7

I was wondering whether it is possible to assign a value to an HTML text box and protect it.

What I mean is make it´s content unmodifiable, so that when the form gets submitted im "sure" it was this value which was submitted.

BTW I realize the easier way would be not to "listen" fot this input and just assign it but it would come in handy to be able to do what´s stated above.

I hope the question is clear enough, please ask for any needed clarification.

Thanks in advance!

EDIT: I was definitely not clear enough but I tried to express that i should hold the value after submitted (not modifiable in client side)

Trufa
  • 39,971
  • 43
  • 126
  • 190

5 Answers5

7

Set the readonly property of the input element:

<input type="text" readonly="readonly" />

This will prevent any modification (except if the user edits with a DOM Inspector). Always validate input on the server. If you do not want any changes made, don't allow the user to edit it.

http://www.w3schools.com/tags/att_input_readonly.asp

Evan Mulawski
  • 54,662
  • 15
  • 117
  • 144
7

No, it's not. You should never trust user input, which includes form submissions.

The other answers tell you how to mark the field as read-only. This is useful if you want to display a particular value, while showing that it's not intended to edited.

However, it can still be modified with Firebug, DOM Inspector, etc. Or, they can just submit a HTTP request without using the browser at all.

I would recommend storing the value in a session instead.

Matthew Flaschen
  • 278,309
  • 50
  • 514
  • 539
  • Ok so sessions is the way to go, javascript would be more of the asme such as all client side solution, am I correct? – Trufa Nov 17 '10 at 21:05
  • I completely agree. If you don't want something edited, don't present it that way to the user. – Evan Mulawski Nov 17 '10 at 21:05
3

Form inputs have a 'disabled' and 'readonly' attributes you can set to make them un-editable.

http://htmlhelp.com/reference/html40/forms/input.html

Though you can never be 100% sure what is getting sent from the client side. The entire DOM is editable by the client.

wajiw
  • 12,239
  • 17
  • 54
  • 73
3

Just do this

<input type="text" value="VALUE" readonly />

Then itll be read only :)

Johnny
  • 9,725
  • 5
  • 29
  • 34
3

<input type="text" readonly="readonly"/>. But: Never be sure, and validate data on the server side. It is very easy to request GET/POST with invalid data.

khachik
  • 28,112
  • 9
  • 59
  • 94