SlideShare a Scribd company logo

Getting Information through HTML Forms

Mike Crabb
Mike Crabb

Introduction to HTML forms, the different form elements that exist, and a 'security hack' that you might not know existed

1 of 42
Download to read offline
webDeV@rgu getting information from users html forms quick tip… THE “SECURITY HACK” AT THE END OFTHIS PRESENTATION IS SOMETHINGTHAT EVERYONE SHOULD KNOW!
• HTML Forms • Form Presentation • Form Elements • Input Types • Input Attributes • Form Security Overview
HTML Forms
• Capturing user input • registering user information • entering username and password for login • posting status updates to social networks • submitting a search query • taking a questionnaire • Transmitting user input elsewhere • send to client side JavaScript for validation • send to server side process (PHP, Java, JavaScript) Purpose of html Forms

Recommended for you

The Sketchnote Mini-Workshop
The Sketchnote Mini-WorkshopThe Sketchnote Mini-Workshop
The Sketchnote Mini-Workshop

Presented in the Paper app on an iPad. Buy out my books on sketchnoting - http://rohdesign.com/books

 
by Mike Rohde
workshopsketchnotesketchnotehandbook
Html
HtmlHtml
Html

This document provides an introduction to HTML (Hypertext Markup Language) by explaining some key concepts: - HTML is used to create web pages and is a markup language that uses tags to describe the structure and layout of content. It is not a programming language. - Common HTML elements and tags are explained, including container tags that have opening and closing tags, and empty elements that only have opening tags. - The document demonstrates how to write basic HTML code and open HTML files in a web browser. It provides examples of common text formatting, list, image, and table tags.

 
by Nandakumar Ganapathy
WEB I - 01 - Introduction to Web Development
WEB I - 01 - Introduction to Web DevelopmentWEB I - 01 - Introduction to Web Development
WEB I - 01 - Introduction to Web Development

Introduction to XHTML Forms for Web Development 1 Course suitable for degree following CIT/CIS/CS ACM model curriculum.

 
by Randy Connolly
teachhtmlweb
Form Presentation
a simple html form
• The form tag contains all the input elements • <form> … </form> • Input elements can be of <input type=“” /> • Text/password/file or textarea • Radio button or Checkbox • Select boxes • All input elements should be given a form label • Improves accessibility if using a screen reader • <label> … </label> • Fieldsets can be used to graphically group input elements together • <fieldset> … </fieldset> Basic form elements
<form> <fieldset> <legend>Please leave a comment...</legend> <label for="name">Name:</label> <input type="text" name="name" value="" /> <label for="email">Email:</label> <input type="text" name="email" value="" /> <label for="comments">Comment:</label> <textarea name="comments" cols="45“ rows="5"> </textarea> <input type="submit" value="Submit" /> </fieldset> </form>
• Best practice is to use CSS • However, tables are still used a lot for layout of form elements • better than a messy form Form Presentation
<form> <fieldset> <legend>Please leave a comment...</legend> <label for="name">Name:</label> <input type="text" name="name" value="" /> <br> <label for="email">Email:</label> <input type="text" name="email" value="" /> <br> <label for="comments">Comment:</label> <textarea name="comments" cols="45" rows="5"></textarea> <br> <input type="submit" value="Submit" /> </fieldset> </form>
<style> input, textarea {width: 400px;} </style> <form> <fieldset> <legend>Please leave a comment...</legend> <table> <tr> <td><label>Name:</label></td> <td><input type="text" name="name" value="" /></td> </tr> <tr> <td><label>Email:</label></td> <td><input type="text" name="email" value="" /></td> </tr> <tr> <td><label>Comment:</label></td> <td><textarea name="comments" cols="45" rows="5"> </textarea></td> </tr> <tr> <td colspan=2><input type="submit" value="Submit" /></td> </tr> </table> </fieldset> </form>
Column 1 Column 2 Row 1 Row 2 Row 3 Row 4
Form Presentation • Best practice is to use CSS • However, tables are still used a lot for layout of form elements • better than a messy form • Next week we will look at CSS in a lot more detail so that you can get the hang of it.
Form elements input types
• Provides simple text input text <form> <label for=“firstname>First name:</label><br> <input type="text" name="firstname"><br> Last name:<br> <input type="text" name="lastname"> </form>
• Provides text input that is hidden from the user password <form> User name:<br> <input type="text" name="username"><br> User password:<br> <input type="password" name="psw"> </form>
<form action="action_page.php"> First name:<br> <input type="text" name="firstname" value="Mike"><br> Last name:<br> <input type="text" name="lastname" value="Crabb"><br><br> <input type="submit" value="Submit"> </form> • Submit button for forms submit
<form> Birthday: <input type="date" name="bday"> </form> • The <input type="date"> is used for input fields that should contain a date. date
• Provides for a selection of zero or more items from a list of options checkboxes <input type="checkbox" name="pets" value="loveCats">I love cats <br>
 <input type="checkbox" name="pets" value="loveDogs">I love dogs

• Provides for only one selection from a list of options Radio buttons <input type="radio" name="cats" value="loveCats">I love cats <br>
 <input type="radio" name="cats" value="hateCats">I have no soul
• Choose from a list of options • use the <select> tag • list <options> Selection (drop down) Box <label for="degreeTitle">Degree Title:</label>
 <select name="degreeTitle">
 <option value="cs">Computer Science</option>
 <option value="dm">Digital Media</option>
 <option value="cnmd">Computer Network Management and Design</option </select>
• Provides for only one selection from a list of options coloUr <form> Select your favorite color: <input type="color" name="favcolor"> </form>
• Provides for only one selection from a list of options email <form> E-mail: <input type="email" name="email"> <input type="submit"> </form>
• Provides for only one selection from a list of options URL <form> Add your homepage: <input type="url" name="homepage"> </form>
HTML5 form improvements email url Reset color check input is valid email address (something@something.something) check input is valid web address (http://www.something.something) Clears everything on the page Select a colour american spelling
Form elements input attributes
• The value attribute specifies the initial value for an input field: value <form action=""> First name:<br> <input type="text" name="firstname" value="John"> <br> Last name:<br> <input type="text" name="lastname"> </form>
• The readonly attribute specifies that the input field is read only (cannot be changed) read only <form action=""> First name:<br> <input type="text" name="firstname" value="John" readonly> <br> Last name:<br> <input type="text" name="lastname"> </form>
• The disabled attribute specifies that the input field is disabled. • A disabled element is un-usable and un-clickable. • Disabled elements will not be submitted Disabled <form action=""> First name:<br> <input type="text" name="firstname" value="John" disabled> <br> Last name:<br> <input type="text" name="lastname"> </form>
• The size attribute specifies the size (in characters) for the input field size <form action=""> First name:<br> <input type="text" name="firstname" value="John" size="40"> <br> Last name:<br> <input type="text" name="lastname"> </form>
• The maxlength attribute specifies the maximum allowed length for the input field: maxlength <form action=""> First name:<br> <input type="text" name="firstname" maxlength="10"> <br> Last name:<br> <input type="text" name="lastname"> </form>
• The autocomplete attribute specifies whether a form or input field should have autocomplete on or off autocomplete <form autocomplete="on"> First name:<input type="text" name="fname"><br> Last name: <input type="text" name="lname"><br> E-mail: <input type="email" name="email" autocomplete="off"><br> <input type="submit"> </form>
placeholder • The placeholder attribute specifies a hint that describes the expected value of an input field (a sample value or a short description of the format). <input type="text" name="fname" placeholder="First name">
required • When present, it specifies that an input field must be filled out before submitting the form. • The required attribute works with the following input types: text, search, url, tel, email, password, date pickers, number, checkbox, radio, and file. Username: <input type="text" name="username" required> This one is important
form security
form security • Forms can be quite insecure when we are using them, we need to make sure that the right data is being seen by the right people • and that no-one can get access to the really sensitive data! For example…here’s how to find our a password on an unsecured computer PS - DON’T DO THIS ONE SOMEONE ELSES COMPUTER - YOU’ll GET INTO A LOT OF TROUBLE!!
I’ve visited a website and have put in my username and password into the box provided. Let’s say that now I have to step away from my computer for 5 seconds…
Some unsavoury character comes along and looks at my screen. They right click on the password field and then go to inspect, I wonder what they are up to?
Now they are looking at the HTML for this web page and have an interest in the field that my password is in. It’s ok…its secure (it really isn’t).
They change the form element from: <input type=“Password”> to <Input Type=“text”> and now my password is being shown to the world #awkward!
• HTML Forms • Form Presentation • Form Elements • Input Types • Input Attributes • Form Security Recap
get in touch! @mike_crabb Lecturer in Web Development at Robert Gordon University (Scotland) @rgucomputing Robert Gordon University - School of Computing Science and Digital Media

More Related Content

Getting Information through HTML Forms