Search

Training

Our next U.S. stop:

Charlotte, NC - Blue Collar Git
Friday, June 8, 2012

Mike Anello and Andrew Riley from Mediacurrent are teaming up to offer the first Blue Collar Git workshop on Friday, June 8 as part of DrupalCamp Charlotte (also part of the Southeast LinuxFest). The cost is only $149 for the full day if you register during the month of May ($199 otherwise). 

Blue Collar Git
Click for more info and to register!

Check the schedule for additional dates and locations. Contact us to suggest a location or schedule custom training for your organization.

New Podcast

DrupalEasy Podcast 82: Mapping Middle Earth
Posted Wednesday, May 9 at 7:50 am
Brandon Morrison (Brandonian on drupal.org) joins Andrew Riley and Mike Anello on the first post-DrupalCon Denver edition of the podcast to talk about all things Geo in Drupal 7. Brandon is one of the maintainers of the GeoField module and is an active member of the Drupal Geo community.
Download Podcast 82
DrupalEasy_ep82_20120509.mp3
read more
Syndicate content

Newsletter

Stay up-to-date on DrupalEasy workshops and other events. On average, we send about one newsletter per month.

Testimonial

Anonymous
Mike is a great teacher!
read more

Who are we?

DrupalEasy is the collective expertise of Ryan Price and Michael Anello, who joined forces to provide training and consulting services worldwide. Read all about them and what they can do.

What is Drupal?

Drupal is a free, super-powerful content management system for sites that require information posting and collection, including blogs, forums, videos, photos, and databases of information. We think it is the best platform available. Here's why...

Why Drupal?

More and more savvy organizations are going with Drupal for content management, and its no mystery why. It’s free, flexible, and easy to maintain for small or large volume sites. Learn more...

Module Development: Disabled vs. Readonly Form Fields

Submitted by ultimike on Thu, 05/28/2009 - 09:59

One of the attributes that you can set for any form element using Drupal's FormAPI is "#disabled". This effectively disables the form element - in most browsers, the user actually sees the element "greyed out" and is unable to set focus on the element.

When a form element is disabled, there is the sometimes unintended consequence of the data from that field not being sent back to the server when the form is submitted. For forms that were initially blank (like new node forms, for example), this usually isn't a problem. But for "edit" forms, this can be a dealbreaker - this problem sometimes shows it's ugly head when a developer tries to use the "#disabled" attribute to add an additional layer of security to the form - forcing the user to click an "edit" link that users jQuery to un-disabled the form field.

A better solution to utilize when you want this extra layer of "are you sure"-type security is to utilize the "readonly" HTML attribute. Like "disabled", "readonly" makes the field uneditable, but unlike "disabled", the values are passed back to the server when the form is submitted. Unfortunately, there is no Drupal-equivalent, so to implement it, you'll need to do something like this:

$form['my_textfield']= array(
'#type' => 'textfield',
'#title' => t('my textfield'),
'#size' => 20,
'#attributes' => array('readonly' => 'readonly'),
);

Trackback URL for this post:

http://drupaleasy.com/trackback/136
No votes yet

More Quicktips


4 comments

Guest wrote 15 weeks 2 days ago

thanks for guidence

'#attributes' => array('readonly' => 'readonly'),
only for this line i suffer 2 or 3 hour on net.

thanks

Guest wrote 48 weeks 4 days ago

Thanks for this tip, exactly

Thanks for this tip, exactly what I needed. I set both the value and default value as well as setting it to readonly.

Guest wrote 2 years 48 weeks ago

correct solution

at least for Drupal6, i thnik the correct way to do this is to set both the #value and the #default_value and then set #disabled = true.

#value will get posted and the default value will show in textfield but be greyed out.

Guest wrote 2 years 48 weeks ago

but hackable

the problem with simply setting to readonly is that anyone with a tool like firebug can still edit the "read only" field.

a more secure way to do this is to set the #type to 'value' in which case it is still posted but is not editable - problem with this one is that it isn't visible either.

sadly, the most complete solution is a bit cludgy - take the value and make it a markup or other field which is by definition not editable just to show the value; and also include the original field set to type value.

not exactly sure why #disabled couldn't just do the right thing??

Syndicate content