Forms & Variables

HTML forms are defined like this. <form method="get | post" action="http://www.mywebsite/program.mvc">... </form>

When a web form is submitted, the variables and their values are passed to the receiving program specified in the action attribute (i.e. http://www.mywebsite/program.mvc) as name/value pairs when the form method attribute specifies get or post. This provides a way for a web page to pass variable values to a Miva Script or other program called by the form. The variables are received as global variables with the names specified in the <input> and other tags.

As described above, one way to pass variables to a Miva Script program is to include them as name/value pairs on the URL by which the program is called. This isn't always convenient, since you may not know when you construct the URL which values and variables you want to pass.

Form Field Variables

The Custom Login form below demonstrates an example Miva Script  form that would not be usually be constructed as a URL string. The information is not know in advance and you would not want to display a password in a URL.

<form method="post" action="{ g.URL_program }">
    <input type="hidden" value="LOGN" name="Action">
    <input type="hidden" value="ACNT" name="Screen">

    <h3>Sign In</h3>
        <label for="Customer_Login">Username:</label>
        <input type="text" value="{ g.Customer_Login }" name="Customer_Login"><br>

        <label for="Customer_Password">Password:</label>
        <input type="password" name="Customer_Password"><br>

    <input type="submit" value="Login">
</form>

When the program above is run the form source would look like this, where the { g.URL_program } parameters have been filled in.

<form method="post" action="http://www.mysite.com/login.mvc">

When the form is submitted, the Miva Script program login.mvc would receive these variable name/values. as global variables.

g.Store_code, g.Action, g.Customer_Login, g.Customer_Password

If a Miva Script program is the target of a FORM's ACTION, the values of fields used in the form will be converted into Script variables with the same names as the fields, and these variables and their values will be available in the target program. Normally these fields are visible objects such as text boxes and radio buttons, whose values are entered by the user. HTML also provides so-called 'hidden' form fields: these fields have a name and value like other form fields, but have no visual representation in the browser.

Miva Script provides the <MvHIDE> tag to make it easy to embed multiple hidden variables into your Miva Script generated your forms.

<form method="post" action="{ l.url_program_name }">
<MvHIDE FIELDS="screen, action>
</form>

Security

Form field variables are can pose a security risk if someone attempts to pass script to your program in the form fields in an attempt to expose some security flaw. It is up to your script to fully qualify the data entered be for passing the information on.

One simple method is to use the encodeentities() function on an incoming variable, assigning it back to itself, before using it. Other transformation functions like trim(), toupper(), tolower() can be applied at the same time.

<MvASSIGN NAME="g.Screen" VALUE="{ trim(encodeentities(g.Screen)) }">
<MvASSIGN NAME="g.Action" VALUE="{ trim(encodeentities(g.action)) }">