Assigning form variable value to html element - html

I have a search bar. Entering text in it and clicking search takes you to another page which displays the search results.
Issue is, this search bar is visible at the top of every page in the application and is not a part of any particular page(including the search page).
As per the requirement, I am required to show the old search string in the search bar. Something like google.

In the file that actually displays your search form you could add the following (assuming the form field name is 'search'
<cfparam name="form.search" default="" />
<input type="text" name="search" value="#HTMLEditFormat(form.search)#" ... />
Make sure the INPUT has CFOUTPUT tags around it as well. Also, use HTMLEditFormat() when outputing input variables, otherwise you are opening yourself to injection attacks.

If you're posting the form then:
<input ... value='#form.FieldName#' />
If you're passing it through the url then:
<input ... value='#url.FieldName#' />
Use ifs or cfparams to your likening to control how it's displayed.

Related

Why does my HTML form's action tag ignore it's other GET-variables generated by JSP?

I have a HTML form whose action tag redirects to the same page, with appended variables generated by JSP (the variables print existing variables), but when I use the form it only shows the current URL with only the variable from the form, so the other, JSP generated, variables are missing. My (simplified) form looks like this:
<form id="tfnewsort" method="get" action="./index.jsp?categorie=<% out.println(categorie); %>&minprijs=<% out.println(stringminprijs); %>&maxprijs=<% out.println(stringmaxprijs); %>">
<select name="sorteermethode" id="sortselect">
<option value="date_added">
Datum oplopend
</option>
</select>
</form>
As you can see, it should redirect to a URL created by printing some variables and appending it's own variable ("sorteermethode") to the end of the URL. Now, when I actually use it, it redirects to something like 'http://localhost:8080/webshop/index.jsp?sorteermethode=name', essentially ignoring the other variables and replacing it by it's own variable, instead of appending it to the end of the URL. Does anyone know what I'm doing wrong (besides using JSP scriplets) and/or how to solve this?
I would greatly appreciate any help!
The form data generates a new query string. This replaces the existing one.
If you want to put extra data in it, then put it in hidden input elements instead of the action.
Use it as hidden input fields, as both the query string and the <form>'s method is also GET.
<input type="hidden" name="categorie" value="<% out.println(categorie); %>" />
<input type="hidden" name="minprijs" value="<% out.println(stringminprijs); %>" />
<input type="hidden" name="maxprijs" value="<% out.println(stringmaxprijs); %>" />
You should add the other variables as hidden input elements. The point of GET is to add all the input values to the querystring, it does not merge them with the current action.

Any way to force a form to submit fields differently without using Javascript?

I have a form:
<form method="GET">
<input type="text" value="hello" name="myname" />
</form>
If this form is submitted, I will end up at:
example.com/?myname=hello
What I would prefer is that when this gets submitted, I end up at:
example.com/hello
Is this possible?
No, you cannot change the way form submission works in HTML. (Using JavaScript, you can do transactions in a different way, without using HTML form submission.) When using method="GET", the URL gets constructed in a specific way; when using method="POST", the URL does not contain submitted data at all (it is sent outside the URL).
There is a trick that changes form submission in one way, but not quite the way you want. If the name of a control is isindex, then the control name and the equals sign are omitted; but the question mark is still there. That is, <input type="text" value="hello" name="isindex" /> would result in http://www.example.com/?hello. And Chrome has broken this when they removed the remainders of support to the isindex element.
If, for some special reason, you really need to make a form create requests like http://example.com/hello, then the simplest way is to set up a very simple server-side script that accepts normal requests that result from HTML forms and just passes them forward after modifying the URL in a simple way.

html forms - why do I often see <input name="next" />? Clarification on what the 'name' attribute does

I was always confused about what the 'name' attribute did in html forms. From the textbook I read (html and css, design and build webpages by John Duckett), this is what it said about the 'name' attribute.
When users enter information
into a form, the server needs to
know which form control each
piece of data was entered into.
(For example, in a login form, the
server needs to know what has
been entered as the username
and what has been given as the
password.) Therefore, each form
control requires a name attribute.
The value of this attribute
identifies the form control and is
sent along with the information
they enter to the server.
From reading this, I always thought that, say in the database there is a field called "theUsersPasswordField" and a field called "theUsersUsernameField". I thought that, suppose there is a registration form, then the form would be like:
<form action="aURL" method="post">
<p>Please enter what you want your Username to be:</p>
<input type="submit" name="theUsersUsernameField" />
<p>Please enter what you want your Password to be:</p>
<input type="password" name="theUsersPasswordField" />
</form>
and then this way, when the information is sent to the database, it will know which information to put in the 'theUsersPasswordField" and which information to put in the "theUsersUesrnameField". Am I wrong?
What does name="next" mean? I see it often when I look at html forms, for example, here in this Django tutorial I am doing:
<form method="post" action=".">
<p><label for="id_username">Username:</label></p>
<p><label for="id_password">Password:</label></p>
<input type="hidden" name="next" value="/" />
<input type="submit" value="login" />
</form>
In the tutorial I am doing, it says that
The html form contains a submit button and a hidden
field called next. This hidden variable contains a URL that tells the view where to
redirect the user after they have successfully logged in
now, how is 'next' a url? When I run the code, the form does in fact successfully redirect to the main page, but how does it know to redirect to the main page? Why does name='next'?
And how does the server know which information to treat as the username and which information to treat as the password? I though that that is what the 'name' attribute is used for?
The name attribute in a control element like input assigns a name to the control. It has two basic effects: 1) a control needs a name in order to be “successful”, which means that a name=value pair from it will be included into the form data when the form is submitted; and 2) the attribute specifies what will be included as the first part of the name=value pair.
It is entirely up to the server-side form handler what (if anything) it will do with the name=value pairs in the form data. They might have a simple correspondence in some database, but that’s just one possibility. And form handling need not be database-based at all.
The name attribute values have no predefined meaning in HTML. They are just strings selected for use in this context, and they may be descriptive or mnemonic, or they may not.
However, the choice of name attribute values may have side effects. Browsers may give the user a menu of previously entered data so that if you fill e.g. several forms (possibly in different sites) that have a control named email, you might be able to enter your email address just once and then accept whatever the browser suggests as input. This may be seen as a convenience or as a threat to data security. There is proposed set of “standard” names for many purposes in HTML5 CR.
For completeness, it needs to be added that in browser practice and according to HTML5 CR description of name, two names have a special meaning: _charset_ and isindex.
The name next is in no way special, but in this context, it appears to specify the next page to move to. It is defined for a hidden field, so it takes effect independently of user input.
and then this way, when the information is sent to the database, it will know which information to put in the 'theUsersPasswordField" and which information to put in the "theUsersUesrnameField". Am I wrong?
You have to write a script (for example in php) that will put the right values from your form (they are in the $_POST array) into the databse.
in your example $_POST['theUsersUsernameField'] will hold the username
<form method="post" action=".">
<p><label for="id_username">Username:</label></p>
<p><label for="id_password">Password:</label></p>
<input type="hidden" name="next" value="/" />
<input type="submit" value="login" />
</form>
how is 'next' a url?
next is not the url.
the action="." is the url to wich the form redirects.
/ is the value that the script will evaluate to see what it has to do. (Normally you will have to change this into something else like 'check password')
In the $_POST[] array there will be a key $_POST['next'] and the value will be /
I am not familiar with Django but I hope this helps

Preinput Form Non Submitable Form Value- HTML

<input name="price" id="asdprice" value="" type="text">
I do not wish to use any JS if possible
As you can see the value field is empty, and I do not want to prefill it as it will be submitable.
What I want is a prefilled text area, with lets say
http://www.
as i would like that to be a valid format for that field, normally such filled input will be less opaque.
You can display a hint for the user to enter a valid URI using an input placeholder attribute:
<input name="price" id="adsprice" type="text" placeholder="http://">
However the placeholder text will disappear once the field comes into focus. You should be aware that users will enter all kinds of rubbish into form fields, so always validate the input on the server-side and prepend the http:// if it's missing.
BTW, there are valid URIs that do not begin with http://www. and not all sites redirect the www. subdomain as you would expect.

What does an entry "action='?'" in html form mean?

I have found an entry in html file
'<form action="?" ... '
I do not understand what it does.
Search in Google returned no results. Actually it is a Django template file, but I didn't find anything in django template documentation.
It uses the current URL with an empty query string as the action of the form. An empty query string. Empty. Meaning no query string at all. The query string will be no more. It will not be used. It will be gone. There will be no more query string after submitting the form. The query string will have vanished. Disappeared. Gone away. Become no more.
The action= atrribute has only value. i.e URL.
In simple english once your form is processed and you hit a submit button or enter you will be redirected to the URL you give to the action attribute
Example:
<form action="demo_form.asp" method="get">
First name: <input type="text" name="fname"><br>
Last name: <input type="text" name="lname"><br>
<input type="submit" value="Submit">
</form>
In the case of you question, if the action is "?" then the returned hash-string will be current URL plus "/?" appended which will take you back to the same page you were on.
action="" will resolve to the page's address. action="?" will resolve to the page's address + ?, which will mean an empty fragment identifier.
Doing the latter might prevent a navigation (new load) to the same page and instead try to jump to the element with the id in the fragment identifier. But, since it's empty, it won't jump anywhere.
Usually, authors just put # in href-like attributes when they're not going to use the attribute where they're using scripting instead. In these cases, they could just use action="" (or omit it if validation allows).
'<form action="?" ... ' strips the query string off of the URL when submitting the form, and submits the form to the current document address (i.e. itself).
Here is what that means:
Let's use the following URL as example:
ExampleSite.com**?SearchTerm1=chocolate&SearchTerm2=cake**
This URL contains the query string
'?SearchTerm1=chocolate&SearchTerm2=cake'
and sends that query string to the web site server, attached to the URL.
Sometimes, you want to ensure that the URL being passed to the server is stripped of any query strings (i.e. the query is string is removed completely) and only the URL is passed.
Let's say you bookmarked the page, using the full URL and query string ExampleSite.com?SearchTerm1=chocolate&SearchTerm2=cake****
Now you get to that page, and there is a search form.
You decide to use the search form to search for something new...
'<form action="?" ... ', as used above, removes the query string from the URL when the form is submitted, and submits the form to the same page that it came from (usually a 'controller' (a page with programming that determines what to do with the information sent to it by the user) ).
<form name="test" action="process.php" method="get">
<input type="submit" value="Submit">
The action used here will take you to the process.php page after clicking the submit button.
In short the action= is used to go to the specified page(mentioned in the action=) after filling the form and submitting.
When we don't know the url to go by submit the form we can specify
like this, It will reload the same page by appending question mark(?)
to url.
I.e, Form is submitted for same page itself. It identifies
form is reloaded.
Note: We can leave action property blank, even though it will work!
action is an attribute used in forms to specify the URL of the file that will process the input control when form is submitted