ptg16476052Grouping Controls with fieldset and legend 35312
Enter your answer here.
When displayed in a web browser, the control will be dimmed (a light shade of gray) to
indicate that it’s unavailable.
To create a read-only control, use the readonly attribute:
Input ▼
The read-only control is not distinguished in any way from a normal form control.
However, when visitors attempt to enter new information (or, in the case of buttons or
check boxes, select them), they’ll find that they cannot change the value. Figure 12.24
shows both a disabled control and a read-only control. You’ll generally find disabled to
be more useful because it’s less confusing to your users.
Output ▼
FIGURE 12.24
Disabled controls
are dimmed.
Read-only controls
appear normally—
they just can’t be
changed.
Form Security
It’s important to remember that regardless of what you do with your form controls,
what gets sent back to the server when the form is submitted is really up to your
user. There’s nothing to stop her from copying the source to your form, creating a
similar page on her own, and submitting that to your server. If the form uses the get
method, the user can just edit the URL once the form has been submitted.
The point here is that there is no form security. In Lesson 19, “Using JavaScript in
Your Pages,” you’ll learn how to validate your forms with JavaScript. Even in that
case, you can’t guarantee that users will supply the input that you intend. What this
means is that you must always validate the data entered by your users on the server
before you use it.