Are there limits and/or prohibited characters for form field names?

Question

As the title says, are there limits and/or prohibited characters for form field names?

If I use an sha512() hash for field name, are there drawbacks to this (it's pretty lengthy)?
Or, are there any drawbacks when using -:x:©:y: as field name?
Or, may I use a serialized array for field name?
Or, what if the field contains a space character?
What about "/downloads/ready/games/" as a key?

I bet, this isn't HTML specific, but more PHP (scripting language) specific, whether after the posting, the values can be read. Theoretically, it may also apply to array keys in general.

One more thing I thought about, the usage of "readable" form fields has become so popular/mainstream because forms are mostly used for storing data inside a database, where field name resembles the column within database. Correct me if I'm wrong.

So, yes, am I free to use whatever I want in these forms, or I may end up with errors/unreadable data?

score 2 · Answer 1 · answered Dec 02 '11 at 17:24

2

ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods (".").

Read this

answered Dec 02 '11 at 17:24

Cyclonecode

29,115
11
72
93

What do you mean is there a higher version? – Cyclonecode Dec 02 '11 at 17:26
WOW, you are kidding, this seems interesting. – Cyclonecode Dec 02 '11 at 17:28
You answered an HTML5 question just a few hours ago... http://stackoverflow.com/questions/8354975/how-to-add-maxlength-for-html5-input-type-number-element/8355050#8355050 – Matt Ball Dec 02 '11 at 17:30
3

HTML5 isn't even standardized yet. – Herbert Dec 02 '11 at 17:31
@Herbert I think you mean "finalized." There are definitely _standards_. http://www.w3.org/TR/html5/ – Matt Ball Dec 02 '11 at 18:12
That's for validation purposes, I suppose. But, does it apply to server-side scripting? – tomsseisums Dec 02 '11 at 18:26
1

@MДΓΓБДLL: You're right. I meant "finalized". My point is: in my book, HTML 4 isn't outdated until HTML5 is _finalized_. :) – Herbert Dec 02 '11 at 22:00
@MattBall - I was kidding. The question was marked `html` and not `html5`. – Cyclonecode Jul 18 '16 at 11:47

Matt Ball · Accepted Answer · 2011-12-02T18:12:01.203

The HTML5 spec defines the allowed values for name attributes on <form> elements.

The value must not be the empty string, and the value must be unique amongst the form elements in the forms collection that it is in, if any.

Of course it also defines allowed values for the name attribute on form controls (<input>, <textarea>, &c.) (emphasis added).

4.10.19.1 Naming form controls

The name content attribute gives the name of the form control, as used in form submission and in the form element's elements object. If the attribute is specified, its value must not be the empty string.

Any non-empty value for name is allowed, but the names "_charset_" and "isindex" are special:

isindex
This value, if used as the name of a Text control that is the first control in a form that is submitted using the application/x-www-form-urlencoded mechanism, causes the submission to only include the value of this control, with no name.

_charset_
This value, if used as the name of a Hidden control with no value attribute, is automatically given a value during submission consisting of the submission character encoding.

But that's specific to `form` name, not it's fields. So, that means, in HTML5 I am free to go with my custom names? — tomsseisums, Dec 02 '11 at 18:02
My apologies - I missed the (yes, you bolded it in the question) **field** part. That does make more sense now. See my edit. — Matt Ball, Dec 02 '11 at 18:11
But I suppose that applies only to HTML5, and HTML4 is still left behind with what @KristerAndersson has posted? — tomsseisums, Dec 02 '11 at 18:55

Are there limits and/or prohibited characters for form field names?

2 Answers2