------------------------------------------------------------------------------
MC logo
Forms
[^] CSc 302 Outlines
------------------------------------------------------------------------------
<<Frames Javascript>>
  1. Interaction between server and client.
  2. <form> tag, action and method attributes.
    1. Using a mailto URL.
    2. A URL can refer to a program or a page.
      Typical extensions: .cgi, .asp, .php, .jsp.
    3. Actions process the data and output a page.
    4. Someone needs to write that program.
    5. method="post", method="get": Whether or not the form data is part of the URL.
  3. Google's main page. Note the use of a text field for the search, and hidden fields.
  4. Data tags.
    1. Name and value.
      1. All have a name attribute.
      2. Some have value, or may come straight from the user.
    2. <input type="type" ... /> Types
      1. text
        1. size gives the width displayed, in characters.
        2. maxsize gives the maximum number of characters you may enter.
        3. Provide the name attribute, and the value comes from the user's entry.
      2. password
        1. Same as text, but shows stars when typed.
        2. Does not secure transmission.
        3. Provide the name attribute, and the value comes from the user's entry.
      3. submit.
        1. Sends the form to the server.
        2. Multiple submit buttons are allowed.
        3. Provide both the name and value attributes. The value is displayed on the button, and also sent when the button is pressed.
      4. checkbox.
        1. Provide both the name and value attributes. The name and value are sent when the box is checked; otherwise, nothing is sent.
        2. Use the checked attribute to make the box initially checked.
      5. radio.
        1. Radio buttons are like checkboxes, but only one may be checked.
        2. Buttons are related by giving them the same name.
        3. Provide both the name and value attributes. Use the same name for the radio buttons in a group, but different values. The one checked will be sent.
        4. The checked attribute may also be used to designate an initial selection.
      6. hidden
        1. Do not appear on the form; simply sent to the server.
        2. Provide both the name and value attributes.
      7. reset. Clears the form to default values. Does not take a name or value.
    3. <textarea>...</textarea>
      1. Provides an area for free-form text responses.
      2. Use rows and cols to give the size of the area, in text rows and character widths.
      3. Content between the opening and closing tags is the default content of the text area.
      4. Provide the name attribute, and the value comes from the user's entry.
    4. <select name="nam"><option value="val">...</option>...</select>
      1. Creates a pull-down list.
      2. Give select the name attribute.
      3. Each option has its own value attribute. They will generally differ from each other.
      4. The list items are given by the contents of the option tags.
      5. For the selected list item, the name from the select is sent with the value from the selected option.
  5. Using savedat.php. It will saves whatever data your form sends into a file.
    1. Save your form in a directory local_html/forms. Won't work unless you put your form there.
    2. Create a directory formdat under your home directory (not under local_html).
    3. Change permissions so the web server can write your data directory.
      [test@sandbox test]$ cd local_html
      [test@sandbox local_html]$ mkdir forms
      [test@sandbox local_html]$ cd ..
      [test@sandbox test]$ mkdir formdat
      [test@sandbox test]$ chmod a+w formdat
    4. Forms located in local_html/forms may use an action URL http://sandbox.mc.edu/savedat.php
    5. The data file name is created based on the page name: a page stored as local_html/forms/mike.html will have its data stored in formdat/mike_data.txt under the same user account.
    6. If you create an ordinary page at local_html/forms/mike_resp.html, it will be displayed after the data is successfully stored.
    7. In case of an error, or if you don't create a resp file, savedat.php will generate its own response page.
  6. Validation.
    1. User may decide to send junk.
    2. Javascript may be used to refuse to send the junk.
    3. Since there's nothing to force the client to use Javascript, the server program that processes the data will need to check again, just to be safe.
    4. Deliberately sending illegal data to a web form is a favorite hacker trick, since some kinds of bugs may allow unauthorized access.
  7. Server-side processing program.
    1. The action URL of form refers to a program which processes form data.
    2. Many possible languages; depends on type of server and administrative configuration.
    3. Book's example is ASP, a Microsoft language.
    4. Here is a similar script in PHP which runs on Sandbox..
  8. A word about https and secure transmission.
    1. Ordinarily, data from a form can be snooped by anyone who has access to the lines or networking equipment it transits.
    2. Secure web sites use encryption to prevent this.
    3. URLs that start with https use the encrypted version of the protocol.
    4. The URL of the form action is most important. It is possible to create a form that always shows https in the stripe, but sends data by plain http.
    5. The https protocol also requires that a certificate authority vouches for the identity of the web site.
      1. CA's are just companies that your browser manufacturer trusts. Examples: Thawte, Verisign, Entrust etc.
      2. Web sites present a certificate which is electronically signed by the authority indicating that the authority believes the web site is really what the URL says.
<<Frames Javascript>>