Maths in HTML

Discussion in 'HTML' started by Geoff, Jan 4, 2007.

  1. Geoff

    Geoff Guest

    Hi.
    I want to check the number of characters which have ben entered into a
    textbox on a form. Then, if the number is (say) 15, to display a message.
    If the number of characters is more or less than this, then display a
    different message. Can this be done in HTML alone, I don't really want
    to use javascript. Are functions like CHR_LEN available in HTML?

    Secondly, I want the number that has been entered, to be added to a list on
    a hidden page. If anyone can point me in the right direction, I would be
    most grateful.

    Geoff
     
    Geoff, Jan 4, 2007
    #1
    1. Advertising

  2. Geoff wrote:
    > Hi.
    > I want to check the number of characters which have ben entered into a
    > textbox on a form. Then, if the number is (say) 15, to display a message.
    > If the number of characters is more or less than this, then display a
    > different message. Can this be done in HTML alone, I don't really want
    > to use javascript. Are functions like CHR_LEN available in HTML?


    No. HTML is just a markup language. Once you say "function" that implies
    program that has methods... It would require JavaScript to do what you wish.


    >
    > Secondly, I want the number that has been entered, to be added to a list on
    > a hidden page. If anyone can point me in the right direction, I would be
    > most grateful.


    Now here you lose me. DO you mean something like a tally for a poll? If
    so you need some server-side scripting. Your form would have to post to,
    specified in the ACTION attribute of your FORM element. The script would
    have to process and store said value in some sort of data file or database.

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
     
    Jonathan N. Little, Jan 4, 2007
    #2
    1. Advertising

  3. Geoff

    Toby Inkster Guest

    Geoff wrote:

    > Can this be done in HTML alone


    No -- you will need some form of scripting. There are basically two
    options:

    - Client side (using Javascript)
    - Server side (big choice of scripting languages)

    Client side is very easy, but not completely reliable, as not everyone
    uses Javascript-enabled browsers. Here's a quick example:

    <input name="string" id="stringid">
    <input type="button" id="buttonid">
    <script type="text/javascript">
    function checkit ()
    {
    var it = document.getElementById('stringid');
    window.alert(it.value.length()==15 ? 'You win!' : 'You lose!');
    }
    document.getElementById('buttonid').onclick = checkit;
    </script>

    With server-side scripting, you'll need to find out which languages your
    server supports. Many servers support PHP, so here's a PHP example:

    <form action="<?=$_SERVER['PHP_SELF']?>" method="get">
    <input name="string">
    <input type="submit">
    </form>
    <?= (strlen($_GET['string'])==15 ? 'You win!' : 'You lose!'); ?>

    > Secondly, I want the number that has been entered, to be added to a list
    > on a hidden page.


    This will certainly require server-side scripting. Client-side would not
    be capable of this.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me ~ http://tobyinkster.co.uk/contact
     
    Toby Inkster, Jan 4, 2007
    #3
  4. Geoff

    Geoff Guest

    Thks for the prompt reply. I simply want to see what each visitor has typed
    into the textbox. It is too complicated using serverside variable passing,
    to have it emailed to me every time, so I thought simply to have the content
    of the textbox added to a list on a hidden page which I could access
    occasionally to see what numbers had been entered.

    Thks again

    Geoff.

    "Jonathan N. Little" <> wrote in message
    news:89f7a$459d12cc$40cba7cd$...
    > Geoff wrote:
    >> Hi.
    >> I want to check the number of characters which have ben entered into a
    >> textbox on a form. Then, if the number is (say) 15, to display a
    >> message. If the number of characters is more or less than this, then
    >> display a different message. Can this be done in HTML alone, I don't
    >> really want to use javascript. Are functions like CHR_LEN available in
    >> HTML?

    >
    > No. HTML is just a markup language. Once you say "function" that implies
    > program that has methods... It would require JavaScript to do what you
    > wish.
    >
    >
    >>
    >> Secondly, I want the number that has been entered, to be added to a list
    >> on a hidden page. If anyone can point me in the right direction, I would
    >> be most grateful.

    >
    > Now here you lose me. DO you mean something like a tally for a poll? If so
    > you need some server-side scripting. Your form would have to post to,
    > specified in the ACTION attribute of your FORM element. The script would
    > have to process and store said value in some sort of data file or
    > database.
    >
    > --
    > Take care,
    >
    > Jonathan
    > -------------------
    > LITTLE WORKS STUDIO
    > http://www.LittleWorksStudio.com
     
    Geoff, Jan 4, 2007
    #4
  5. Geoff

    Steve Pugh Guest

    Geoff wrote:
    > "Jonathan N. Little" <> wrote in message
    > news:89f7a$459d12cc$40cba7cd$...
    > > Geoff wrote:
    > >>
    > >> Secondly, I want the number that has been entered, to be added to a list
    > >> on a hidden page. If anyone can point me in the right direction, I would
    > >> be most grateful.

    > >
    > > Now here you lose me. DO you mean something like a tally for a poll? If so
    > > you need some server-side scripting. Your form would have to post to,
    > > specified in the ACTION attribute of your FORM element. The script would
    > > have to process and store said value in some sort of data file or
    > > database.
    > >

    > Thks for the prompt reply. I simply want to see what each visitor has typed
    > into the textbox. It is too complicated using serverside variable passing,
    > to have it emailed to me every time, so I thought simply to have the content
    > of the textbox added to a list on a hidden page which I could access
    > occasionally to see what numbers had been entered.


    Top posting fixed, please don't do it again - it reduces your chances
    of getting answers from some of the most knowledgeable participants.

    So, instead of your server side script sending you an e-mail it writes
    the submission into a file. You still need something on the server to
    process the form submission and carry this out, because there's no way
    that an HTML page, being parsed by a browser on the user's machine can
    do anything at all on your server.

    Steve
     
    Steve Pugh, Jan 4, 2007
    #5
  6. Geoff

    Toby Inkster Guest

    Geoff wrote:

    > Thks for the prompt reply. I simply want to see what each visitor has typed
    > into the textbox. It is too complicated using serverside variable passing,
    > to have it emailed to me every time


    Server-side processing doesn't mean that the results must be sent by
    e-mail.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me ~ http://tobyinkster.co.uk/contact
     
    Toby Inkster, Jan 4, 2007
    #6
  7. Geoff

    cwdjrxyz Guest

    Toby Inkster wrote:
    > Geoff wrote:
    >
    > > Can this be done in HTML alone

    >
    > No -- you will need some form of scripting. There are basically two
    > options:
    >
    > - Client side (using Javascript)
    > - Server side (big choice of scripting languages)
    >
    > Client side is very easy, but not completely reliable, as not everyone
    > uses Javascript-enabled browsers. Here's a quick example:
    >
    > <input name="string" id="stringid">
    > <input type="button" id="buttonid">
    > <script type="text/javascript">
    > function checkit ()
    > {
    > var it = document.getElementById('stringid');
    > window.alert(it.value.length()==15 ? 'You win!' : 'You lose!');
    > }
    > document.getElementById('buttonid').onclick = checkit;
    > </script>
    >
    > With server-side scripting, you'll need to find out which languages your
    > server supports. Many servers support PHP, so here's a PHP example:
    >
    > <form action="<?=$_SERVER['PHP_SELF']?>" method="get">
    > <input name="string">
    > <input type="submit">
    > </form>
    > <?= (strlen($_GET['string'])==15 ? 'You win!' : 'You lose!'); ?>
    >
    > > Secondly, I want the number that has been entered, to be added to a list
    > > on a hidden page.

    >
    > This will certainly require server-side scripting. Client-side would not
    > be capable of this.


    I would just add that you must be very careful with server side
    scripting, or you site can get hacked. People will enter just about
    anything into forms including hacker scripts. Limiting the number of
    characters the form will accept will help. Also not allowing certain
    tags such as the script tag also will help. This often is done with
    regular expressions. Don't even think of writing your own cgi script
    unless you are very well experienced with this. Hackers have many
    tricks to exploit such scripts that are not written exactly right. I
    know of a case a few years ago when the"boys from Brazil" hacked the
    server of a small host that catered to people with set top boxes.
    Nearly all of the home pages of users were defaced. Then finally the
    hack caused the server to crash and lose much data. The server had not
    been kept properly backed up on another device, so many people lost all
    of their pages. And the server was Unix - Apache, not Microsoft. The
    "boys from Brazil" were experts at hacking this type of server.
     
    cwdjrxyz, Jan 4, 2007
    #7
  8. Geoff

    Geoff Guest

    Thanks for all the advice guys.

    Geoff
     
    Geoff, Jan 4, 2007
    #8
  9. ..oO(cwdjrxyz)

    >I would just add that you must be very careful with server side
    >scripting, or you site can get hacked. People will enter just about
    >anything into forms including hacker scripts. Limiting the number of
    >characters the form will accept will help.


    Maybe, but even short scripts can be malicious.

    >Also not allowing certain
    >tags such as the script tag also will help.


    Not necessary. Instead of trying to prevent people from entering special
    chars or elements just take into account that there might be such stuff
    in the submitted data and react accordingly. When printing out user data
    to a page all you need is proper escaping of quotes, < and & chars. In
    PHP this can be done with htmlspecialchars(). Then if someone tries to
    enter some bad script it will just be printed as plain text.

    The same goes for submitting data to a database. If you use prepared
    statements, you can let the "bad guys" enter whatever they want without
    any troubles.

    >This often is done with
    >regular expressions.


    In many cases that's not the best or even the wrong way. If you search
    for suspicious characters or elements in the user data, odds are high
    that you'll miss something. For example there are many different ways to
    represent quotes or linebreaks. Is your regex prepared to handle all
    those variations, different encodings and sometimes even browser quirks?

    a\0x00lert("Hello world");

    This works in IE.

    Micha
     
    Michael Fesser, Jan 5, 2007
    #9
  10. Geoff

    Andy Dingley Guest

    Michael Fesser wrote:

    > Not necessary. Instead of trying to prevent people from entering special
    > chars or elements just take into account that there might be such stuff
    > in the submitted data and react accordingly.


    eBay won't even let you use quotes in their "message to seller"
    feature. It's most annoying!
     
    Andy Dingley, Jan 5, 2007
    #10
  11. Gazing into my crystal ball I observed "Andy Dingley"
    <> writing in news:1167993753.509358.204230@
    11g2000cwr.googlegroups.com:

    >
    > Michael Fesser wrote:
    >
    >> Not necessary. Instead of trying to prevent people from entering special
    >> chars or elements just take into account that there might be such stuff
    >> in the submitted data and react accordingly.

    >
    > eBay won't even let you use quotes in their "message to seller"
    > feature. It's most annoying!
    >


    They are worried about SQL injection, but yes, they could do things on the
    server to accomodate that. They could replace characters server side.


    --
    Adrienne Boswell at Home
    Arbpen Web Site Design Services
    http://www.cavalcade-of-coding.info
    Please respond to the group so others can share
     
    Adrienne Boswell, Jan 6, 2007
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ross Clement (Email address invalid - do not use)

    Maths expression drawing library

    Ross Clement (Email address invalid - do not use), Jan 11, 2006, in forum: Java
    Replies:
    4
    Views:
    618
    Vyacheslav Levitsky
    Oct 2, 2006
  2. Calum Maciver

    Maths Involved

    Calum Maciver, Feb 18, 2006, in forum: Java
    Replies:
    5
    Views:
    478
    Luke Webber
    Feb 19, 2006
  3. Andrew Bullock

    bit of a maths quesiton

    Andrew Bullock, Feb 5, 2005, in forum: C++
    Replies:
    2
    Views:
    325
    Victor Bazarov
    Feb 5, 2005
  4. Rory Campbell-Lange

    Maths error

    Rory Campbell-Lange, Jan 8, 2007, in forum: Python
    Replies:
    36
    Views:
    1,022
    Nick Maclaren
    Jan 16, 2007
  5. uttre

    maths for programming C++

    uttre, Jul 12, 2006, in forum: C++
    Replies:
    9
    Views:
    2,412
    Robbie Hatley
    Jul 17, 2006
Loading...

Share This Page