I need a text input field which does not use the autocomplete function - If a user has submitted the form before, his previous submissions should -not- appear as he types into the form again, even if he is typing the same thing again. As far as I can tell, there are a few ways to do this:
1. <form autocomplete="off">
However, I believe this is a proprietary tag, and I am not sure how compatible it is across browsers
2. Give the input field a random 'name'
One could even use JS to set the name back to an expected value before submission. However, if the user does not have JS installed, you'd need another hidden input with the name - and the php code on the other side gets messy fast.
Do you know of any other ways? Is one of these ways the "accepted" way? Comments?
Thanks,
Mala
Lookie here: Is there a W3C valid way to disable autocomplete in a HTML form?
Stick with the random name. You can do it simply enough server and client and you meet your no-js requirement.
You can store the original and changed name in a $_SESSION variable before outputting the form, and after the user submits, just get the name from there:
$random_name = md5('original_name' . time());
$_SESSION['original_name'] = $random_name;
...output form...
And after submitting you can easily get the value from $_POST using the $_SESSION variable:
$field_value = $_POST[$_SESSION['original_name']];
Just be sure that you have sessions available by calling session_start() before any processing.
Autocomplete is something that browsers decided to do on their own, so there’s certainly no spec document to look at.
Related
I am new to HTML and still trying to understand some concepts. Here it is one that I do not understand at all. After trying HTML form I noticed that if I have a form with attribute name I can access that form the following way document.attribute_name or document[attribute_name]. However if I try to do the same on a div for instance, it does not work. Can somebody please explain me why is this so.
Also, I was wondering if it good practice to use a form when using AJAX. Let say that I have some fields inside a form but I am using ajax and the form never is "posted" as I am using AJAX to change field's contents.
Thanks in advance!
Usually a form has the name attribute in order for you to be able to pass a value to a PHP/ AJAX script.
When writing THE FORM :
<FORM action = 'addDetailsToDatabase.php' method = 'post' >
<input name ='myName'>
<button type = 'submit'>
</form>
When you submit this form it will post the input field value that has the name attribute 'myName' to the addDetailsToDatabase.php script. So now whatever has been entered and submitted in the input you can use in your PHP script.
TAGS do not generally have a need for a name attribute. (I am saying generally need just incase theiris some library out there that uses this I have never seen a name attribut on a div tag.
The best way to get a div is to get it by ID . document.getElementByID('yourdivid') - Javascript.
Your div will look like this
You can use AJAX to post a form to be be run by a PHP script and this has the added benefit of the whole page not being refreshed.
Anwsering the second part its hard what you are asking. With Ajax you can make your page as dynamic as you want
You can select from the database and echo wherever you want the options are limitless (almost). The best thing to do is to learn HTML = SIMPLE Learn CSS =SIMPLE. Then learn some simple JQUERY or javascript. If your dealing with forms and databases learn how to post a form to PHP script and store in a database and then retrieve using the select statement (prepared statements will set you up for years to come try and avoid old SQL tutorials)
Once you get this learn your AJAX to fill the gaps
I'm not sure if what I'm trying to do is even possible, but it's worth a try.
I need to make an html form and put a checkbox there (a "I accept the terms and conditions"). When the user clicks submit, it should verify if the checkbox is checked and display an error message if it isn't. But the trick is that I'm not allowed to use JavaScript, as my client doesn't support it.
What can I do?
EDIT: I'm looking for a client-side solution, if that's not possible, then I'll have to live with it :p
Without javascript you're going to have to rely on something server side to do the validation for you (PHP, CGI script, Python, anything really). Submit your form to this validation URL and return an error if the checkbox is not checked. Without more useful information (your environment for one) I can not provide any examples.
In HTML 5 you can use the
'Required' attribute for checkboxes,
Which causes the form not to be submitted unless it is checked
You can read up on it more here: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/Input
I am starting web developement.
While POSTing a form, all the input fields are sent as properties (Content-Disposition). I would like to add more information (I mean more properties sent by POST), like a value of some html tag, or the value of an attribut of some div. Is this possible ?
Well an idea to resolve that is to use "hidden input" (#html.HiddenFor). That's what I am going to do waiting for better solution.
What server side technology are you using? You will likely use JavaScript to get other values from your form then submit, but it really just depends. You may want to be more specific.
Is there a way to post some values in a form without using hidden fields?
The user should not be able to read these values by checking the DOM.
You can use hidden fields for posting data. But if you want that the user should not be able to read the values set in hidden field, you can encrypt the value before setting in the hidden field and then set it.
In this way nobody except you, who knows how to decode the value, would be able to read it.
Hope this helps.
AJAX can post any values you like, whether or not they appear in the form.
Well, whatever method you use the data is visible. The way sensitive data can be handled 'safely' on a public webpage is twofold.
Encrypt the data, as other poster mentionned.
Use ssl ( https:// ) for the pages you want secured. This prevents any 3rd party from sniffing the traffic generated by your users requests.
With these 2 simple steps properly implemented, the data, though not 100% secure ( nothing is secure on the net ), it is a lot harder to attain.
Using this two way passworded encryption class
http://www.tonymarston.net/php-mysql/showsource.php?file=std.encryption.class.inc
and following the usage example
http://www.tonymarston.net/php-mysql/showsource.php?file=encryption.php
you can get something like this
http://www.tonymarston.net/php-mysql/encryption.php
Then in your situation you can do this:
<form >
<input type="hidden" name="data value="<?php echo($encryptedData); ?>" />
</form>
or you could do this
<?php setcookie("formdata", $encryptedData, time()+3600); /* expire in 1 hour */ ?>
Then on the other end you can decrypt the data using your password.
If I'm reading your question correctly, no, not really.
If you give something to the user and get it back, the user can modify it.
Why are you in need of this functionality? If you give us some context, I bet you'll get a definitive answer.
I was wondering whether it is possible to assign a value to an HTML text box and protect it.
What I mean is make it´s content unmodifiable, so that when the form gets submitted im "sure" it was this value which was submitted.
BTW I realize the easier way would be not to "listen" fot this input and just assign it but it would come in handy to be able to do what´s stated above.
I hope the question is clear enough, please ask for any needed clarification.
Thanks in advance!
EDIT: I was definitely not clear enough but I tried to express that i should hold the value after submitted (not modifiable in client side)
No, it's not. You should never trust user input, which includes form submissions.
The other answers tell you how to mark the field as read-only. This is useful if you want to display a particular value, while showing that it's not intended to edited.
However, it can still be modified with Firebug, DOM Inspector, etc. Or, they can just submit a HTTP request without using the browser at all.
I would recommend storing the value in a session instead.
Set the readonly property of the input element:
<input type="text" readonly="readonly" />
This will prevent any modification (except if the user edits with a DOM Inspector). Always validate input on the server. If you do not want any changes made, don't allow the user to edit it.
http://www.w3schools.com/tags/att_input_readonly.asp
Form inputs have a 'disabled' and 'readonly' attributes you can set to make them un-editable.
http://htmlhelp.com/reference/html40/forms/input.html
Though you can never be 100% sure what is getting sent from the client side. The entire DOM is editable by the client.
Just do this
<input type="text" value="VALUE" readonly />
Then itll be read only :)
<input type="text" readonly="readonly"/>. But: Never be sure, and validate data on the server side. It is very easy to request GET/POST with invalid data.