feedback on. This may
seem strange, but I'm not sure about the best way to handle a form that
might have bad input.

An example might make the problem clearer.  Given the following
flowchart and quixote's URL-space matches code-space concept, where is
the best place to validate the form and respond appropriately?

Form (foo) submission
     |
   Error?  - y -> Go back to foo with appropriate error message
     |
     -- n -> Go to form (bar)


Option 1:
class foo handles layout and validation for form foo.  Form foo POSTS to
/foo, which then either returns (on error) or redirects to /bar (on
successful validation)

This is nice because the layout and validation logic for each form are
all encompassed in a single class (foo).  The downside is the use of the
redirect -- seems sloppy and Opera complains about possible security
problems.

Option 2:

Class foo handles layout for form foo. Form foo POSTS to /bar.
Validation is taken care of in class bar, which then redirects to /foo
(on error) or lays out its own form (bar) on success.

This is nice because redirects only occur on errors.  However, the
layout and validation are split between classes, which seems sort of messy.

Option 3:

There is only one URL.  The app keeps track of the location internally.
All forms post to /genericURL, and the app keeps track of which class
lays out an validates each form.

This is nice because there are no redirects, and a single point of entry
to the web app.  However, this completely nullifies quixote's URL-space
matches code-space concept, and may be more insecure.

Any options I missed?  What is the best way to handle this situation?
I'm happy to elaborate if the above explanation wasn't clear enough.  I
am looking for as much advice and perspective about this issue as I can get.

Thanks,

VanL