|
what is <form> useful for?
hello guys,
I've got a curiosity... If I want to do a form with plain HTML and a scripting server-side (such as php) I'd write something like this: <form name="input" action="plain_html_form.php" method="post" > Username: <input type="text" name="user"> <br /> Email: <input type="text" name="email"> <br /> <input type="submit" value="Submit"> <br /> </form> and then from php I'll get the parameters as $_POST['user'] and $_POST['email'] and that's alright... BUT, if instead, I want to check the parameters before to send them to the server, as I usually I do, I would use javascript... With javascript I usually check if the fields are filled up correctly and then I let javascript send them to the server, so I don't use the form tag becuase I don't need it. Is this method wrong? Are there any downside I don't know? thank you in advance, Andrea |
Re: what is <form> useful for?
^AndreA^ wrote:
> hello guys, > > I've got a curiosity... > > If I want to do a form with plain HTML and a scripting server-side > (such as php) I'd write something like this: > > <form name="input" action="plain_html_form.php" method="post" > > Username: > <input type="text" name="user"> <br /> > Email: > <input type="text" name="email"> <br /> > > <input type="submit" value="Submit"> <br /> > </form> > > and then from php I'll get the parameters as $_POST['user'] and > $_POST['email'] and that's alright... > > > BUT, if instead, I want to check the parameters before to send them to > the server, as I usually I do, I would use javascript... > > With javascript I usually check if the fields are filled up correctly > and then I let javascript send them to the server, so I don't use the > form tag becuase I don't need it. > > Is this method wrong? > > Are there any downside I don't know? And when JavaScript is disabled? -- Take care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com |
Re: what is <form> useful for?
On Jul 24, 7:05*pm, "Jonathan N. Little" <lws4...@central.net> wrote:
> And when JavaScript is disabled? Then it breaks and the visitor has a decision to make... |
Re: what is <form> useful for?
Gazing into my crystal ball I observed "^AndreA^"
<andrea.bola@gmail.com> writing in news:1b2e5674-0c32-4743-9b8e- aa66593b05b5@n33g2000pri.googlegroups.com: > hello guys, > > I've got a curiosity... > > If I want to do a form with plain HTML and a scripting server-side > (such as php) I'd write something like this: > ><form name="input" action="plain_html_form.php" method="post" > > Username: ><input type="text" name="user"> <br /> > Email: ><input type="text" name="email"> <br /> > ><input type="submit" value="Submit"> <br /> ></form> > > and then from php I'll get the parameters as $_POST['user'] and > $_POST['email'] and that's alright... > > > BUT, if instead, I want to check the parameters before to send them to > the server, as I usually I do, I would use javascript... > > With javascript I usually check if the fields are filled up correctly > and then I let javascript send them to the server, so I don't use the > form tag becuase I don't need it. > > Is this method wrong? You still need the form element. Certain elements, eg. input, cannot exist without being wrapped in a form element. Javascript is nice as an enhancement. As you know, you have to validate server side, especially before you put anything in a db. > > Are there any downside I don't know? Yes, users with javascript disabled will submit to the value of the action attribute. If you do not use the form element, there is no place to submit to. Again, it is very important to check everything server side, especially when the data is going into a db. You might want to look into SQL injection. |
Re: what is <form> useful for?
Travis Newbury wrote:
> On Jul 24, 7:05 pm, "Jonathan N. Little" <lws4...@central.net> wrote: >> And when JavaScript is disabled? > > Then it breaks and the visitor has a decision to make... Poor choice of design implementation. -- Take care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com |
Re: what is <form> useful for?
In article <acdd6$4889418f$40cba7b7$4569@NAXS.COM>,
"Jonathan N. Little" <lws4art@central.net> wrote: > Travis Newbury wrote: > > On Jul 24, 7:05 pm, "Jonathan N. Little" <lws4...@central.net> wrote: > >> And when JavaScript is disabled? > > > > Then it breaks and the visitor has a decision to make... > > Poor choice of design implementation. Actually, where Travis is concerned, good on you, Jonathan, in getting the good message out there. He is hoping we will tire and he will get his post-modernist/free-market/each-to-his-own take on objectivity to swamp the battlefield. -- dorayme |
Re: what is <form> useful for?
On Fri, 25 Jul 2008 01:13:43 +0000, Adrienne Boswell wrote:
> You might want to look into SQL injection. I dunno... I still prefer sipping Jack Daniel's to injecting SQL. I have this thing about needles... |
Re: what is <form> useful for?
On Thu, 24 Jul 2008 15:38:00 -0700, ^AndreA^ wrote:
> With javascript I usually check if the fields are filled up correctly > and then I let javascript send them to the server, so I don't use the > form tag becuase I don't need it. An html compliant browser will not allow any input/textarea tags it encounters if it has not already seen a form opening tag. |
Re: what is <form> useful for?
viza wrote:
> On Thu, 24 Jul 2008 15:38:00 -0700, ^AndreA^ wrote: > >> With javascript I usually check if the fields are filled up correctly >> and then I let javascript send them to the server, so I don't use the >> form tag becuase I don't need it. > > An html compliant browser will not allow any input/textarea tags it > encounters if it has not already seen a form opening tag. Not so: <!ENTITY % formctrl "INPUT | SELECT | TEXTAREA | LABEL | BUTTON"> <!ENTITY % inline "#PCDATA | %fontstyle; | %phrase; | %special; | %formctrl;"> Input and textarea tags can appear anywhere inline data can appear (or flow data, because flow includes inline), with the exception of inside a button (because of <!ELEMENT BUTTON - - (%flow;)* -(A|%formctrl;|FORM|FIELDSET) ). |
Re: what is <form> useful for?
very good discussion guys, thank you to everyone...
So, I have understood that I need the form tag even though I choose not to support users with javascript off. I've also understood that is a good practice guarantee access to people with javascript off (about 5% now, http://www.w3schools.com/browsers/browsers_stats.asp). I "lost" the whole morning surfing the web trying to understand what other people think about js on or off... ;-) I usually check client-side for all of this stuff: !@#$%^&*()+=[]\\\';,/{}|\":<>?~`.- _£ and then, if everything is fine, I send the data to php and I do just: $_something = htmlentities($_POST['something']); and then it's ready to be stored on the db. Wasn't it enough? Anyway It's useless to have a double check (client-side and server- side), so, following your ideas I should do just a server side check but it isn't as cool as AJAX... Or maybe I could; CLIENT-SIDE: check if the fields are filled up correctly (so who has js on can find it usefull) and SERVER-SIDE: check again all the fields and, above all, look for some characters for security reasons. What do you think? Cheers, Andrea |
| All times are GMT. The time now is 12:55 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.