The University of Texas at Austin- What Starts Here Changes the World
Services Navigation


The Form Tag

Fill-out forms begin with <form> and end with </form>. The FORM tag has two required attributes, METHOD and ACTION, and one optional attribute, ENCTYPE.

Most fill-out forms use a FORM tag in this format:

<form method="post" action="http://www.utexas.edu/teamweb/cgi-bin/generic.cgi">
Various form elements
</form>

The ACTION Attribute

The ACTION attribute of the form tag specifies the URL of the application which processes the web form.

Generally, the URL of the ACTION attribute is the location of a cgi script.

The examples in these pages currently do not point to a script and do not produce any action.

ITS provides a script which can be used to e-mail the data from the form to an e-mail address specified by the publisher. Mgate is a script which uses a configuration file to send unencrypted e-mail.

The METHOD Attribute

There are two possible values for the METHOD attribute of the FORM tag:

POST
In a form using the POST method, when the submit button is clicked, the web browser contacts the server on which the form-processing script is located then sends all of the data from the form to the script.
There is no size limit to the amount of data the server can pass to a script using POST.
GET
In a form using the GET method, when the submit button is clicked, the web browser appends all of the data from the form to the end of the URL specified in the ACTION attribute then contacts the web server with the extended URL.
The amount of data which can be passed to a script using the GET method is limited to the length of URL which the server and browser can both handle.
There is an increased security risk when using the GET method for transferring sensitive data with a web form, since the extended URL created with the GET method is transferred to the web server in an insecure manner even when using a secure web server.
When using the GET method on web forms which use scripts on the ITS web servers, you must include the hidden fields which specify the user and the script. The CGI page contains more information about this issue.

TeamWeb recommends using method="post" since it is more secure and does not limit the amount of data which can be gathered by the web form.

The ENCTYPE Attribute

The ENCTYPE attribute is specified when writing a web form which uses a mailto: URL for the ACTION attribute, which is supported by versions 3 or higher of Netscape Navigator and versions 4 or higher of Internet Explorer.

When using a mailto: URL as the form's ACTION, the tags will look like:

<form method="post" action="mailto:www@www.utexas.edu" enctype="text/plain">
Various form elements
</form>


  Updated 2009 July 10
  Copyright | Privacy | Accessibility
  Contact Us