The form tag renders a form in HTML, adding five additional hidden
input fields—the fb_sig_profile
,
fb_sig_user
, fb_sig_session_key
,
fb_sig_time
, and fb_sig
parameters—that give more information about the user submitting the form
to the processing script. The fb_sig
parameter is
essentially just a hash (see http://en.wikipedia.org/wiki/Hash_algorithm)
of all the other fb_sig_
values preceding it.
It is important to note that the fb_sig_user
and fb_sig_session_key
parameters are added only if
the user using your app has successfully authenticated and logged into
Facebook.
requirelogin=[true|false] default: true
If true
, the user will be prompted to
log in (if they have not already done so), and then they will be asked
if they want to submit data to your app. The login redirects the user
to the posted form, with the fb_sig_user
and
fb_sig_
session
values attached
to that form.
The following optional attributes can be applied to any form element within the form:
clicktoenable=[
element
id
]
When added to any element within a form, this
enables the element specified by element
id
when the current element is clicked. Multiple
element IDs can be submitted if they are separated by
commas.
clicktodisable=[
element
id
]
When added to any element within a form, this
disables the element specified by element
id
when the current element is clicked. Multiple
element IDs can be
submitted if they are separated by commas.
clickthrough=[true|false] default:
false
When added to any element within a form in which
Dynamic FBML (such as the previous attributes, or Mock AJAX or
Visibility attributes) is being used, and if it is set to
true
, this attribute allows the original form
element functionality to occur. One example use is for
checkboxes. When clicktoenable
, clicktodisable
, or any of the
Visibility attributes are used on a checkbox element, by default
the checkbox will not get checked. Setting clickthrough=true
fixes this
issue.
The following example demonstrates the form tag, where
clicktodisable
and clickthrough
are used together (refer to http://wiki.developers.facebook.com/index.php/DynamicFBML/Forms):
<form> <input type="text" id="firstname" name="firstname" /> <input id="sendbutton" type="submit" value="Submit" clicktodisable="firstname" clicktohide="sendbutton" clickthrough="true" /> </form>
The following is the rendered HTML for the example just shown (refer to http://wiki.developers.facebook.com/index.php/UsageNotes/Forms):
<form> <input type="hidden" name="fb_sig_profile" value="1160"/> <input type="hidden" name="fb_sig_user" value="1160"/> <input type="hidden" name="fb_sig_session_key" value="b12d7f73fc47536b32e89e-1160"/> <input type="hidden" name="fb_sig_time" value="1176705186"/> <input type="hidden" name="fb_sig" value="773af1263c2b7bade7958e6b58d3152f"/> ... </form>
Any <input/>
element added by the user cannot have a name that starts
with fb
. Names that start with
fb
are reserved by Facebook.
If you are uploading a file through a form, the form must not be posted to an apps.facebook.com domain. Instead, your form should be submitted to your own servers’ domain, and your servers should redirect the user back to the apps.facebook.com domain after saving the file.
See the section on Mock AJAX in Chapter 3 to
learn how you can dynamically load submitted form results into an
additional <div/>
tag on the page using
AJAX.
Any form element that is disabled does not get submitted to the form.
When used together, the clickthrough
and
clicktodisable
tags don’t allow a form to submit in Apple’s Safari 3 browser. This bug has been
submitted to Safari.
3.16.75.165