I use forms a lot and rely on "" to mean something was deleted. I've never had issues. And by the way is " " not empty? You could try placing a value=" " instead of value="" as a default and see if that insures your empty value.
No, " " is not an empty string.. the space counts.. an empty string would be a totally blank empty box. When validating a form entry for a required field, it's always helpful to trim the string (remove whitespace from beginning and end) then check if the string is empty again, to avoid blank submissions.
Msg#: 3089769 posted 10:14 am on Sep 21, 2006 (gmt 0)
sharbel: interesting point that I'll bear in mind when checking for valid input.
pixeltierra: What I'm concerned about is that the spec appears to leave open 2 possibilities for submitting empty values.
i) a=a_value&b=&c=a_value ii) a=a_value&c=a_value
I was wondering whether either of the above can be relied upon to always be the case? Does it change according to method? I'm using POST.
It was curiousity mainly. I can easily code to allow for both possibilities and I think it would be safer to do so. Even if one can be relied upon today you never know what a new user agent might do tomorrow!
Yes, you should code to allow for both possibilities, and more. Anyone can POST any name/value pairs to your form script. If you gave me the URL of your form, in a few minutes I could make a form on my own computer that would POST a=a_value&c=a_value&d=myownvalue&f=someothervalue to your form processing script. Easy as pie, anyone with the most rudimentary skills can do that.
Always check user input. Check for fields that you expect to be there, and write your code so that it ignores anything you don't expect to be there.
Even that isn't necessary these days for probing. Just a copy of Firefox and the UrlParams extension is what I generally use for testing my forms.
This one however is going to be a mega pain in the backside to test as I'm specifically coding secure forms where the fieldnames change every time you load the form and each set of names can only be submitted to once.
I don't think anybody has actually exploited my current forms yet but I've certainly seen a few exploratory manouvres.