Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Pass hard coded param CGI post

by davebaker (Pilgrim)
on Jun 29, 2020 at 16:20 UTC ( [id://11118664]=note: print w/replies, xml ) Need Help??


in reply to Pass hard coded param CGI post

So if you have control over the form, then you probably want to change it to:

<form action="/cgi-bin/delete.pl" method="post" accept-charset="UTF-8"
+>
  <div class="form-group">
    <label for="id">&nbsp;Your token</label>
    <input id="id" name="token" type="text" class="form-control">
    <input name="key" value="gfgf" type="hidden">
    <input name="usr" value="rob" type="hidden">
  </div>
  <div class="form-group">
   <button name="submit" type="submit" class="btn btn-primary">Delete<
+/button>
  </div>
</form>

[download]

I think that's what perlfan suggested, but I am wanting to show in the above code that you'd definitely want to use the clean (no query string) URL to "post" to, plus the hidden fields shown above, because it's possible that your script, when it decodes the incoming parameters, won't do it correctly if there are query string ("get") parameters at the same time there are "post" parameters, even if the parameter names don't conflict. You might as well eliminate that risk, as shown.

Also, do NOT use the "readonly" attribute. The user wouldn't be able to modify the contents of that field, meaning that the user will see a blank id field when it's displayed and won't be able to enter anything into it (what your form is calling a "token"). I've never seen the "readonly" attribute used in an HTML form, in 25 years of coding. Interesting.

Replies are listed 'Best First'.
Re^2: Pass hard coded param CGI post
by marto (Cardinal) on Jun 29, 2020 at 19:49 UTC

    "Also, do NOT use the "readonly" attribute. The user wouldn't be able to modify the contents of that field"

    That is probably exactly why they wish this to be read only. Don't allow it to be altered, maintain the same aesthetics. It's unlikely they had this there by accident.

[reply]

      I don't get it, though -- it seems to be a form in which the user is to enter a "token" in the input field named "id". If that field is merely to show an existing value for a token ("id") that's already on file, then I would think the "id" field that had been marked readonly would have a "value='<TMPL_VAR ID_ON_FILE>'" attribute as part of its inoput tag, where a value would be supplied by a program that's using the form as an template (HTML::Template) or something.

[reply]

        I don't believe we're getting the full picture, and there's no description of what OP is actually looking to do, however READONLY fields are useful in various circumstances, say for example a UI that allows users to delete something (as suggested here), prompting them with a page they can submit, cancel but not alter submission details for a record to be removed makes sense. Hopefully there is some sane, session based checks being made behinds the scenes, as it's fairly easy to mess around with such things if they are blindly accepting user input.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11118664]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2024-04-24 04:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found