Disabling auto-complete in a form

[jc_gmk]

Is there any way to disable a text field (in a standard HTML form) from using the browsers auto-complete function?

[djr33]

Well, you can randomize the fieldname, if that happens to work. I'm not sure about a workaround.

[jc_gmk]

No it's got to stay the same because there is a PHP page collecting the data.

Any other Ideas, I thought maybe some javascript could do it?

[jscheuer1]

If you make it a password, it will disable auto-complete, but the text entered will be represented by dots or other placeholder characters:

HTML Code:

<input type="password" name="whatever">

If it is a text area and has no name, that should also do it, and show the entered text normally:

HTML Code:

<input type="text">

Now, it is possible that you could use a name and script the name to be removed - say, onmouseover and onkeydown. The name could then be restored onchange or perhaps onblur. This gets tricky though - would need to be tested in various browsers, because the elements collection of a form is more persistent then regular HTML elements. If this is mission critical, it wouldn't be a good idea because it would require javascript enabled on the client side.

A simpler solution that should easily work is:

Code:

<input type="hidden" name="the_name_you_really_want">
<input type="text" onchange="this.form.elements['the_name_you_really_want'].value=this.value;">

But it still requires javascript enabled. If a non-javascript enabled browser uses that, their data will not be passed along. You could script to write out the above and have a noscript alternative with the name hard coded to the text element. This means that those with javascript disabled would still get auto-complete if they have it on their end.

[djr33]

Ah. Creative solution, John. I like it.

[Twey]

It would be easier to randomise the field name. You can pass the name of the field to your PHP script in a hidden form element.

Code:

<input type="text" name="<?php echo ($field_name = 'm' . mt_rand()); ?>">
<input type="hidden" name="m_field" value="<?php echo $field_name; ?>">

And your PHP script:

Code:

$val = $_GET[$_GET['m_field']];

[djr33]

that won't take user input; I think you've confused passing a value through a form with php and removing the autocompleting feature on forms.

[Twey]

What do you mean it won't take user input? It's an <input>. I think you've misunderstood my code?

[jscheuer1]

I think I understand and like your idea Twey. There could be two problems though. With a truly random name, there are the odds that it will be the same sometimes, activating auto-complete. Now, I know the potential range is vast, but no range is vast enough to preclude a repeat number. Haven't we before used (in javascript) a number based on the date in such circumstances to guarantee a non-repeatable value? My PHP isn't the best by any means, but if basing a number upon the date can be done in javascript, it can probably be done in PHP. If not a pure number, then certainly a unique string. PHP does have a date object or something like one, right?

The other concern I have for this approach is the relative ease or difficulty there would be in actually integrating it into the existing PHP code for jc_gmk. To be of value, jc_gmk would have to be able to make use of it. I get the impression though that jc_gmk isn't all that comfortable or even aware of how to 'get under the hood' with the PHP code involved here.

Still a very good idea if I have understood it correctly.

However, as long as it would be OK for non-javascript enabled browsers to have access to auto-complete, javascript might offer an easier 'works most of the time' solution.

[Twey]

That's true: perhaps:

Code:

<input type="text" name="<?php echo ($field_name = 'm' . md5(time())); ?>">
<input type="hidden" name="m_field" value="<?php echo $field_name; ?>">