by the call
Incidentally the names given to the Submit and Reset buttons are generally of no importance, except that they must not clash with any other names used in the form.
However, it is possible for a form to have more than one submit button, in which case they must all have unique names.
9.4 Other Form Objects
There are other form objects which we have not yet seen. We can illustrate the main ones by this new web form.
The HTML used to generate this form is given below.
9 Passing Variables to a PHP Script I
Note the mysterious-looking additional attribute/value pair that has appeared in the <form> tag: enctype="multipart/form-data". This is essential when there is a fi le to be uploaded (see Sect. 9.4.3 ).
9.4.1 Password Field
The box next to the words 'Student Number' is a regular text box. The box next to Password looks the same but is a variant of a text box called a password box .
The form of the HTML statement is the same as for a text box except that
"type=text" is replaced by "type=password". For example:
Characters typed into the box are not displayed on the user's screen. Instead they appear as large black dots, thus making the text typed unreadable by any onlookers.
So if the name Mary Jones is entered, it will appear as 10 dots:
As for a text fi eld, a default value may be specifi ed:
The default value will appear in the box as a default value, with each of the char-acters replaced by a large black dot.
A default value is most likely to be used when a stored password has been read from a database and the user is given the option to change it. We will come on to databases in Chap. 12 .
This PHP function can be used to generate a password box automatically.
144
It can be used by a function call such as
9.4.2 Hidden Field
The above example also illustrates the use of a hidden fi eld.
HTML such as this
does not place anything on the screen, but when the Submit button is pressed, the value "my secret value" will be sent to the destination page as the value of variable
"name3". In the example this is used to pass the reference number for the student project to the destination page.
The main use of hidden fi elds is to pass values to a destination page that are important for an application but of little or no interest to the user. Note that a hidden fi eld cannot be used to keep a value secret from the user of a web form as simply viewing the HTML source of the web page will show the value.
The following PHP function will generate a hidden fi eld automatically.
It can be called by e.g.
9 Passing Variables to a PHP Script I
9.4.3 File Field
The fi nal box shown in the above example is called a fi le box . It is next to the text 'Upload your project report'. This provides a facility for the user to upload a fi le (here a fi le of text, but possibly an image or some other sort of fi le). This creates a potential security risk for the server and perhaps because of this there are restric-tions on how the fi le box can be used. In fact, this is probably the most diffi cult and error-prone type of form object to use.
The HTML to generate a basic fi le box is very simple, for example
To use the facility is also straightforward. As its name suggests, pressing the Browse button (which is automatically provided as part of the form object) allows the user to browse through fi les on his/her hard disk and select one for uploading.
Pressing the Submit button then uploads the fi le to the server and sends its name and other information as part of the information sent to the destination page. No default value is possible.
A major problem with this approach is that many web service providers limit the size of a fi le that can be uploaded this way. The limit is typically 2 MB or 5 MB. If this restriction is potentially crucial for your application, you will probably need to contact your service provider to fi nd out the limit and (if possible) arrange for it to be increased.
It is also possible for a lower maximum limit to be specifi ed in the HTML. This explains the second hidden fi eld in the above example.
This specifi es that no fi le larger than the specifi ed size (measured in bytes) can be uploaded. In this case the limit is 1048576 bytes, i.e. 1 MB. It is recommended that this statement be placed before the corresponding <input type="fi le"> tag. Note that there is no warning message given to users about fi le size limits unless the designer of the web form places one on the form.
There is a serious potential confusion about what happens if the user attempts to upload a larger fi le. Although it is possible that not all systems work in the same way, the fi le will generally still be uploaded and held as a temporary fi le on the server while the destination page, a PHP script, is executed. When we come to look at issues related to a destination page (Chap. 10 ) we will see that there needs to be a PHP instruction to copy that temporary fi le into the website's fi le store as a perma-nent fi le. At that stage the PHP system will recognise that the fi le is too large and will fail to save it (which will later cause it to be deleted automatically). Depending on how the destination page is written the user may then be sent a message saying that the fi le could not be uploaded, when in fact it exceeded the maximum fi le size restriction.
146
A further issue with uploading fi les is whether it is possible to restrict the upload-ing only to fi les of a certain kind. This can be done in the case of a PDF fi le by an extension to the basic <input> statement.
To be precise the restriction is not to fi les in PDF format, simply to those with the extension pdf, which may not invariably be the same. The user can browse through directories but only fi les with the extension pdf (or PDF) will be made available for selection.
Restrictions to other kinds of fi le type can also be made, e.g. to restrict uploads to image fi les with the extension gif or jpeg we can use:
(Here jpeg represents fi les with extension either jpeg or jpg.)
How to deal with an uploaded fi le in the destination page will be explained in detail in Chap. 10 .
9.4.4 Readonly and Disabled Fields
That completes the set of form objects we will describe in this book. However we have not yet mentioned two attributes that can be used with most of them (except for the buttons). They are readonly and disabled. These two attributes are alternatives, so at most one of them should be used with any form object. 2 The HTML
indicates that the user will not be able to change the contents of the forename fi eld. Note that there will be nothing on the form to tell the user this unless the web form designer supplies some text such as '(this value may not be changed)'.
When the Submit button is pressed the value of forename is sent to the destina-tion page in the usual way.
The disabled attribute is signifi cantly different from readonly. The HTML
causes the forename box to be 'greyed out', i.e. its contents will appear faint as well as being unchangeable. Most importantly, when Submit is pressed no value for forename will be sent to the destination page.
2 If both are specifi ed, disabled takes priority.
9 Passing Variables to a PHP Script I
In cases where it is important for the value of a disabled attribute to be sent to the destination page this can be achieved by adding a hidden fi eld such as
Text boxes, password boxes, textareas, radio groups, checkboxes, fi le boxes and select boxes can all be disabled, but only the fi rst three can be made readonly.
Here are examples of the HTML needed to disable each of the various types of box.
Note that each radio button can be disabled separately. In this example only the third and fourth of a 'radio group' of four buttons are disabled.
In case you are wondering why anyone would want to place a fi le box (which has no default value) on a web form and then disable it, it might be that the form object was generated automatically using a PHP script and that there are some circum-stances when the box should be disabled and others when it should not be.
In the case of the text, password and textarea form objects the attribute disabled may be replaced by readonly . Incidentally if a fi le box is given a readonly attribute it is treated in the same way as disabled.
148