开发者

How to automatically fill form fields

How can you make a form be able to fill a field with the url?

Example: if i have two fields, username and password, and my form is located at form.html how can I make form.html?username=example automatica开发者_如何学Golly fill in "example" in the username field.


The form would have to read variables from the URL and parse them, and then repost those values into a field. For instance, with PHP, it would be:

<?php $sName = $_GET['name']; ?>
...some HTML goes here...
<input type="text" id="name" name="name" value="<?= $sName ?>" size="60" />

This can also be done in jQuery by using location.href value to get the full URL, then split the URL into parts a few times with the split() function, and then use $('#name').val(sName) in jQuery to post the value into that field.

However, there are several security implications you have to consider. It is no longer advisable any more to take a raw GET value without running it through some XSS prevention steps:

http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

Here's something that malicious people may use against a site that works with raw GET values:

http://ha.ckers.org/xss.html

So beware.


OK, so the user puts this URL into his browser, a request is made to the server, and the page comes back to the user. There are two general approaches you can use to filling in the form details. 1. You can make it happen on the server. 2. You can make it happen on the client. If you want to make it happen on the server then you're going to need to use a server-side technology like ASP.NET, PHP, JSP, etc. If you want to make it happen on the client then you'll need a client-side technology that will almost certainly be javascript.

There's a whole lot more to say about this, including warnings about security holes like cross-site scripting, but I'll leave those for now.


The webserver language (e.g. PHP) must access the variables (e.g. $_GET["username"]) and supply them as values to the HTML fields. Don't forget to use method="get" in the HTML.


If your url is form.html, then how are you going to end up with form.html?username=example?

?username=example is a query string. If your submitting your form with a GET method, it will use a query string and append it to your url so the way you'd get form.html?username=example would be if a user entered their username as "example" and then submitted the form.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜