prevent user to write local characters - html

I want to prevent user to write local characters (croatian - ĆČĐŠŽ) inside a input
<input type='text' pattern='[A-Z0-9]'>
but id doesn't work - local characters are written by typing.
And what is then the purpose of pattern attribute ?
Any help?

The pattern attribute work for form. It will check when the form is being submitted.
For validation when user typing, you need to make function for onChange event.
Update form #Anarion
onKeyUp/onKeyPress/onKeyDown because in some browsers onChange happens only on focus-out.

Related

What is the correct and most safe way to check if HTML form checkboxes and such have been POST-set?

This has confused me since the early days. Maybe it's just in my head, but it seems to me as if this has varied over time, between browsers, and possibly even depending on the local language/locale.
Basically, whenever I need to check if a HTML input of type "radio" or "checkbox" has been set, I always do:
if (isset($_POST['the_name']) && trim($_POST['the_name']))
// do stuff
This just makes sure that the POST variable is sent whatsoever (which in itself doesn't mean that it was actually checked/selected, as far as I can tell, since its "value" can be an empty string) and that it's something other than '' (empty string). It seems like this has worked for a long time, but I have two problems with it:
It's ugly. I need to abstract it into a function, but then I want to know if it's a good idea in the first place, or wrong somehow.
It makes the assumption that any non-empty string value means "checked" or "selected", whereas the standard may say a specific string value such as "on", or maybe any number of such strings depending on the language/locale.
Are there cases where my above code falls apart? Do browsers ever submit POST forms where they include names which have no user input/selection in the HTTP request? Or does the existence of a name in the POST blob mean that that "field" has been actively changed/set/checked/selected?
The idea behind checkboxes is that the value is sent over to the server only if the checkbox was checked when submitting the form. The value can be anything, even an empty string. As long as the field is part of the transmitted form it means the box was ticked.
The value attribute is one which all <input>s share; however, it serves a special purpose for inputs of type checkbox: when a form is submitted, only checkboxes which are currently checked are submitted to the server, and the reported value is the value of the value attribute. If the value is not otherwise specified, it is the string on by default.
This means you could have a form like this:
<form action="" method="get">
<input type="checkbox" name="c1" value="">
<input type="submit" value="Send">
</form>
If the checkbox is not checked when submitting then $_GET will be an empty array.
If the checkbox is checked then the value of $_GET will be:
array('c1' => '');
To check whether the box was ticked when sending the form you only need isset()
if (isset($_POST['c1']) {
// The box was checked!
}
Sometimes you would like to assign a value attribute to your checkbox. In such situations you can use the shorthand operator for isset() function ??.
// Create a variable from the checkbox value or assign an empty string if the box was not checked
$nyCheckbox = $_POST['c1'] ?? '';

Are HTML buttons with no values submitted in a form?

if you have
<button class="button yellow" type="submit"
name="button">Log in</button>
and you submit it, what gets posted to the server for the button which has a name but no value attribute?
The reason I ask is that I'm parsing HTML forms, and need to post the named values that send data to the server. I got the others covered, but wasn't sure about button.
According to the HTML Spec, a button's value is either determined by its value attribute or is an empty string. A button's value is only submitted with the form if the button has a name and is used to initiate form submission. If the button in your example is clicked, the resultant submission will be:
"button=" (quotes added)
Some browsers (mainly older IE versions) have incorrect implementations of this button behaviour that either set the value to the button's contents or submit all button values regardless of initiation source.
button does not get posted to server when the form is posted. Only input type's like text, password, select elements etc., which accepts user inputs will be posted to the server
Button never supplies value to form. It just provides a submit event that tells the browser to submit that form with all the input tags to the action attribute inside your form tag using the method attribute value. Button only provides the event and not the values.
There will be nothing posted to the server for buttons. When you click a button, it invokes the action of submit, that is all.
I tried it out by printing the request.POST in django.
This image shows a "Log in" button with no value but name="button", as asked
The console shows
< QueryDict: {u'csrfmiddlewaretoken': [u'9aAx..'], u'sensor': [u'sd1'], u'button':[u'']}>
So, in this case, the form is sent as a dictionary and for the buttons the key, value pair is "button" : " ". So, if you try to get value of this button with request.POST.get, you will get NULL.
So, the answer to your question is the form consolidates all the input values, which can be accessed with their 'name' including buttons. If no value is provided, it returns NULL.

Why Firefox autocomplete even with different input name?

Or How does Firefox determine where the password/username goes?
If I change name, id, title, class of an input element Firefox keeps filling it with password or email.
If I understand Firefox's source code correctly, the browser first looks for password fields in forms. If form contains more than 3 password fields, the autofill function ignores that form.
After 1 to 3 password fields are found, the browser looks for login field. The browser does a backward search starting from first password field and assumes that the login field is the first found field of the type text or email or url or tel or number.
Next step depends if we check the forms on page load or when submitting the form.
If we check during page load and there is a login field and exactly ONE password field, the case is simple and the browser can fill out the form.
Other cases (form submit or more than 1 password field) do some “smart” logic to determine which password field contains new password and which one the old password, probably to update stored passwords). If you're interested in details, download the source code and open toolkit/components/passwordmgr/nsLoginManager.js file. Functions to check are _fillForm, _getFormFields and _getPasswordFields.
Just to summarize, Firefox doesn't need any ID, name or class attributes to guess which field is login or password. It just relies on types and the order of form fields.
I tried a simple solution that is working so far. Create 2 hidden fields and the browser will autofill those.
<input type="text" style="display: none">
<input type="password" style="display: none">
Looks like using a disabled input text between login and password inputs does the trick well :
<input type="text" disabled="disabled" style="display:none">
Are those the only two elements on the form? Firefox is likely storing the structure of the form (two input boxes, one flagged as normal, one flagged as password) and filling in saved information without respect to the ID of the input elements.
Try this: add an extra input element to the form and see what happens. Either Firefox will not fill in anything, or you'll find your name in the first field and the password field filled in, while the second input element is blank.

Updating a form field with a link

I have access to form field in the administrative view.
Example
<label>Number:</label>
<input type="text" name="title" size="50"/><br/>
I do not have access to modify the html syntax, the only thing i can do is updating the form field with a value.
In the form field i want to update it with a number. I also want to have a link assigned to that number.
So when i click that number it directs us to the link.
Is there a way i can do that?
This method is tedious, but you could use the jQuery nth-selector to select the specific form element that you are dealing with.
http://api.jquery.com/nth-child-selector/
This method is risky, however, since you might add other form elements before it, altering the index of your target input element.
Afterwords, you could use the .val() jQuery method to change your input value.
Nonetheless, again, this method is not safe because the index of the form element could change. I would beg the powers of be to be able to add an ID or some identifying attribute to that form element.

HTML input field disable input but still POST

Basically i want a disable text field to show the value stored in a database but i don't want it to be editable by the user.
i've tried using disabled="disabled" but then it no longer POST to my form handler...
Any suggestions?
thanks
docu:
In this example, the INPUT element is
disabled. Therefore, it cannot receive
user input nor will its value be
submitted with the form.
why do you need the value? then try the readonly-attribute instead of disabled or go for another hiddenfield.
edit:
it's not fully clear to me, if you use asp.net, bu if so, you could just do
<form submitdisabledcontrols="true" runat="server">
you may give it a try :)
If you insist on using a disabled field, you can enable it during form submission by handling the form onsubmit event, where you will enable the field and submit the form.
A second option would be to use a readonly field which you may cleverly make look as disabled via CSS.
A third option would be to use a disabled and a hidden field. Rename your disabled field to something irrelevant and use the original field's name for the hidden one.
Take your pick.