I'm not sure if a textarea element has a maxsize, but you can trim it with a little bit of VB script on the submit.

Just use the "left" command to grab how many characters you want and reassign the value of the element to that substring.

VB is beyond my grasp, tex. I'm pushing my limits when I try to script using PHP. You're the mod so, I'll assume there's no easy way. Seems like a common sense feature, wonder why it's not available. Thanks for trying!

TJ

Yeah, there isn't any easy way to do it. "Easy" meaning just with HTML, if you're at all familiar with PHP, javascript, or VBscript it's possible to do it (though doing it on the server side with PHP, ASP, VB.net, C#, ColdFusion, CGI, or any SS language is the only surefire way to do it).

Which do you have available to you? I (or anyone else here) would be glad to post code you could work with.

[addendum]
This is something I'd definitely like to see in future versions of HTML - though even with existing TEXT type form fields and MAXLENGTH, server-side validation is the only way to be sure users don't enter too much text.
[/addendum]

Filipe-

I'm on hosts that support PHP. Will the code stop the scrolling or, will it only pull a certain amount of text out of the area? It does seem like an obvious necessity. Another lovely aspect of text areas is the cross browser problems. NN adds columns to the area and, scrolls linearly (I spent an hour trying to get it to scroll vert but, it seems you have to work it like a typewriter). I figured the text areas were going to be the easy part.

I've been toying with events/behaviors. There seems to be some in them for altering content. Any use in them for what I'm trying to do? Thanks for your time,

TJ

There is no way with PHP to limit the actual code users can enter, but it can return an error or clip it if it's too long.

e.g.

$text_field = $_POST["text_field"];
$max_length = 200;

// To let the user enter something else
if(strlen($text_field > $max_length))
{
// return an error
}

// To just clip the excess
if(strlen($text_field > $max_length))
$text_field = mid($text_field,0,$max_length);

Either will work, but from the user perpective, the prior is best because that way they *know* what data they'll end up passing.

The reason I say that server side validation is the only way to ensure it is because people can always spoof with your HTML if they want to. Unless your form processing script is very strict about checking referrers, browser types and version, and all that stuff (which is all spoofable anyhow) your best bet is to check everything behind the scenes.

Thanks, Filipe

The first one looks like a great choice. I'll throw it in there and, see what happens. "Spoofing" is one of those terms that are used for different references (like spam). I know IP spoofing but, what's the spoofing about that you reference? Thanks again

TJ

Why not use an onBlur or onSubmit javascript call to check the character length and alert the user if it exceeds x?

Or what about limiting the amount of text in you database (if it's going into one)?

Leo

Those are all good solutions guys, but the problems are these:

Javascript Validation - Can be disabled or removed from a page
Database limits - This is good practice anyway, but it won't solve any problems. Most database systems will fail if you try to enter too much information into a field (rather than just cutting it off and returning a successful operation).

Plus, if it were to just cut off the text, that would be a poor usability standard to operate under. You want users to know what's being stored (that is, exactly what they type). If it's too much text, tell them so so they can alter what they entered to make it right.

I try to use a combination of three things when I have time to do so, but only server side validation is necessary:
1. HTML limits on text fields (arg, but doesn't work on <textarea>
2. OnSubmit or onBlur validation (I prefer onSubmit for less code, but onBlur for less hassle on the user end)
3. Server side validation

It's a little bit more work, but it will cut down on errors dramatically.

Yes, definitely do server-side validation in addition to any javascript validation. I've known people in this biz who mistakenly think javascript validation alone is enough to restrict the user, but this fails for anyone who does not have javascript enabled. Javascript validation is strictly for the benefit of the user and nothing more.