hidden fields in HTML forms

Rick Robino see-sig at wavedivision.com
Mon Aug 2 23:54:48 CEST 1999


Skip Montanaro <skip at mojam.com> wrote:

Thanks Skip, I appreciate the quick response (I would actually like
to use this thing myself!).

>     Rick> Could anyone point me in the right direction of finding a cgi
>     Rick> class that catches hidden fields sent to it from an HTML form?
>     Rick> cgi.py doesn't recognize them;

> Rick,

> There's no reason for cgi.py to recognize anything special about hidden
> fields.  They are only hidden from the web user, not the cgi script.  To
> cgi.py, an input is an input.

Understood - everything is there, but cgi.FieldStorage seems to only
accept keys from the text types of the form input.

> If you want to fiddle around with the <INPUT> TYPE attribute and see what
> the CGI script sees, set your <FORM>'s ACTION attribute to

>     http://www.musi-cal.com/cgi-bin/query

I've been using the apache cgi script logging facility and can see 
the whole string, including hidden fields, being passed. But thanks
for the tip here, I'll check it out.

> That script uses cgi.FormContent() to grok form inputs and spits back
> several bits of information about them and the environment in which the
> script was executed.  If you give it a hidden input, e.g.:

>     <form METHOD=GET ACTION="http://www.musi-cal.com/cgi-bin/query">
> 	<input TYPE=hidden name="hidden" value="You can't see it but I can!">
> 	<input TYPE=text name="visible" value="Users see this!">
> 	<input TYPE=submit>
>     </form>

> you'll see what I mean.

Hmmm... I did use your test - "query" and saw the hidden field output:

    Raw Input:
      hidden=You+can%27t+see+it+but+I+can%21&visible=Users+see+this%21

    Form Fields:
      hidden: ["You can't see it but I can!"]
      visible: ['Users see this!']

Maybe my problem is that the main class my data is coming from doesn't
ever use the raw_input method because I'm only using cgi.FieldStorage().
and not FormContent(). What I've done (remember, I'm just starting
off), was to rip off the FormData class used as an example in the
"Learning Python" book. Here it is, modified to ignore blank fields:

class FormData:
	""" A repository for information gleaned from a CGI form """
	def __init__(self, formdict):
		for fieldname in self.fieldnames:
			if not form.has_key(fieldname):
				bad_web()
			else:
				setattr(self, fieldname, form[fieldname].value)

(thanks Mark Lutz and David Ascher!)

When I use this, in classes I haved defined for emailing and formatting
the data as HTML output, it chokes because the form.has.key(fieldname)
test does not pass. Thats my problem: the whole string gets sent to the
cgi, but I'm missing something from my base class definition that pays
attention to field types other than "Text". If you want, I can send
the cgi and the form (149 and 161 lines, respectively).

This is probably where I need to learn more, and the FormContent class
is probably the class that will help me here. However, the docstring for
that class says:

    """This class is present for backwards compatibility only."""

What do you think? Should I use FormContent or extend cgi.FieldStorage
somehow?  I'm sure I just don't have a good enough grasp of what is
going on here to see the light, but I'll spare the group my personal
tutelage.

If anyone has time to pound into my head some conceptual notions of
classes, functions and other fundamentals and has time to write me, I'd
appreciate it. I learn best by doing and getting the basics down pat,
but I seem to be stuck in this example and the book, although great, is
becoming paper which my body is refusing to do anything but stare at.

I can call if in the U.S., and I can pay with beer too ;)

--Rick 
                                ^^^^^^^^^^^^^^
Rick Robino                                  mailto:rrobino at wavedivision.com




More information about the Python-list mailing list