How to prevent URL encoding while using FORM and INPUT - html

How can I prevent the URL I put in my forms and inputs from being encoded?
Code (JADE):
form(method="get" action="http://whateverdomain.com/blabla?")
input(type="text" name="action=basic&searchstr" size="31" value)
^That spits out this:
"http://whateverdomain.com/blabla?action%3Dbasic%26searchstr=mySearchQuery"
And that doesn't work — Which is why I'm asking for help here.
Context:
I'm trying to make myself a custom 'New Tab' page with search boxes connected to the sites (forums, etc) I often use.
Thanks in advance!

When using a form with methot="get", all your form elements' names and values will be appended to the query string of the action URI for the request that is issued when you submit the form.
When building the query string, the browser will percent-encode the names of the form fields.
If you have any query string parameters that you want to hardcode in the request URI, either add them as hidden form fields:
<form action="blabla">
<input type="hidden" name="action" value="basic" />
...
Or add them to the query string of the action URI:
<form action="blabla?action=basic" ...>

Related

HTML Form as link is corrupting the adress

i assume this is a noob question, so sorry.
I'm trying to write this HTML-Page with a "form" that will work like a link on my raspberry pi.
So I used this code:
<form action="http://192.168.178.62/graph.pl?type=week">
<input type="submit" value="Blah" />
</form>
But instead of ending up at the adress I wrote in the code, I end up here: http://192.168.178.62/graph.pl? ("type=week" is missing, its just cut off)
Why is that, and how can I fix it?
thanks a lot!
When you submit a form with method="GET" (which is the default) then a new query string will be generated from the names and values of the successful form controls (since you don't have any, it will be empty). The new (empty) query string will replace the one in the action.
Options:
Use a link. (This is the best option. You aren't collecting any data from the user. You aren't making a POST request).
Move the data from the action to <input type="hidden" ...> elements.

Using Form Submissions to Build URLs without using values as URL paramters

Consider a simple HTML form with one input. And this form sends the parameters to a freemarker function.
<form action="${getURL('')}" method="GET">
<input type="hidden" name="lang" value="AR">
<input type="submit" class="form_submit" value="View">
</form>
Freemarker function
<#function lang="" page="0">
<#if lang?? >
<#return '${context}/${lang?lower_case}?page=${page}'/>
<#else>
<#return '#' />
</#if>
</#function>
The problem I have is when use submit, the generated URL will always be like
www.example.com/?page=0&lang=ar
I have a different version of the freemarker function to generate a valid URL like
www.example.com?page=0&lang=ar
But what I want is to reduce URL parameters and go for sub-domain type URL structure with minimum number of URL parameters. Is it possible to generate a URL like
www.example.com/ar?page=0
using above mentioned form? Or form submissions with GET always create URLs with URL parameters?
Please ignore the syntax errors in the code I just wanted to clarify my problem using the code snippet. And I do not want to use any scripting to get this done (javascript, jquery). Any clarification is highly appreciated.

How to post and store data

I've coded a simple form using HTML5 and CSS3 with a submit button.
My questions are:
Where is sent the form-data when the form is submitted by a client?
What data gets sent to the server?
And finally, do I need the <form> action attribute in the HTML5 markup?
1.
<form> has attribute action and here you can describe where your data will be send for example:
<form action="/something_action_on_your_server">
2.
Data which will be send is located in name attriubte of <input>, for example:
<form action="/something_action_on_your_server">
<input name="first_name" >
</form>
and if you submit your form, something action get data like: {name: 'something value from input'}
3.GET is HTTP method, which is used to visit page or send something public information, if you want send something private information you have to use POST method instead GET
for example:
<form action="/something_action_on_your_server" method='get' >
4. You don't have to set action attribute, but if you will not do it, your form will be send to your current page :)

html forms - why do I often see <input name="next" />? Clarification on what the 'name' attribute does

I was always confused about what the 'name' attribute did in html forms. From the textbook I read (html and css, design and build webpages by John Duckett), this is what it said about the 'name' attribute.
When users enter information
into a form, the server needs to
know which form control each
piece of data was entered into.
(For example, in a login form, the
server needs to know what has
been entered as the username
and what has been given as the
password.) Therefore, each form
control requires a name attribute.
The value of this attribute
identifies the form control and is
sent along with the information
they enter to the server.
From reading this, I always thought that, say in the database there is a field called "theUsersPasswordField" and a field called "theUsersUsernameField". I thought that, suppose there is a registration form, then the form would be like:
<form action="aURL" method="post">
<p>Please enter what you want your Username to be:</p>
<input type="submit" name="theUsersUsernameField" />
<p>Please enter what you want your Password to be:</p>
<input type="password" name="theUsersPasswordField" />
</form>
and then this way, when the information is sent to the database, it will know which information to put in the 'theUsersPasswordField" and which information to put in the "theUsersUesrnameField". Am I wrong?
What does name="next" mean? I see it often when I look at html forms, for example, here in this Django tutorial I am doing:
<form method="post" action=".">
<p><label for="id_username">Username:</label></p>
<p><label for="id_password">Password:</label></p>
<input type="hidden" name="next" value="/" />
<input type="submit" value="login" />
</form>
In the tutorial I am doing, it says that
The html form contains a submit button and a hidden
field called next. This hidden variable contains a URL that tells the view where to
redirect the user after they have successfully logged in
now, how is 'next' a url? When I run the code, the form does in fact successfully redirect to the main page, but how does it know to redirect to the main page? Why does name='next'?
And how does the server know which information to treat as the username and which information to treat as the password? I though that that is what the 'name' attribute is used for?
The name attribute in a control element like input assigns a name to the control. It has two basic effects: 1) a control needs a name in order to be “successful”, which means that a name=value pair from it will be included into the form data when the form is submitted; and 2) the attribute specifies what will be included as the first part of the name=value pair.
It is entirely up to the server-side form handler what (if anything) it will do with the name=value pairs in the form data. They might have a simple correspondence in some database, but that’s just one possibility. And form handling need not be database-based at all.
The name attribute values have no predefined meaning in HTML. They are just strings selected for use in this context, and they may be descriptive or mnemonic, or they may not.
However, the choice of name attribute values may have side effects. Browsers may give the user a menu of previously entered data so that if you fill e.g. several forms (possibly in different sites) that have a control named email, you might be able to enter your email address just once and then accept whatever the browser suggests as input. This may be seen as a convenience or as a threat to data security. There is proposed set of “standard” names for many purposes in HTML5 CR.
For completeness, it needs to be added that in browser practice and according to HTML5 CR description of name, two names have a special meaning: _charset_ and isindex.
The name next is in no way special, but in this context, it appears to specify the next page to move to. It is defined for a hidden field, so it takes effect independently of user input.
and then this way, when the information is sent to the database, it will know which information to put in the 'theUsersPasswordField" and which information to put in the "theUsersUesrnameField". Am I wrong?
You have to write a script (for example in php) that will put the right values from your form (they are in the $_POST array) into the databse.
in your example $_POST['theUsersUsernameField'] will hold the username
<form method="post" action=".">
<p><label for="id_username">Username:</label></p>
<p><label for="id_password">Password:</label></p>
<input type="hidden" name="next" value="/" />
<input type="submit" value="login" />
</form>
how is 'next' a url?
next is not the url.
the action="." is the url to wich the form redirects.
/ is the value that the script will evaluate to see what it has to do. (Normally you will have to change this into something else like 'check password')
In the $_POST[] array there will be a key $_POST['next'] and the value will be /
I am not familiar with Django but I hope this helps

What does an entry "action='?'" in html form mean?

I have found an entry in html file
'<form action="?" ... '
I do not understand what it does.
Search in Google returned no results. Actually it is a Django template file, but I didn't find anything in django template documentation.
It uses the current URL with an empty query string as the action of the form. An empty query string. Empty. Meaning no query string at all. The query string will be no more. It will not be used. It will be gone. There will be no more query string after submitting the form. The query string will have vanished. Disappeared. Gone away. Become no more.
The action= atrribute has only value. i.e URL.
In simple english once your form is processed and you hit a submit button or enter you will be redirected to the URL you give to the action attribute
Example:
<form action="demo_form.asp" method="get">
First name: <input type="text" name="fname"><br>
Last name: <input type="text" name="lname"><br>
<input type="submit" value="Submit">
</form>
In the case of you question, if the action is "?" then the returned hash-string will be current URL plus "/?" appended which will take you back to the same page you were on.
action="" will resolve to the page's address. action="?" will resolve to the page's address + ?, which will mean an empty fragment identifier.
Doing the latter might prevent a navigation (new load) to the same page and instead try to jump to the element with the id in the fragment identifier. But, since it's empty, it won't jump anywhere.
Usually, authors just put # in href-like attributes when they're not going to use the attribute where they're using scripting instead. In these cases, they could just use action="" (or omit it if validation allows).
'<form action="?" ... ' strips the query string off of the URL when submitting the form, and submits the form to the current document address (i.e. itself).
Here is what that means:
Let's use the following URL as example:
ExampleSite.com**?SearchTerm1=chocolate&SearchTerm2=cake**
This URL contains the query string
'?SearchTerm1=chocolate&SearchTerm2=cake'
and sends that query string to the web site server, attached to the URL.
Sometimes, you want to ensure that the URL being passed to the server is stripped of any query strings (i.e. the query is string is removed completely) and only the URL is passed.
Let's say you bookmarked the page, using the full URL and query string ExampleSite.com?SearchTerm1=chocolate&SearchTerm2=cake****
Now you get to that page, and there is a search form.
You decide to use the search form to search for something new...
'<form action="?" ... ', as used above, removes the query string from the URL when the form is submitted, and submits the form to the same page that it came from (usually a 'controller' (a page with programming that determines what to do with the information sent to it by the user) ).
<form name="test" action="process.php" method="get">
<input type="submit" value="Submit">
The action used here will take you to the process.php page after clicking the submit button.
In short the action= is used to go to the specified page(mentioned in the action=) after filling the form and submitting.
When we don't know the url to go by submit the form we can specify
like this, It will reload the same page by appending question mark(?)
to url.
I.e, Form is submitted for same page itself. It identifies
form is reloaded.
Note: We can leave action property blank, even though it will work!
action is an attribute used in forms to specify the URL of the file that will process the input control when form is submitted