Web Forms
   HOME

TheInfoList



OR:

A webform, web form or HTML form on a web page allows a user to enter data that is sent to a
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
for processing. Forms can resemble
paper Paper is a thin sheet material produced by mechanically or chemically processing cellulose fibres derived from wood, rags, grasses or other vegetable sources in water, draining the water through fine mesh leaving the fibre evenly distrib ...
or
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases s ...
forms because web users fill out the forms using checkboxes,
radio buttons A radio button or option button is a graphical control element that allows the user to choose only one of a predefined set of mutually exclusive options. The singular property of a radio button makes it distinct from checkboxes, where the user ...
, or
text fields type=search placeholder=An example text box, which can be used to search the English Wikipedia. A text box (input box), text field or text entry box is a control element of a graphical user interface, that should enable the user to input ...
. For example, forms can be used to enter
shipping Freight transport, also referred as ''Freight Forwarding'', is the physical process of transporting commodities and merchandise goods and cargo. The term shipping originally referred to transport by sea but in American English, it has been ...
or
credit card A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt (i.e., promise to the card issuer to pay them for the amounts plus the o ...
data to order a product, or can be used to retrieve search results from a search engine.


Description

Forms are enclosed in the
HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaSc ...
<form> element. This element specifies the
communication endpoint A communication endpoint is a type of communication network node. It is an interface exposed by a communicating party or by a communication channel. An example of the latter type of a communication endpoint is a publish-subscribe topic or a grou ...
the data entered into the form should be submitted to, and the
method Method ( grc, μέθοδος, methodos) literally means a pursuit of knowledge, investigation, mode of prosecuting such inquiry, or system. In recent centuries it more often means a prescribed process for completing a task. It may refer to: *Scien ...
of submitting the data, GET or POST.


Elements

Forms can be made up of standard
graphical user interface The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inst ...
elements: * <text> — a simple
text box type=search placeholder=An example text box, which can be used to search the English Wikipedia. A text box (input box), text field or text entry box is a control element of a graphical user interface, that should enable the user to input ...
that allows input of a single line of text. * <email> - a type of <text> that requires a partially validated email address * <number> - a type of <text> that requires a number * <password> — similar to <text>, it is used for security purposes, in which the characters typed in are invisible or replaced by symbols such as * * <radio> — a
radio button A radio button or option button is a graphical control element that allows the user to choose only one of a predefined set of mutually exclusive options. The singular property of a radio button makes it distinct from checkboxes, where the user ...
* <file> — a
file select In HTML, a file-select control is a component of a web form with which a user can select a local file. When the form is submitted (perhaps together with other form data), the file is uploaded to the web server. There, when the file arrives, some act ...
control for uploading a file * <reset> — a
reset button In electronics and technology, a reset button is a button that can reset a device. On video game consoles, the reset button restarts the game, forfeiting the player's unsaved progress. On personal computers,On IBM mainframes reset neither c ...
that, when activated, tells the browser to restore the values to their initial values. * <submit> — a
button A button is a fastener that joins two pieces of fabric together by slipping through a loop or by sliding through a buttonhole. In modern clothing and fashion design, buttons are commonly made of plastic but also may be made of metal, wood, o ...
that tells the browser to take action on the form (typically to send it to a server) * <textarea> — much like the <text> input field except a <textarea> allows for multiple rows of data to be shown and entered * <select> — a
drop-down list A drop-down list (abbreviated drop-down, or DDL; also known as a drop-down menu, drop menu, pull-down list, picklist) is a graphical control element, similar to a list box, that allows the user to choose one value from a list. When a drop-dow ...
that displays a list of items a user can select from The sample image on the right shows most of these elements: * a text box asking for your name * a pair of radio buttons asking you to pick your sex * a select box giving you a list of eye colors to choose from * a pair of check boxes to click on if they apply to you * a text area to describe your athletic ability * a submit button to send it to the server These basic elements provide most common
graphical user interface The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inst ...
(GUI) elements, but not all. For example, there are no equivalents to a
tree view In botany, a tree is a perennial plant with an elongated stem, or trunk, usually supporting branches and leaves. In some usages, the definition of a tree may be narrower, including only woody plants with secondary growth, plants that are u ...
or
grid view A grid view or a datagrid is a graphical control element that presents a tabular view of data. A typical grid view also supports some or all of the following: * Clicking a ''column header'' to change the sort order of the grid * Dragging co ...
. A grid view, however, can be mimicked by using a standard HTML
table Table may refer to: * Table (furniture), a piece of furniture with a flat surface and one or more legs * Table (landform), a flat area of land * Table (information), a data arrangement with rows and columns * Table (database), how the table data ...
with each cell containing a text input element. A tree view could also be mimicked through nested tables or, more
semantically Semantics (from grc, σημαντικός ''sēmantikós'', "significant") is the study of reference, meaning, or truth. The term can be used to refer to subfields of several distinct disciplines, including philosophy, linguistics and compu ...
appropriately, nested
lists A ''list'' is any set of items in a row. List or lists may also refer to: People * List (surname) Organizations * List College, an undergraduate division of the Jewish Theological Seminary of America * SC Germania List, German rugby unio ...
. In both cases, a server-side process is responsible for processing the information, while JavaScript handles the user-interaction. Implementations of these interface elements are available through
JavaScript libraries A JavaScript library is a library of pre-written JavaScript code that allows for easier development of JavaScript-based applications, especially for AJAX and other web-centric technologies. Libraries With the expanded demands for JavaScript, an e ...
such as
jQuery jQuery is a JavaScript library designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax. It is free, open-source software using the permissive MIT License. As of Aug 2022, jQuery is u ...
. HTML 4 introduced the <label> tag, which is intended to represent a caption in a user interface, and can be associated with a specific form control by specifying the id
attribute Attribute may refer to: * Attribute (philosophy), an extrinsic property of an object * Attribute (research), a characteristic of an object * Grammatical modifier, in natural languages * Attribute (computing), a specification that defines a prope ...
of the control in the label tag's for attribute. This allows labels to stay with their elements when a window is resized and to allow more desktop-like functionality (e.g. clicking a radio button or checkbox's label will activate the associated input element). HTML 5 introduces a number of input tags that can be represented by other interface elements. Some are based upon text input fields and are intended to input and validate specific common data. These include <email> to enter email addresses, <tel> for telephone numbers, <number> for numeric values. There are additional attributes to specify required fields, fields that should have keyboard
focus Focus, or its plural form foci may refer to: Arts * Focus or Focus Festival, former name of the Adelaide Fringe arts festival in South Australia Film *''Focus'', a 1962 TV film starring James Whitmore * ''Focus'' (2001 film), a 2001 film based ...
when the web page containing the form is loaded, and placeholder text that is displayed within the field but is not user input (such as the 'Search' text displayed in many search input fields before a search term is entered). These tasks used to be handled with
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...
, but had become so common that support for them was added to the standard. The <date> input type displays a calendar from which the user can select a date or date range. And the color input type can be represented as an input text simply checking the value entered is a correct hexadecimal representation of a color, according to the specification, or a color picker widget (the latter being the solution used in most browsers which support this attribute).


Submission

When data that has been entered into HTML forms is submitted, the names and values in the form elements are encoded and sent to the server in an
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide We ...
request message using
GET Get or GET may refer to: * Get (animal), the offspring of an animal * Get (divorce document), in Jewish religious law * GET (HTTP), a type of HTTP request * "Get" (song), by the Groggers * Georgia Time, used in the Republic of Georgia * Get AS, a ...
or
POST Post or POST commonly refers to: *Mail, the postal system, especially in Commonwealth of Nations countries **An Post, the Irish national postal service **Canada Post, Canadian postal service **Deutsche Post, German postal service **Iraqi Post, Ira ...
. Historically, an
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
transport was also used. The default MIME type (internet media type),
application/x-www-form-urlencoded Percent-encoding, also known as URL encoding, is a method to encode arbitrary data in a Uniform Resource Identifier (URI) using only the limited US-ASCII characters legal within a URI. Although it is known as ''URL encoding'', it is also used m ...
, is based on a very early version of the general URI
percent-encoding Percent-encoding, also known as URL encoding, is a method to encode arbitrary data in a Uniform Resource Identifier (URI) using only the limited US-ASCII characters legal within a URI. Although it is known as ''URL encoding'', it is also used ...
rules, with a number of modifications such as newline normalization and replacing spaces with "+" instead of "%20". Another possible encoding, Internet media type
multipart/form-data Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message ...
, is also available and is common for POST-based file submissions.


Use with programming languages

Forms are usually combined with programs written in various
programming language A programming language is a system of notation for writing computer programs. Most programming languages are text-based formal languages, but they may also be graphical. They are a kind of computer language. The description of a programming ...
to allow
developer Developer may refer to: Computers * Software developer, a person or organization who develop programs/applications * Video game developer, a person or business involved in video game development, the process of designing and creating games * Web d ...
s to create dynamic
web site A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wikip ...
s. The most popular languages include both client-side and/or server-side languages. Although any programming language can be used on the server to process a form's data, the most commonly used languages are
scripting languages A scripting language or script language is a programming language that is used to manipulate, customize, and automate the facilities of an existing system. Scripting languages are usually interpreted at runtime rather than compiled. A scripting ...
, which tend to have stronger string handling functionality than programming languages such as C, and also have automatic memory management which helps to prevent
buffer overrun In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memor ...
attacks.


Client-side

The ''de facto''
client-side scripting A server-side dynamic web page is a web page whose construction is controlled by an application server processing server-side scripts. In server-side scripting, parameters determine how the assembly of every new web page proceeds, and includi ...
language for web sites is
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...
. Using JavaScript on the
Document Object Model The Document Object Model (DOM) is a cross-platform and language-independent interface that treats an XML or HTML document as a tree structure wherein each node is an object representing a part of the document. The DOM represents a document wi ...
(DOM) leads to the method of
Dynamic HTML Dynamic HTML, or DHTML, is a term which was used by some browser vendors to describe the combination of HTML, style sheets and client-side scripts (JavaScript, VBScript, or any other supported scripts) that enabled the creation of interactive ...
that allows dynamic creation and modification of a web page within the browser. While client-side languages used in conjunction with forms are limited, they often can serve to do pre- validation of the form data and/or to prepare the form data to send to a server-side program. This usage is being replaced, however, by
HTML5 HTML5 is a markup language used for structuring and presenting content on the World Wide Web. It is the fifth and final major HTML version that is a World Wide Web Consortium (W3C) recommendation. The current specification is known as the HTML ...
's new input field types and required attribute.


Server-side execution

Server-side code can do a vast assortment of tasks to create dynamic web sites that, for technical or security reasons, client-side code cannot — from
authenticating Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proof (truth), proving an Logical assertion, assertion, such as the Digital identity, identity of a computer system user. In ...
a
login In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system by identifying and authenticating themselves. The user credentials are typically some fo ...
, to retrieving and storing data in a
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases s ...
, to
spell checking In software, a spell checker (or spelling checker or spell check) is a software feature that checks for misspellings in a text. Spell-checking features are often embedded in software or services, such as a word processor, email client, electronic di ...
, to sending
e-mail Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic (digital) version of, or counterpart to, mail, at a time when "mail" meant ...
. A significant advantage to server-side over client-side execution is the concentration of functionality onto the server rather than relying on different
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
s to implement various functions in consistent,
standardized Standardization or standardisation is the process of implementing and developing technical standards based on the consensus of different parties that include firms, users, interest groups, standards organizations and governments. Standardization ...
ways. In addition, processing forms on a server often results in increased security if server-side execution is designed not to trust the data supplied by the client and includes such techniques as
HTML sanitization In data sanitization, HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe" and desired. HTML sanitization can be used to protect against attacks s ...
. One disadvantage to server side code is
scalability Scalability is the property of a system to handle a growing amount of work by adding resources to the system. In an economic context, a scalable business model implies that a company can increase sales given increased resources. For example, a ...
—server side processing for all users occurs on the server, while client side processing occurs on individual client computers.


Interpreted languages

Some of the
interpreted language In computer science, an interpreter is a computer program that directly executes instructions written in a programming or scripting language, without requiring them previously to have been compiled into a machine language program. An interprete ...
s commonly used to design interactive forms in web development are
PHP PHP is a general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by The PHP Group. ...
,
Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (pro ...
,
Ruby A ruby is a pinkish red to blood-red colored gemstone, a variety of the mineral corundum ( aluminium oxide). Ruby is one of the most popular traditional jewelry gems and is very durable. Other varieties of gem-quality corundum are called ...
,
Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offic ...
, JSP,
Adobe ColdFusion Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as C ...
and some of the compiled languages commonly used are
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...
and C# with
ASP.NET ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages. It was developed by Microsoft to allow programmers to build dynamic web sites, applications and services. The name s ...
.


PHP

PHP PHP is a general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by The PHP Group. ...
is one very common language used for server-side "programming" and is one of the few languages created specifically for
web programming Web development is the work involved in developing a website for the Internet (World Wide Web) or an intranet (a private network). Web development can range from developing a simple single static page of plain text to complex web applications, ...
. To use PHP with an HTML form, the URL of the PHP script is specified in the action attribute of the form tag. The target PHP file then accesses the data passed by the form through PHP's $_POST or $_GET variables, depending on the value of the method attribute used in the form. Here is a basic form handler PHP script that will display the contents of the input field on the page: Form

Output The sample code above uses PHP's filter_input() function to sanitize the user's input before inserting it onto the page. Simply printing (echoing) user input to the browser without checking it first is something that should be avoided in secure forms processors: if a user entered the JavaScript code into the field, the browser would execute the script on the page, just as if it had been coded by the developer; malicious code could be executed this way. filter_input() was introduced in PHP 5.2. Users of earlier PHP versions could use the htmlspecialchars() function, or
regular expressions A regular expression (shortened as regex or regexp; sometimes referred to as rational expression) is a sequence of characters that specifies a search pattern in text. Usually such patterns are used by string-searching algorithms for "find" o ...
to sanitize the user input before doing anything with it.


Perl programming language

Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offic ...
is another language often used for web development. Perl scripts are traditionally used as
Common Gateway Interface In computing, Common Gateway Interface (CGI) is an interface specification that enables web servers to execute an external program, typically to process user requests. Such programs are often written in a scripting language and are commonly re ...
applications (CGIs). In fact, Perl is such a common way to write CGIs that the two are often confused. CGIs may be written in other languages than Perl (compatibility with multiple languages is a design goal of the CGI protocol) and there are other ways to make Perl scripts interoperate with a web server than using CGI (such as
FastCGI FastCGI is a binary protocol for interfacing interactive programs with a web server. It is a variation on the earlier Common Gateway Interface (CGI). FastCGI's main aim is to reduce the overhead related to interfacing between web server and CGI ...
, Plack or Apache's
mod_perl Mod, MOD or mods may refer to: Places * Modesto City–County Airport, Stanislaus County, California, US Arts, entertainment, and media Music * Mods (band), a Norwegian rock band * M.O.D. (Method of Destruction), a band from New York City, US ...
). Perl CGIs were once a very common way to write
web application A web application (or web app) is application software that is accessed using a web browser. Web applications are delivered on the World Wide Web to users with an active network connection. History In earlier computing models like client-serv ...
s. However, many web hosts today effectively only support PHP, and developers of web applications often seek compatibility with them. A modern Perl 5 CGI using the CGI module with a form similar to the one above might look like: #!/usr/bin/env perl use strict; use CGI qw(:standard); my $name = param("first-name"); print header; print html( body( p("Hello, $name!"), ), );


Form-to-email scripts

Among the simplest and most commonly needed types of server-side script is that which simply emails the contents of a submitted form. This kind of script is frequently exploited by
spammer Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose (especial ...
s, however, and many of the most popular form-to-email scripts in use are vulnerable to hijacking for the purpose of sending spam emails. One of the most popular scripts of this type wa
"FormMail.pl"
made by Matt's Script Archive. Today, this script is no longer widely used in new development due to lack of updates, security concerns, and difficulty of configuration.


Form builders

Some companies offer forms as a hosted service. Usually, these companies give some kind of visual editor, reporting tools and infrastructure to create and host the forms, that can be embedded into webpages.
Web hosting A web hosting service is a type of Internet hosting service that hosts websites for clients, i.e. it offers the facilities required for them to create and maintain a site and makes it accessible on the World Wide Web. Companies providing we ...
companies provide templates to their clients as an add-on service. Other form hosting services offer free contact forms that a user can install on their own website by pasting the service's code into the site's HTML.


History

HTML forms were first implemented by the
Viola ; german: Bratsche , alt=Viola shown from the front and the side , image=Bratsche.jpg , caption= , background=string , hornbostel_sachs=321.322-71 , hornbostel_sachs_desc=Composite chordophone sounded by a bow , range= , related= *Violin family ...
browser.


See also

*
CAPTCHA A CAPTCHA ( , a contrived acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge–response test used in computing to determine whether the user is human. The term was coined in 2003 b ...
*
Postback In web development, a postback is an HTTP POST to the same page that the form is on. In other words, the contents of the form are ''POST''ed ''back'' to the same URL as the form. Postbacks are commonly seen in edit forms, where the user introduce ...
*
XForms XForms is an XML format used for collecting inputs from web forms. XForms was designed to be the next generation of HTML / XHTML forms, but is generic enough that it can also be used in a standalone manner or with presentation languages other th ...
*
HTML The HyperText Markup Language or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaSc ...


References

{{reflist


External links


Forms in HTML documents
the
W3C The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. Founded in 1994 and led by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working to ...
's spec page for forms in HTML 4.
HTML5 forms specification
* Wikibooks: HyperText Markup Language/Forms
Try out HTML properties.
User interface techniques HTML tags HTML