Is there any way to send data from one HTML page to another using basic HTML without using JavaScript and PHP?
It's easy to "send" data:
Send
but there is no way for the receiving page to parse it without a server-side application or JavaScript. (Or Flash, or a Java applet, or an ActiveX control....)
html only purpose is to show content. It is not designed for getting and passing data. you need server side script to do that.
Good answers. Pekka and Andre really nailed it.
In order to pass data from HTML form fields to your web application:
1) You can manually build a link with query string variables (basically Pekka's example)
Submit
2) Or, to retrieve data typed in by the user (which is typically what you want), you can use the GET method
<form action="signup.pl" method="get">
Name: <input type="text" name="name" />
<input type="submit" />
</form>
Either way, you end up with a post to the web server with the same URL (provided the user typed "john"):
http://www.mycatwebsite.com/signup.pl?name=john
(or you can use POST instead of GET, but then query string variables don't show up in the URL)
But in order to read and process it, as already mentioned, you need a server side programming language.
Even the first dynamic websites back in the 90's used CGI Perl scripts, or even ANSI C, to process data. Here's a simple Perl example:
HTML Forms POST, GET
Now of course there are many web application languages (and frameworks) to choose from, such as PHP, Java, ASP.NET, Ruby, Python, etc. But they all adhere to the CGI convention of passing data back and forth (CGI Request/HTML response) between the web server (Apache, IIS) and the web site.
Common Gateway Interface
Dynamic website
You can prompt the user to enter data with a <form>, and you can add GET-query-parameters to your URL (index.php?foo=bar). But to work with the received data, you will need to use a programming language.
You can send data but can't process sent data. For it you must use PHP, javascript or something similar...
Related
I have a simple web server going on an Atmel embedded processor. It's a Cortex M4 and it's only running FreeRTOS as an OS; this is not a high powered processor.
I can have it [the Atmel processor] serve up a page by typing in Firefox:
192.168.0.200
This renders a page with drop down boxes and a submit button that enables me to pass data back to the server to control the hardware.
I am using the follwing kind of HTML. Please note, it looks slightly odd because it's in a C string:
"<form> \
<select name=\"group\"> \
<option value=\"10\">10</option> \
<option value=\"11\">11</option> \
<option value=\"12\">12</option> \
<option value=\"Broadcast\">255</option> \
</select> \
<input type=\"submit\" value=\"Submit\"> \
</form>"
You can see that, in its address bar, the browser then has something like:
192.168.0.200/?group=4
When the web server on the emebedded processor gets that message in, I can happily parse the line, extract a group number and act on it.
However, I have to send back another page to the browser when I get the
192.168.0.200/?group=4
message into the Atmel processor. Otherwise I get a timeout message. I can happily send the original page back again and it essentially works, but sending the page back resets the values of what the drop down boxes have changed to.
Is there a way of making the browser send a message that the server can parse, but not have to send out the full page again? I guess I'm needing to use something like a POST command, but I don't know how to do that from a web page. I should say that I am experienced in C, but have no HTML knowledge other than what I have learnt in the last few days, so it may be something easy that it completely eluding me from cramming in all this learning this week!
I don't want to/assume I can't use Javascript, because I have such a simple server I need to keep it as simple as possible.
Thanks!
Is there a way of making the browser send a message that the server can parse, but not have to send out the full page again?
Forget about the browser.
Have the server respond with a 204 No Content response instead of a 200 OK response.
If the client is a user agent, it SHOULD NOT change its document view from that which caused the request to be sent. This response is primarily intended to allow input for actions to take place without causing a change to the user agent's active document view, although any new or updated metainformation SHOULD be applied to the document currently in the user agent's active view.
I don't want to/assume I can't use Javascript, because I have such a simple server I need to keep it as simple as possible.
JavaScript runs client side. You don't need the server to do anything complicated to serve JS. You can even embed it in the HTML document.
You could use Ajax to solve your problem instead of a No Content response.
I have an HTML form in Rails like
<form name="input">
Title: <input type="text" name="title">
<input type="button" value="Submit">
</form>
I want title to be a required field (i.e. the user cannot leave it blank.) How can I verify that the user filled something in? Should I do it on the client side, or on the server side? My feeling is that doing on the client side would save communication to the server in the case that the user didn't fill it in.
You can do both, but should at least do it on the server. Remember that any client can easily circumvent any client-side validation, which leads to your code potentially breaking.
You can do it easily in the model with:
validates_presence_of :title
On the client there are various ways of how to do this. The simplest is perhaps using the required html5 attribute on the input tag. You can also use a javascript library like validatious, for which you can use this Rails plugin to automatically generate the client side validations based on your server-side validations.
If you want to be really on the safe side, you HAVE to do it on the server anyways. The client side validation is only for the sake of convenience.
You should do it on the client because it's more convenient to the user (a better user experience).
And, do it on the server in case client-side validation fails (because JavaScript is turned off, or there's a bug in client-side code, or an unsupported browser, or a malicious cracker trying to send garbage to your server, etc.).
Do validation on client side and server side..
Client side validation is not safe and can disbaled..,
Server side validation have to be performed and can not bypass
I have a field on my form, which I'd like to parse before sending to a Web server. Is it possible by using C functions provided by the web server?
I mean, suppose I have parse_field() function written in C, and the web server knows it and can call, so I do something like <% parse_field() %> on the page, the function shouls take the current contents of the field as an argument and return some parsed value, which will be POSTed to the server.
Is it possible, or not by all means? Or it is better to do with JavaScripts function (but I'm not very good with JS though :( )?
Thanks !
Is this classic ASP?
I wouldn't rely on Javascript for validation. You can't assume that everyone has JS enabled. You should implement server-side validation for graceful degradation, and then implement JS for client-side validation.
I'd suggest JavaScript, since it is server sided. Maybe you are trying to validate something? Have a look at this: http://flowplayer.org/tools/demos/validator/index.html
How can you make a form be able to fill a field with the url?
Example: if i have two fields, username and password, and my form is located at form.html how can I make form.html?username=example automatically fill in "example" in the username field.
The form would have to read variables from the URL and parse them, and then repost those values into a field. For instance, with PHP, it would be:
<?php $sName = $_GET['name']; ?>
...some HTML goes here...
<input type="text" id="name" name="name" value="<?= $sName ?>" size="60" />
This can also be done in jQuery by using location.href value to get the full URL, then split the URL into parts a few times with the split() function, and then use $('#name').val(sName) in jQuery to post the value into that field.
However, there are several security implications you have to consider. It is no longer advisable any more to take a raw GET value without running it through some XSS prevention steps:
http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
Here's something that malicious people may use against a site that works with raw GET values:
http://ha.ckers.org/xss.html
So beware.
OK, so the user puts this URL into his browser, a request is made to the server, and the page comes back to the user. There are two general approaches you can use to filling in the form details. 1. You can make it happen on the server. 2. You can make it happen on the client. If you want to make it happen on the server then you're going to need to use a server-side technology like ASP.NET, PHP, JSP, etc. If you want to make it happen on the client then you'll need a client-side technology that will almost certainly be javascript.
There's a whole lot more to say about this, including warnings about security holes like cross-site scripting, but I'll leave those for now.
The webserver language (e.g. PHP) must access the variables (e.g. $_GET["username"]) and supply them as values to the HTML fields. Don't forget to use method="get" in the HTML.
If your url is form.html, then how are you going to end up with form.html?username=example?
?username=example is a query string. If your submitting your form with a GET method, it will use a query string and append it to your url so the way you'd get form.html?username=example would be if a user entered their username as "example" and then submitted the form.
Even if I offer alternatives to PUT and DELETE (c.f. "Low REST"), how can I provide user-friendly form validation for users who access my web service from the browser, while still exposing RESTful URIs? The form validation problem (described below) is my current quandry, but the broader question I want to ask is: if I go down the path of trying to provide both a RESTful public interface and a non-javascript HTML interface, is it going to make life easier or harder? Do they play together at all?
In theory, it should be merely a matter of varying the output format. A machine can query the URL "/people", and get a list of people in XML. A human user can point their browser at the same URL, and get a pretty HTML response instead. (I'm using the URL examples from the microformats wiki, which seem fairly reasonable).
Creating a new person resource is done with a POST request to the "/people" URL. To achieve this, the human user can first visit "/people/new", which returns a static HTML form for creating the resource. The form has method=POST and action="/people". That will work fine if the user's input is valid, but what if we do validation on the server side and discover an error? The friendly thing would be to return the form, populated with the data the user just entered, plus an error message so that they can fix the problem and resubmit. But we can't return that output directly from a POST to "/people" or it breaks our URL system, and if we redirect the user back to the "/people/new" form then there is no way to report the error and repopulate the form (unless we store the data to session state, which would be even less RESTful).
With javascript, things would be much easier. Just do the POST in the background, and if it fails then display the error at the top of the form. But I want the app to degrade gracefully when javascript support isn't available. At the moment, I'm led to conclude that a non-trivial web app cannot implement an HTML interface without javascript, and use a conventional RESTful URL scheme (such as that described on the microformats wiki). If I'm wrong, please tell me so!
Related questions on Stack Overflow (neither of which deal with form validation):
How to send HTML form RESTfully?
How do you implement resource "edit" forms in a RESTful way?
you could have the html form post directly to /people/new. If the validation fails, rerender the edit form with the appropriate information. If it succeeds, forward the user to the new URL. This would be consistent with the REST architecture as I understand it.
I saw you comment to Monis Iqbal, and I have to admit I don't know what you mean by "non-RESTful URLS". The only thing the REST architecture asks from a URL is that it be opaque, and that it be uniquely paired to a resource. REST doesn't care what it looks like, what's in it, how slashes or used, how many are used, or anything like that. The visible design of the URL is up to you and REST has no bearing.
Thanks for the responses. They have freed my mind a bit, and so in response to my own question I would like to propose an alternative set of RESTful URL conventions which actually embrace the two methods (GET and POST) of the non-AJAX world, instead of trying to work around them.
Edit: As commenters have pointed out, these "conventions" should not be part of the RESTful API itself. On the other hand, internal conventions are useful because they make the server-side implementation more consistent and hence easier for developers to understand and maintain. RESTful clients, however, should treat the URLs as opaque, and always obtain them as hyperlinks, never by constructing URLs themselves.
GET /people
return a list of all records
GET /people/new
return a form for adding a new record
POST /people/new
create a new record
(for an HTML client, return the form again if the input is invalid, otherwise redirect to the new resource)
GET /people/1
return the first record
GET /people/1/edit
return a form for editing the first record
POST /people/1/edit
update the first record
GET /people/1/delete
return a form for deleting the record
(may be simply a confirmation - are you sure you want to delete?)
POST /people/1/delete
delete the record
There is a pattern here: GET on a resource, e.g. "/people/1", returns the record itself. GET on resource+operation returns an HTML form, e.g. "/people/1/edit". POST on resource+operation actually executes the operation.
Perhaps this is not quite so elegant as using additional HTTP verbs (PUT and DELETE), but these URLs should work well with vanilla HTML forms. They should also be pretty self-explanatory to a human user...I'm a believer in the idea that "the URL is part of the UI" for users accessing the web server via a browser.
P.S. Let me explain how I would do the deletes. The "/people/1" view will have a link to "/people/1/delete", with an onclick javascript handler. With javascript enabled, the click is intercepted and a confirmation box presented to the user. If they confirm the delete, a POST is sent, deleting the record immediately. But if javascript is disabled, clicking the link will instead send a GET request, which returns a delete confirmation form from the server, and that form sends the POST to perform the delete. Thus, javascript improves the user experience (faster response), but without it the website degrades gracefully.
Why do you want to create a second "API" using XML?
Your HTML contains the data your user needs to see. HTML is relatively easy to parse. The class attribute can be used to add semantics as microformats do. Your HTML contains forms and links to be able to access all of the functionality of your application.
Why would you create another interface that delivers completely semantic free application/xml that will likely contain no hypermedia links so that you now have to hard code urls into your client, creating nasty coupling?
If you can get your application working using HTML in a web browser without needing to store session state, then you already have a RESTful API. Don't kill yourself trying to design a bunch of URLs that corresponds to someone's idea of a standard.
Here is a quote from Roy Fielding,
A REST API must not define fixed
resource names or hierarchies
I know this flies in the face of probably almost every example of REST that you have seen but that is because they are all wrong. I know I am starting to sound like a religious zealot, but it kills me to see people struggling to design RESTful API's when they are starting off on completely the wrong foot.
Listen to Breton when he says "REST doesn't care what [the url] looks like" and #Wahnfrieden will be along soon to tell you the same thing. That microformats page is horrible advice for someone trying to do REST. I'm not saying it is horrible advice for someone creating some other kind of HTTP API, just not a RESTful one.
Why not use AJAX to do the work on the client side and if javascript is disabled then design the html so that the conventional POST would work.