Maths in HTML

G

Geoff

Hi.
I want to check the number of characters which have ben entered into a
textbox on a form. Then, if the number is (say) 15, to display a message.
If the number of characters is more or less than this, then display a
different message. Can this be done in HTML alone, I don't really want
to use javascript. Are functions like CHR_LEN available in HTML?

Secondly, I want the number that has been entered, to be added to a list on
a hidden page. If anyone can point me in the right direction, I would be
most grateful.

Geoff
 
J

Jonathan N. Little

Geoff said:
Hi.
I want to check the number of characters which have ben entered into a
textbox on a form. Then, if the number is (say) 15, to display a message.
If the number of characters is more or less than this, then display a
different message. Can this be done in HTML alone, I don't really want
to use javascript. Are functions like CHR_LEN available in HTML?

No. HTML is just a markup language. Once you say "function" that implies
program that has methods... It would require JavaScript to do what you wish.

Secondly, I want the number that has been entered, to be added to a list on
a hidden page. If anyone can point me in the right direction, I would be
most grateful.

Now here you lose me. DO you mean something like a tally for a poll? If
so you need some server-side scripting. Your form would have to post to,
specified in the ACTION attribute of your FORM element. The script would
have to process and store said value in some sort of data file or database.
 
T

Toby Inkster

Geoff said:
Can this be done in HTML alone

No -- you will need some form of scripting. There are basically two
options:

- Client side (using Javascript)
- Server side (big choice of scripting languages)

Client side is very easy, but not completely reliable, as not everyone
uses Javascript-enabled browsers. Here's a quick example:

<input name="string" id="stringid">
<input type="button" id="buttonid">
<script type="text/javascript">
function checkit ()
{
var it = document.getElementById('stringid');
window.alert(it.value.length()==15 ? 'You win!' : 'You lose!');
}
document.getElementById('buttonid').onclick = checkit;
</script>

With server-side scripting, you'll need to find out which languages your
server supports. Many servers support PHP, so here's a PHP example:

<form action="<?=$_SERVER['PHP_SELF']?>" method="get">
<input name="string">
<input type="submit">
</form>
said:
Secondly, I want the number that has been entered, to be added to a list
on a hidden page.

This will certainly require server-side scripting. Client-side would not
be capable of this.
 
G

Geoff

Thks for the prompt reply. I simply want to see what each visitor has typed
into the textbox. It is too complicated using serverside variable passing,
to have it emailed to me every time, so I thought simply to have the content
of the textbox added to a list on a hidden page which I could access
occasionally to see what numbers had been entered.

Thks again

Geoff.
 
S

Steve Pugh

Geoff said:
Thks for the prompt reply. I simply want to see what each visitor has typed
into the textbox. It is too complicated using serverside variable passing,
to have it emailed to me every time, so I thought simply to have the content
of the textbox added to a list on a hidden page which I could access
occasionally to see what numbers had been entered.

Top posting fixed, please don't do it again - it reduces your chances
of getting answers from some of the most knowledgeable participants.

So, instead of your server side script sending you an e-mail it writes
the submission into a file. You still need something on the server to
process the form submission and carry this out, because there's no way
that an HTML page, being parsed by a browser on the user's machine can
do anything at all on your server.

Steve
 
T

Toby Inkster

Geoff said:
Thks for the prompt reply. I simply want to see what each visitor has typed
into the textbox. It is too complicated using serverside variable passing,
to have it emailed to me every time

Server-side processing doesn't mean that the results must be sent by
e-mail.
 
C

cwdjrxyz

Toby said:
Geoff said:
Can this be done in HTML alone

No -- you will need some form of scripting. There are basically two
options:

- Client side (using Javascript)
- Server side (big choice of scripting languages)

Client side is very easy, but not completely reliable, as not everyone
uses Javascript-enabled browsers. Here's a quick example:

<input name="string" id="stringid">
<input type="button" id="buttonid">
<script type="text/javascript">
function checkit ()
{
var it = document.getElementById('stringid');
window.alert(it.value.length()==15 ? 'You win!' : 'You lose!');
}
document.getElementById('buttonid').onclick = checkit;
</script>

With server-side scripting, you'll need to find out which languages your
server supports. Many servers support PHP, so here's a PHP example:

<form action="<?=$_SERVER['PHP_SELF']?>" method="get">
<input name="string">
<input type="submit">
</form>
said:
Secondly, I want the number that has been entered, to be added to a list
on a hidden page.

This will certainly require server-side scripting. Client-side would not
be capable of this.

I would just add that you must be very careful with server side
scripting, or you site can get hacked. People will enter just about
anything into forms including hacker scripts. Limiting the number of
characters the form will accept will help. Also not allowing certain
tags such as the script tag also will help. This often is done with
regular expressions. Don't even think of writing your own cgi script
unless you are very well experienced with this. Hackers have many
tricks to exploit such scripts that are not written exactly right. I
know of a case a few years ago when the"boys from Brazil" hacked the
server of a small host that catered to people with set top boxes.
Nearly all of the home pages of users were defaced. Then finally the
hack caused the server to crash and lose much data. The server had not
been kept properly backed up on another device, so many people lost all
of their pages. And the server was Unix - Apache, not Microsoft. The
"boys from Brazil" were experts at hacking this type of server.
 
M

Michael Fesser

..oO(cwdjrxyz)
I would just add that you must be very careful with server side
scripting, or you site can get hacked. People will enter just about
anything into forms including hacker scripts. Limiting the number of
characters the form will accept will help.

Maybe, but even short scripts can be malicious.
Also not allowing certain
tags such as the script tag also will help.

Not necessary. Instead of trying to prevent people from entering special
chars or elements just take into account that there might be such stuff
in the submitted data and react accordingly. When printing out user data
to a page all you need is proper escaping of quotes, < and & chars. In
PHP this can be done with htmlspecialchars(). Then if someone tries to
enter some bad script it will just be printed as plain text.

The same goes for submitting data to a database. If you use prepared
statements, you can let the "bad guys" enter whatever they want without
any troubles.
This often is done with
regular expressions.

In many cases that's not the best or even the wrong way. If you search
for suspicious characters or elements in the user data, odds are high
that you'll miss something. For example there are many different ways to
represent quotes or linebreaks. Is your regex prepared to handle all
those variations, different encodings and sometimes even browser quirks?

a\0x00lert("Hello world");

This works in IE.

Micha
 
A

Andy Dingley

Michael said:
Not necessary. Instead of trying to prevent people from entering special
chars or elements just take into account that there might be such stuff
in the submitted data and react accordingly.

eBay won't even let you use quotes in their "message to seller"
feature. It's most annoying!
 
A

Adrienne Boswell

eBay won't even let you use quotes in their "message to seller"
feature. It's most annoying!

They are worried about SQL injection, but yes, they could do things on the
server to accomodate that. They could replace characters server side.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top