On Sep 10, 3:30*pm, "Jukka K. Korpela" <jkorp...@cs.tut.fiwrote:
Quote:
smk17 wrote:
Quote:
I've spent the last few minutes searching for this question and I
found an answer, but it wasn't quite what the client wanted.
>
You are not telling which answer you found, but, judging from indirect
evidence, it seems that it is basically the correct answer.
>
Quote:
I have a simple online form where the user needs to fill out five
fields out of nine. The other four are already there and filled out
for the user. When they hit submit, all data is sent to us.
>
That's possible, though the question arises why you send four pieces of data
just to get them back.
>
Quote:
But, if they desire (for whatever reason) the user can possibly delete
what is already there and fill in something else.
>
Surely he can. You can make it more difficult by using the readonly
attribute (which may also affect rendering), but it's easy to create a copy
of a page, edit it by removing that attribute etc.
>
Quote:
Is there a way to have that info already filled in and untouchable?
>
No.
>
Quote:
I thought about having it type="hidden" but I think the client wants the
user to be able to see it.
>
You can include a copy of the data as normal visible content. This approach
takes a further step in making it more difficult to change the data - though
only in the sense that the user does see it as being in a form field, so it
will come less often to the user's mind that it will be sent and could be
modified.
>
If you know what the extra data must be, just _use_ it on the server that
receives the form data and associate it with the data set submitted. Things
get tricky if the data is, in fact, dependent on the situation and was
generated for a particular instance. But you would need to explain the
scenario in more detail, preferably in another question, since this isn't
really an HTML question (except marginally, in a rather trivial sense).
>
>
I'm not sure of what is being done there, but I get suspicious when money
issues are dealt with without using https (SSL). Where I live, the normal
approach is that when payment is required in some context on the web, the
user is asked to select a method of online payment, then an https secured
transaction takes place either via online bank transfer or via credit card
payment, and the user returns to the service and everyone is happy.
>
If you have to play with less developed methods of payment, essentially
offline, I don't see what you gain by having that form. In such cases, it
would appear normal to have a subscription form together with information
that explains how the payment is to be performed. Then someone has to
process the payments as they arrive and match them with submitted form data;
manual work is needed here anyway.
>
ObHTML: Reset button considered harmful. If you don't agree, think how much
damage it does when it is used.
>
Yucca
Thanks Yucca,
This form is not connected to an ecommerce, https site.
To make a long story short, we have an online course. There used to be
only one way to register and pay online, that was through Paypal/
Verisign. Everything was secure. Course is $50.00. Everything worked
for 8 years, no problems. But only US residents could pay for the
course (not sure if this is a Cornell related constraint).
The client now wants people all over the world to be able to pay for
and take this course. He wants two ways to be able to register. One,
if you live in the United States you can go to our secure online
section and use your credit card. Two, if you live outside the United
Staes, you can make an Initernational Wire Transfer to a bank of
Cornell's choosing. But he had no idea how to make it work while still
being secure.
So, he contacted the Cash Management office at Cornell to see if they
knew of a way to do this. They devised a way (we are still testing)
for international students to first register (through another online
form) and then this form, that we are talking about, to alert Cornell
of their intention to complete an International Wire Transfer. The
data we collect from this form is to track their International Wire
Transfer transaction, not actually make the transfer of funds. Someone
at Cornell has to manually track the incoming international wire
transfers and match it up with the data received on this form.
The client wanted 4 of the fields in this form to be already filled
out for the user so there would be no mistake in them entering this
important data. My first test he noticed that he could select what was
in those 4 fields and delete/change what was in there. As an extra
precaution he decided to have me try and make it so that text could
not be altered and still sent when they submitted the form, which led
me to this newsgroup to ask the question.
This data from this form is then sent to a folder on a server here at
Cornell as a .txt file that we then forward to the Cornell Cash
Management people.
Is there a better way to do this? Probably, but you go to war with the
army that you have. And we are a team of only two people.
Again thanks, I know I came off as kind of upset about crossposting
but I truly do not know the best way to get a question out to as many
people as possible.
