Posted by Toby A Inkster on 05/30/07 15:15

SterLo wrote:

> First - let's make a "standards compliant form".
> <form name="form1" method="post" action="index.php">
> <input type="text" id="user" name="user">
> <input type="password" id="pass" name="pass">
> <input type="submit" id="Submit" name="Submit" value="Submit">
> </form>

Your changes are no more compliant with HTML standards than the original
was. You've added action="index.php", even though action="" is fine; and
you've added unnecessary id attributes to all the elements, even though
they're not used anywhere.

However, the form will not pass HTML or XHTML validation (not Strict
anyway) because FORM elements are only allowed to have block-level
content, but INPUT elements are inline content.

Instead the following would validate as HTML Strict:

<form name="form1" method="post" action="">
<fieldset>
<legend>Log in</legend>
<input type="text" name="user">
<input type="password" name="id">
<input type="submit" name="Submit" value="Submit">
</fieldset>
</form>

or as XHTML:

<form name="form1" method="post" action="">
<fieldset>
<legend>Log in</legend>
<input type="text" name="user" />
<input type="password" name="id" />
<input type="submit" name="Submit" value="Submit" />
</fieldset>
</form>

Your PHP is potentially dangerous, perhaps allowing SQL injection.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 95 days, 22:53.]

Non-Intuitive Surnames
http://tobyinkster.co.uk/blog/2007/05/25/non-intuitive-surnames/

• Next in forum: Re: I need a subdomain service like kickme.to
• Prev in forum: Re: Problem with nested if-else statement
• Thread view: Re: Login

[Reply to this message]