I have the following problem:<br />
<br />
I've constructed a shopping cart, whereby there is a shipping calculator which bases the shipping cost based on the quantity of items you order, and the type of shipping you choose. When you click the "total" button after selecting the right options, the final value of your order appears in a text field. However, i want this shipping value total to be uneditable -- as it is, a user can click the cursor in there, and change the amount! How can i do this? <br />
<br />
The form in question is at this address, if you want to take a look. I was hired to created this website, and this is a temporary address only while the site is in development:<br />
<br />
<!-- m --><a class="postlink" href="http://www.umich.edu/~bumanov/site3/orderbook.htm">http://www.umich.edu/~bumanov/site3/orderbook.htm</a><!-- m --><br />
<br />
Any feedback would be appreciated! Thanks.<br />
<br />
-ben<!--content-->on the browser side you have a couple of options. You can make the input field readonly:<br />
<br />
<input type="text" name="foo" value="bar" readonly><br />
<br />
or you can get rid of the input field and place the final value in a hidden form field and display the final value in another input field that does not get parsed by the server side script so it does not matter if it gets changed, or just display the final value as regular html code and use the hidden form field to send the final value to the server script.<br />
<br />
None of these are fool-proof if a person really wants to jack the form. What your script should be doing is writing to a temp file on the server and keeping track of everything that way. Its the only way to make it impossible for a person to manipulate the form data.<br />
<br />
I hope your script is double checking those required form fields on the server side. The javascript validation is good but is easily bypassed.<!--content-->er .... not that I know much about it ... I've just found an Html keyword called 'readonly', which goes in the 'form' code. just readonly="false" seems to work. There's a few others like 'contenteditable' and 'unselectable' but they don't work reliably. Well that's a surprise ...<!--content-->
<br />
I've constructed a shopping cart, whereby there is a shipping calculator which bases the shipping cost based on the quantity of items you order, and the type of shipping you choose. When you click the "total" button after selecting the right options, the final value of your order appears in a text field. However, i want this shipping value total to be uneditable -- as it is, a user can click the cursor in there, and change the amount! How can i do this? <br />
<br />
The form in question is at this address, if you want to take a look. I was hired to created this website, and this is a temporary address only while the site is in development:<br />
<br />
<!-- m --><a class="postlink" href="http://www.umich.edu/~bumanov/site3/orderbook.htm">http://www.umich.edu/~bumanov/site3/orderbook.htm</a><!-- m --><br />
<br />
Any feedback would be appreciated! Thanks.<br />
<br />
-ben<!--content-->on the browser side you have a couple of options. You can make the input field readonly:<br />
<br />
<input type="text" name="foo" value="bar" readonly><br />
<br />
or you can get rid of the input field and place the final value in a hidden form field and display the final value in another input field that does not get parsed by the server side script so it does not matter if it gets changed, or just display the final value as regular html code and use the hidden form field to send the final value to the server script.<br />
<br />
None of these are fool-proof if a person really wants to jack the form. What your script should be doing is writing to a temp file on the server and keeping track of everything that way. Its the only way to make it impossible for a person to manipulate the form data.<br />
<br />
I hope your script is double checking those required form fields on the server side. The javascript validation is good but is easily bypassed.<!--content-->er .... not that I know much about it ... I've just found an Html keyword called 'readonly', which goes in the 'form' code. just readonly="false" seems to work. There's a few others like 'contenteditable' and 'unselectable' but they don't work reliably. Well that's a surprise ...<!--content-->