The term field, when used by itself, refers to a field in my application’s subsystem (as opposed to a field in a database table.)
Required Form Input Fields
Is the user being informed (with *required) so that he/she knows that a table field requires input when it is required by the database?
Additionally, does code verify that *required input has been supplied by the user?
<div> <p><b>Howard County Certified</b> <span class="formcomment">*required</span></p> <div> <input type="radio" name="hC_Certified" id="hcYcert" value="Y" checked="checked"/> <label for="hcYcert">Certified</label><br/> <input type="radio" name="hC_Certified" id="hcRcert" value="R"/> <label for="hcRcert">Recently Certified</label><br/> <input type="radio" name="hC_Certified" id="hcNcert" value="N"/> <label for="hcNcert">Never Certified (Not Recently - 5 yrs.)</label> </div> </div>
Contenteditable HTML Attribute
Can we use the
contenteditable attribute of HTML to improve the Modify a Field script? See this article.
HTML Entities Being Inputed into a Form Field
If I enter into a form field the character sequence for an HTML entity (
& for example) and then I later am presented (in the browser) with what I entered.. do I see exactly what I had typed or do I see the character it represents (& for example)? I want it so I see exactly what I had typed — the character sequence for the HTML entity (
I want URLs to be presented as hyperlinks (having
target="_blank") in View a Subscription.
Escaping Quotes in strings going to Database
Quote characters used in form input must be properly escaped for database storage—and unescaped after retrieval.
Replacing HTML Special Characters
HTML special characters (like <) in form input fields must be replaced with their corresponding HTML entities to prevent injection of code by a hacker and to display strings in the browser as they were typed into the form input.
PHP Shows Its Errors
PHP debug mode should be set to give browser errors. I’ll remove this setting in production.
Form validation is important to me.
Feedback to User
The code should present properly formatted error/status messages to keep the user informed.