It appears that when I use an html form to make a "Content-Type: multipart/form-data" POST request, the fields always appear in the order in which they are listed in the HTML. In practice, do all browsers do this?
The primary motivation for wanting to know this is so I can do server-side validation of form data w/o being required to cache the entire HTTP request in RAM | disk first.
I know CGI, PHP, etc typically won't do anything 'til the upload completes. Probably because RFC 2388 section 5.5 addresses this issue by saying the order is not defined. I'm working w/ a highly customized fork of thttpd and handling the upload w/ C code built right into the server. So I don't care what most servers do.
What I want to know, is if I go out on a limb and assume an order, will I get burned by that assumption?
Take this form for example:
<form id="formUpload"
target = "uploadTarget"
method = "post"
action = "/bin/upload"
enctype= "multipart/form-data" >
<input type="hidden" id="inUser" name="user" />
<input type="hidden" id="inDest" name="dest"/>
<input type="file" id="inFile" name="file" />
<input type="button" value="Upload" onclick="uploadFile();" />
<iframe id="uploadTarget" name="uploadTarget" src="" style="width:0;height:0;border:0px"/>
</form>
The 'uploadFile()' function will fill in the user & dest fields before invoking submit(). I would like to validate user & dest server side as well, before recv()-ing the entire HTTP request body.
Yes:
The parts are sent to the processing agent in the same order the corresponding controls appear in the document stream. Part boundaries should not occur in any of the data; how this is done lies outside the scope of this specification.
http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4
Related
i assume this is a noob question, so sorry.
I'm trying to write this HTML-Page with a "form" that will work like a link on my raspberry pi.
So I used this code:
<form action="http://192.168.178.62/graph.pl?type=week">
<input type="submit" value="Blah" />
</form>
But instead of ending up at the adress I wrote in the code, I end up here: http://192.168.178.62/graph.pl? ("type=week" is missing, its just cut off)
Why is that, and how can I fix it?
thanks a lot!
When you submit a form with method="GET" (which is the default) then a new query string will be generated from the names and values of the successful form controls (since you don't have any, it will be empty). The new (empty) query string will replace the one in the action.
Options:
Use a link. (This is the best option. You aren't collecting any data from the user. You aren't making a POST request).
Move the data from the action to <input type="hidden" ...> elements.
I have a form:
<form method="GET">
<input type="text" value="hello" name="myname" />
</form>
If this form is submitted, I will end up at:
example.com/?myname=hello
What I would prefer is that when this gets submitted, I end up at:
example.com/hello
Is this possible?
No, you cannot change the way form submission works in HTML. (Using JavaScript, you can do transactions in a different way, without using HTML form submission.) When using method="GET", the URL gets constructed in a specific way; when using method="POST", the URL does not contain submitted data at all (it is sent outside the URL).
There is a trick that changes form submission in one way, but not quite the way you want. If the name of a control is isindex, then the control name and the equals sign are omitted; but the question mark is still there. That is, <input type="text" value="hello" name="isindex" /> would result in http://www.example.com/?hello. And Chrome has broken this when they removed the remainders of support to the isindex element.
If, for some special reason, you really need to make a form create requests like http://example.com/hello, then the simplest way is to set up a very simple server-side script that accepts normal requests that result from HTML forms and just passes them forward after modifying the URL in a simple way.
I was always confused about what the 'name' attribute did in html forms. From the textbook I read (html and css, design and build webpages by John Duckett), this is what it said about the 'name' attribute.
When users enter information
into a form, the server needs to
know which form control each
piece of data was entered into.
(For example, in a login form, the
server needs to know what has
been entered as the username
and what has been given as the
password.) Therefore, each form
control requires a name attribute.
The value of this attribute
identifies the form control and is
sent along with the information
they enter to the server.
From reading this, I always thought that, say in the database there is a field called "theUsersPasswordField" and a field called "theUsersUsernameField". I thought that, suppose there is a registration form, then the form would be like:
<form action="aURL" method="post">
<p>Please enter what you want your Username to be:</p>
<input type="submit" name="theUsersUsernameField" />
<p>Please enter what you want your Password to be:</p>
<input type="password" name="theUsersPasswordField" />
</form>
and then this way, when the information is sent to the database, it will know which information to put in the 'theUsersPasswordField" and which information to put in the "theUsersUesrnameField". Am I wrong?
What does name="next" mean? I see it often when I look at html forms, for example, here in this Django tutorial I am doing:
<form method="post" action=".">
<p><label for="id_username">Username:</label></p>
<p><label for="id_password">Password:</label></p>
<input type="hidden" name="next" value="/" />
<input type="submit" value="login" />
</form>
In the tutorial I am doing, it says that
The html form contains a submit button and a hidden
field called next. This hidden variable contains a URL that tells the view where to
redirect the user after they have successfully logged in
now, how is 'next' a url? When I run the code, the form does in fact successfully redirect to the main page, but how does it know to redirect to the main page? Why does name='next'?
And how does the server know which information to treat as the username and which information to treat as the password? I though that that is what the 'name' attribute is used for?
The name attribute in a control element like input assigns a name to the control. It has two basic effects: 1) a control needs a name in order to be “successful”, which means that a name=value pair from it will be included into the form data when the form is submitted; and 2) the attribute specifies what will be included as the first part of the name=value pair.
It is entirely up to the server-side form handler what (if anything) it will do with the name=value pairs in the form data. They might have a simple correspondence in some database, but that’s just one possibility. And form handling need not be database-based at all.
The name attribute values have no predefined meaning in HTML. They are just strings selected for use in this context, and they may be descriptive or mnemonic, or they may not.
However, the choice of name attribute values may have side effects. Browsers may give the user a menu of previously entered data so that if you fill e.g. several forms (possibly in different sites) that have a control named email, you might be able to enter your email address just once and then accept whatever the browser suggests as input. This may be seen as a convenience or as a threat to data security. There is proposed set of “standard” names for many purposes in HTML5 CR.
For completeness, it needs to be added that in browser practice and according to HTML5 CR description of name, two names have a special meaning: _charset_ and isindex.
The name next is in no way special, but in this context, it appears to specify the next page to move to. It is defined for a hidden field, so it takes effect independently of user input.
and then this way, when the information is sent to the database, it will know which information to put in the 'theUsersPasswordField" and which information to put in the "theUsersUesrnameField". Am I wrong?
You have to write a script (for example in php) that will put the right values from your form (they are in the $_POST array) into the databse.
in your example $_POST['theUsersUsernameField'] will hold the username
<form method="post" action=".">
<p><label for="id_username">Username:</label></p>
<p><label for="id_password">Password:</label></p>
<input type="hidden" name="next" value="/" />
<input type="submit" value="login" />
</form>
how is 'next' a url?
next is not the url.
the action="." is the url to wich the form redirects.
/ is the value that the script will evaluate to see what it has to do. (Normally you will have to change this into something else like 'check password')
In the $_POST[] array there will be a key $_POST['next'] and the value will be /
I am not familiar with Django but I hope this helps
Normally an HTML form sends query parameters as key-value pairs like this:
http://blabla/?something=something&this=that
But what I need is a form that generates a URL with one of the query keys omitted:
http://blabla/?something&this=that
As far as I can tell, a missing or empty name attribute does not quite provide what I expect:
<input type="hidden" name="" value="myvalue"/>
Leads to this, with an equals sign that I don't want:
http://blabla/?=myvalue
I know it's not good practice to do this, but I need to interface with an existing poorly-designed system.
If you need the attribute to not have a value, shouldn't you do something like this instead?
<input type="hidden" name="something" value=""/>
which would produce the URL http://blabla/?something=&this=that that you are looking for, only with the '=' after something. Or, just leave it out entirely (ie, do not define an input type hidden) and you would get the URLhttp://blabla/?this=that ...
Maybe I'm missing the point here, but either just don't submit that value or set it to null prior to submitting the form. It's not good practice to have an input without a name, so keep the name.
Obviously, we don't know how the script that accepts the form input is setup, but in my experiences unless some sort of crazy server-side validation was setup, it shouldn't bark at you.
These answers make sense logically, but unfortunately this system is very picky about which characters it will accept and any spurious equals signs give it trouble. It's an Innovative Interfaces library OPAC, by the way.
I figured out one way to do it, which is by not submitting the form at all but using JavaScript to inject the contents of the text box into a dynamically-generated URL and then opening that using window.location:
<form name="search_form" method="get" action="">
<input type="text" size="30" maxlength="100"/>
<input type="submit" value="Search" />
</form>
<script type="text/javascript">
window.onload = function() {
document.search_form.onsubmit = function() {
var term = document.search_form.elements[0].value;
var url = "http://blabla/search/X?d:(electronic books) and ("
+ term + ")&searchscope=1";
window.location = url;
}
}
</script>
I don't do much JavaScript and this will certainly cause alarm to anyone mindful of accessibility and web standards compliance. However, rest assured it is no worse than any of the rest of the javascriptaghetti that is part of this system.
I have a form to sign up to getting a rss feed through Feedburner.
this is the code -
<form action="http://feedburner.google.com/fb/a/mailverify" method="post">
<p><input name="email" type="text" /></p>
<input name="uri" type="hidden" value="dafyomi" /><input name="loc" type="hidden" value="en_US" /><input type="submit" value="click here to send" /></form>
<p> </p>
I want it to also sent the form data to a new window, and also change the window the user is on now - to a thank you page on the site.
Any ideas?
Thanks!
In clean HTML — impossible.
You can use JavaScript for this but it's ugly, breaks usability and probably most browsers will block it thinking you're trying to show an advertisement.
And as forcing opening a new window/tab/whatever is getting deprecated too, some browser may even ignore your ‘new window’ and try to open the thing in current tab. This would lead to undefined behavior of it trying to open two things in same window.
You may think about using one target page and <object/> or frames to display another if that's important. But that's not very usable too.
PS. And in all cases, the form can be submitted only to one of the pages. The second one will be plain GET.
I would like to suggest to use jQuery Ajax Form Plugins for this case. You can done two actions with one form submit by this way...
$('form').submit(function() {
$(this).ajaxSubmit({
url: myurl, //ajax request to myurl
success: function() {
return true; //submit form
}
});
return false;
});
I would add the "Thank you!"-phrase to the results page - after all, it can only be a line or two long, right?
If you feel that is not an option, you might want to do the something like this instead:
Form submits to server, and relevant data required to view the results page are saved in a Session
Redirect to Thank You-page, with a link to the results page.
Link triggers GET-request for the results page, and the results can be shown thanks to the Session variable.
If the page should only be available once, abandon the session.