Jump to content

[SOLVED] Set textboxes to readonly...?

A JM

By A JM
in PHP Coding Help

 Share

Recommended Posts

A JM Regular Member

A JM

Posted
Posted

I'm trying to set my forms textboxes to readonly only if a varible is set, can someone help me with what I'm dong wrong?

 

<?php
      if ($readonlytextboxes == 1) {
            echo "<script type='text/javascript'>";
            echo "alert('readonly')";
            echo "for(i=0; i<document.form1.elements.length; i++)";
            echo "{";
            echo "if(document.form1.elements[i].type=='text')";
            echo "{";
            echo "document.form1.elements[i].readOnly=true";
            echo "}";
            echo "}";
            echo "</script>";
      }
?>

Link to comment
Share on other sites
A JM Regular Member

A JM

Posted
  • Author
Posted

I don't know how to make this happen so I was just giving it a go..

 

The form has a multi-use, for some users $readonlytextboxes == 0 I want them to be able to input information into the textboxes for other users $readonlytextboxes == 1 I just want them to be able to view the contents of the textboxes and not be able to edit/make changes.

 

Is there a better way to do this?

 

Thanks.

 

A JM,

 

 

Link to comment
Share on other sites
TeNDoLLA Newbie

TeNDoLLA

Posted
Posted

If you are anyway echoing your whole forms in php it would be the same aswell do this disabling / enabling in php side without JS. In php just check the users status if he /she is allowed to input or not ad then create the forms for him that way, meaning for other users you echo disabled/readonly elements. Also JS can be disabled by user so if you do it with JS it might not work for everyone and it is very easy to get by.

Link to comment
Share on other sites
lonewolf217 Member

lonewolf217

Posted
Posted

something along the lines of this is what you want

 

<form>
<input type="text" name="username" <?php if(!$userIsAbleToEditThisBox) { echo "READONLY"; }>
</form>

 

basically, use php to determine the user's capability.  if he is not able to edit that part of the form, set the readonly flag

Link to comment
Share on other sites
roopurt18 Advanced Member

roopurt18

Posted
Posted

Just remember when the user submits the form you have to check again that they have permission to update the field before you actually update it.  If you send a form field to my browser disabled I can easily enable it and modify the contents.

Link to comment
Share on other sites
A JM Regular Member

A JM

Posted
  • Author
Posted

something along the lines of this is what you want

 

<form>
<input type="text" name="username" <?php if(!$userIsAbleToEditThisBox) { echo "READONLY"; }>
</form>

 

basically, use php to determine the user's capability.  if he is not able to edit that part of the form, set the readonly flag

 

Lonewolf, that makes some sense how do I actually implement that on my form?

 

This is an example:

 

<input type="text" name="clnt_name" id="clnt_name" tabindex="3" class="form-inputitem" value="<?php echo htmlentities($row_rstocdetail['clnt_name'], ENT_COMPAT, 'utf-8'); ?>" size="50" />

 

would it look like this?

 

<input type="text" name="clnt_name" id="clnt_name" tabindex="3" class="form-inputitem" value="<?php echo htmlentities($row_rstocdetail['clnt_name'], ENT_COMPAT, 'utf-8'); ?>" readonly=<?php if(!$readonlytextboxes) { echo "true"; }> size="50" />

 

Link to comment
Share on other sites
A JM Regular Member

A JM

Posted
  • Author
Posted

Rather than guessing why not refer to some documentation on what is valid within an input-tag?

 

http://www.w3schools.com/tags/default.asp

http://www.w3schools.com/tags/tag_input.asp

 

According to that it should be:

<input type="text" <!-- other stuff --> readonly="readonly" />

 

Unfourtunately since I'm not familiar with how to accomplish this I have to resort to guessing and reading and asking... this by the way no workey..

 

<input type="text" name="clnt_name" id="clnt_name" tabindex="3" class="form-inputitem" value="<?php echo htmlentities($row_rstocdetail['clnt_name'], ENT_COMPAT, 'utf-8'); ?>" <?php if(!$userIsAbleToEditThisBox) { echo readOnly="readOnly"; }?> size="50" />

 

Nor does this:

 

<input type="text" name="clnt_name" id="clnt_name" tabindex="3" class="form-inputitem" value="<?php echo htmlentities($row_rstocdetail['clnt_name'], ENT_COMPAT, 'utf-8'); ?>" <?php if(!$userIsAbleToEditThisBox) { echo "READONLY"; }?> size="50" />

 

However lonewolf - the textbox has been set to readonly in the above instance, but never to allow editing.

 

I verified that indeed when the record is selected the variable is either a 0 or 1.

 

//if user is not allowed set variable for turning off the textbox capability it will be a 1 else a 0
$readonlytextboxes = $row_rstocdetail['chk_allowediting'];
print_r($readonlytextboxes);
exit;

 

 

Link to comment
Share on other sites
A JM Regular Member

A JM

Posted
  • Author
Posted

Lonewolf, actually this did work... I was using the wrong variable... user error - many thanks!

 

<input type="text" name="clnt_name" id="clnt_name" tabindex="3" class="form-inputitem" value="<?php echo htmlentities($row_rstocdetail['clnt_name'], ENT_COMPAT, 'utf-8'); ?>" <?php if($readonlytextboxes) { echo "READONLY"; }?> size="50" />

 

Last question on this subject - roopurt18 was warning about verifying that the user can update when submitting. Could someone give me some insight into what he is referring and how would I avoid this from happening?

 

Thanks.

 

A JM,

Link to comment
Share on other sites
lonewolf217 Member

lonewolf217

Posted
Posted

he is referring to the fact that you can override the disable function (personally i dont think i know how, but i think its possible) so what you need to do is you need to put an additional check into your validation code.

 

on your backend where you process the form, check to make sure the user who submitted the form is allowed to submit the particular field before trying to submit it to your database

Link to comment
Share on other sites
roopurt18 Advanced Member

roopurt18

Posted
Posted

This is what your output needs to look like:

<input type="text" <!-- other stuff --> readonly="readonly" />

 

Load the page, view the HTML source, and find the input control you're trying to create.  Find the part of it where you think the readonly="readonly" should have been and see what's actually there.

 

Then change your script and try it again.  Repeat this until the output (i.e. the HTML source sent to the browser) is what it's supposed to be.

 

Here's a big hint:

// You have this code in your post above...ITS NOT VALID PHP.
<?php if(!$userIsAbleToEditThisBox) { echo readOnly="readOnly"; }?>

// But this is:
<?php if(!$userIsAbleToEditThisBox) { echo 'readonly="readonly"'; }?>

 

And the documentation that I provided to you says it has to be:

readonly="readonly"  <-- That right there is what HAS to be in the HTML output

readOnly="readOnly"  <-- That is what you're trying to send. 

 

Why is your O capitalized?  If the documentation has it lowercase, then you do it lowercase.  ;)

Link to comment
Share on other sites
roopurt18 Advanced Member

roopurt18

Posted
Posted

Last question on this subject - roopurt18 was warning about verifying that the user can update when submitting. Could someone give me some insight into what he is referring and how would I avoid this from happening?

 

I, or anyone else for that matter, can submit to your forms without using their web browser.  PHP has extensions that allow you to send POSTs to URLs as if you were a web browser.  In that case it wouldn't matter that you told me the field was readonly; I'd just post to it anyways.

 

Alternatively a user can open the page in their browser and then save it to their hard drive.  You then edit the HTML on your local hard drive to change the form action to the appropriate URL and remove the readonly="readonly" from the input-tag.  You can then open the file back up in a web browser, fill out the form, and submit it back to the originating web site.

 

Therefore adding readonly="readonly" to the input is a good way of letting the user know they can't change it.  But if you don't recheck their ability to edit the field on the page that receives the form POST, they'll just get around your readonly control in one of the manners I mentioned above.

Link to comment
Share on other sites
A JM Regular Member

A JM

Posted
  • Author
Posted

This is what the source looks like:

 

<input type="text" name="clnt_name" id="clnt_name" tabindex="3" class="form-inputitem" value="namea" READONLY size="50" />

 

I had been seeing people reference the uppercase "O" for browser reasons not sure of the reasoning behind it though.

 

I'll try <?php if(!$userIsAbleToEditThisBox) { echo 'readonly="readonly"'; }?> and see how it goes.

 

 

A JM,

Link to comment
Share on other sites
A JM Regular Member

A JM

Posted
  • Author
Posted

Last question on this subject - roopurt18 was warning about verifying that the user can update when submitting. Could someone give me some insight into what he is referring and how would I avoid this from happening?

 

I, or anyone else for that matter, can submit to your forms without using their web browser.  PHP has extensions that allow you to send POSTs to URLs as if you were a web browser.  In that case it wouldn't matter that you told me the field was readonly; I'd just post to it anyways.

 

Alternatively a user can open the page in their browser and then save it to their hard drive.  You then edit the HTML on your local hard drive to change the form action to the appropriate URL and remove the readonly="readonly" from the input-tag.  You can then open the file back up in a web browser, fill out the form, and submit it back to the originating web site.

 

Therefore adding readonly="readonly" to the input is a good way of letting the user know they can't change it.  But if you don't recheck their ability to edit the field on the page that receives the form POST, they'll just get around your readonly control in one of the manners I mentioned above.

 

Assuming your a logged in user on my site then I think that would make sense.

 

By the way this also works.

 

<?php if($readonlytextboxes) { echo "readonly=readonly"; }?>

Link to comment
Share on other sites
roopurt18 Advanced Member

roopurt18

Posted
Posted

not necessarily true.  I can make a page with this

 

<form>
<input type="text" name="username" READONLY>
</form>

 

and the field will be readonly

 

And your markup will be invalid and can cause all sorts of problems with CSS and JavaScript.  But be my guest.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.