|
|
Chapter 7: Working With Forms |
|
Designing forms in HTML | |
Here's the HTML code that creates the form you just saw: <p align="center"><br> |
</tr> Look at the very first line of the FORM. The first thing you should notice is that the form uses the "POST" method. There are two methods available, GET and POST. Don't use GET; it can cause a whole bunch of security problems. The second thing to observe is action="ad_proc.php". This indicates what will happen when the "Submit" button is clicked. To run a script when the form is submitted, you'll put the path to the script here. Most times you can use a relative path, such as /cgi-bin/my_script.php, but sometimes the path must be absolute (complete and unambiguous). Do that only if you have to! If you move the file to a new server or domain (or to a different directory on the same server) you'll have to change any absolute paths. Note: for HTML files, use a relative path whenever possible. It's a real time-saver if you move things around on your site. |
Asking for user input |
|
Now, look for any lines beginning with the word "input". In each of these, there's a "type" given. Inputs of type text display a one-line text box used for items like name or email address. Inputs of the radio button or checkbox types allow selection of one or more items from a limited set of choices. Another input type, not shown in this example, is "select", which produces a drop-down list. (See an HTML reference book or tutorial for instructions on using this common input.) Another common input type is TEXTAREA; it won't have the word "input" inside the tag but it is an input anyway. Inputs of this type display a box where you can type in several lines of text. You can specify the width and height of the box, too. These inputs are all things the user can type in or select. There are other inputs, of type hidden, which the user normally doesn't know about. They are not really well hidden. They just don't display as part of the Web page. Click on View Source to see the code of a Web page and they are perfectly visible. |
Checking and validating the inputs |
There are two issues here. First, did the user enter all the items you require? Second, are the values they entered reasonable - and safe? Whoa! Safe?? Yes, you heard me. If a malicious person can enter system commands in a form field, they could do serious damage to your site! For example, they could send the contents of your password file to their email address and gain complete access to your system. They could delete all your files, making your site vanish in an instant. Pretty scary stuff...isn't it? But don't panic! We have solutions. First, let's think about making sure we get data in all the form fields that we feel are vital. You could use JavaScript to validate each field. But maybe the visitor's browser can't process JavaScript. Or maybe it can but they've disabled it. Some people do that because it's possible for JavaScript to do things the user won't like. So here's my plan: have the script check all the required fields for empty values. If a required field is empty, call the form back up with an error message to the user about which fields they can't leave blank. I'll show you how to do that a little later when I give you examples of useful code. |
| Previous Page Table of Contents Next Page |
Copyright © 2004 Steve Humphrey |