Search

New Podcast

DrupalEasy Podcast 44: Andrew's Workbox
Posted Thursday, September 9 at 7:48 am

Listen in as Andrew, Ryan, and Mike are joined by special guests Jake Strawn and Michelle Lauer as they discuss DrupalCon Copenhagen, Drupal 7, Drupal's new Code of Conduct, and more. Jake and Michelle just returned from Copenhagen and provide their insight on the largest European DrupalCon event yet. 

Download Podcast 44
DrupalEasy_ep44_20100909.mp3
read more
Syndicate content

NEWSLETTER

Stay informed on our latest news!

Previous issues
Syndicate content

Testimonial

Stephen Matheny
The DrupalEasy workshop provided a balance between "Best Practices" for Drupal development and an elegant example of integrating content from Youtube , Flickr, etc. using the FeedAPI. The workshop provided useful insights in advanced site design and a wealth of resources to speed up development and make deployment safer.
read more

Who are we?

DrupalEasy is the collective expertise of Ryan Price and Michael Anello, who joined forces to provide training and consulting services worldwide. Read all about them and what they can do.

What is Drupal?

Drupal is a free, super-powerful content management system for sites that require information posting and collection, including blogs, forums, videos, photos, and databases of information. We think it is the best platform available. Here's why...

Why Drupal?

More and more savvy organizations are going with Drupal for content management, and its no mystery why. It’s free, flexible, and easy to maintain for small or large volume sites. Learn more...

Module Development: Disabled vs. Readonly Form Fields

Submitted by ultimike on Thu, 05/28/2009 - 09:59

One of the attributes that you can set for any form element using Drupal's FormAPI is "#disabled". This effectively disables the form element - in most browsers, the user actually sees the element "greyed out" and is unable to set focus on the element.

When a form element is disabled, there is the sometimes unintended consequence of the data from that field not being sent back to the server when the form is submitted. For forms that were initially blank (like new node forms, for example), this usually isn't a problem. But for "edit" forms, this can be a dealbreaker - this problem sometimes shows it's ugly head when a developer tries to use the "#disabled" attribute to add an additional layer of security to the form - forcing the user to click an "edit" link that users jQuery to un-disabled the form field.

A better solution to utilize when you want this extra layer of "are you sure"-type security is to utilize the "readonly" HTML attribute. Like "disabled", "readonly" makes the field uneditable, but unlike "disabled", the values are passed back to the server when the form is submitted. Unfortunately, there is no Drupal-equivalent, so to implement it, you'll need to do something like this:

$form['my_textfield']= array(
'#type' => 'textfield',
'#title' => t('my textfield'),
'#size' => 20,
'#attributes' => array('readonly' => 'readonly'),
);

Trackback URL for this post:

http://www.drupaleasy.com/trackback/136
No votes yet

2 comments

Guest wrote 1 year 11 weeks ago

correct solution

at least for Drupal6, i thnik the correct way to do this is to set both the #value and the #default_value and then set #disabled = true.

#value will get posted and the default value will show in textfield but be greyed out.

Guest wrote 1 year 11 weeks ago

but hackable

the problem with simply setting to readonly is that anyone with a tool like firebug can still edit the "read only" field.

a more secure way to do this is to set the #type to 'value' in which case it is still posted but is not editable - problem with this one is that it isn't visible either.

sadly, the most complete solution is a bit cludgy - take the value and make it a markup or other field which is by definition not editable just to show the value; and also include the original field set to type value.

not exactly sure why #disabled couldn't just do the right thing??

Syndicate content