Google toolbar hijacks my forms

[jeffg]

I'm working on a project for a local volunteer agency (local server: Apache/MySql/PHP5). When I installed on their system where they use Internet Explorer with the Google Toolbar installed, I noticed that some of my form fields had coloured backgrounds and when I hovered over any of these, an annoying tooltip popped up saying "Google can help you fill in this field" or something equally crass.Is there any way I can stop Google hijacking my forms like this? (Extra coding maybe?)

[justsomeguy]

Name the field something else. If you name the field "email" then Google is going to try to suggest an email address for it. If you name it "js8e3jd0x" then Google won't suggest anything.

[jeffg]

I can't believe what I am reading here. I have to give my form fields meaningless names in order to avoid some invasive software (sorry, I mean malware) corrupting what I intend to appear on my forms?One example: I have two fields named 'firstname' and 'lastname'. They are both corrupted. I change the first field name to '_firstname'. Same result. I change the first field name to '_x54' and Google goes away - both fields now OK.Just what is this evil software doing?

[justsomeguy]

I can't believe what I am reading here. I have to give my form fields meaningless names in order to avoid some invasive software (sorry, I mean malware) corrupting what I intend to appear on my forms?

It's not something you can control man, it's not up to you. It's the user's software. If the user wants to use software which will fill in forms automatically then that is their choice, in fact you shouldn't even try to get around that. If the user does not want that behavior then they should shut off the toolbar. But it's not really a web developer's choice or job to dictate what client software does, it's only a developer's job to create the content, the user can choose to use the content however they want. I don't want to see half-filled yellow forms so I never installed the Google toolbar, that was my choice, if someone wants to use the toolbar then they can install it and use it, that's their choice. It's not your choice as a developer though. If you want to disable the toolbar on your site, then yes, you need to make it so that the software does not recognize your content. Either that or check with the Google toolbar documentation and see if the developers included any flags to disable its use on a website (which would end up making your content invalid anyway).It's the exact same for spam protection, if you name your fields something obscure then spam robots won't know how to automatically fill in your form and become easier to trap. If you want to name your fields exactly what they are then don't be surprised when people write software to detect that.

[jeffg]

Thanks - yes - I agree entirely with what you are saying. It's just that this application is running on an intranet using a local server, and Google cannot help at all to fill in the forms. Maybe the users want to have this facility on other sites, I don't know. Maybe they don't know any better. Still, I know now to experiment a bit to see if I can disguise my field names without making them totally meaningless (I am a great believer in making software self-documenting as far as possible and that includes using meaningful variable names).I've now installed Google toolbar on my own system's Internet Explorer (which I only use in extremis) for testing purposes.Thanks for your help - my previous reply was ranting at Google, not at you, as I'm sure you appreciate :)Edit: it seems that if I change 'firstname' to 'f_irstname' it fixes my problem. '_firstname', 'xfirstname', '0firstname' don't, so I guess you have to split up a recognisable word to make Google go away.

[boen_robot]

The point of making your software self documented is to allow other software to interact with it. You've made that, yet you're surprised that another software can interact with it. What's the deal? Why do you believe in self documented software if not because of that?If it's intranet, can't you just go to the people's computers and configure Google Toolbar properly (or disable it altogether)? I would understand if it's not for an intranet, where you don't have control over who visits the site.

[jeffg]

The point of making your software self documented is to allow other software to interact with it. You've made that, yet you're surprised that another software can interact with it. What's the deal? Why do you believe in self documented software if not because of that?

Well, you are obviously an experienced programmer, but I think you have misunderstood what I am trying to say. It's nothing to do with other software interacting with it. When I write a program, I write it so that the source can be understood by anyone, including myself. If I come back to a program in a week or a month's time, perhaps to fix a bug, and I see a variable called xyqlam50zpr, how on earth am I supposed to remember what this means? Even worse, what if some other poor soul takes over maintenance of this code? By self-documenting software I mean giving variables, function names, whatever, names that explain what they are for. That's in addition to copious comments.

If it's intranet, can't you just go to the people's computers and configure Google Toolbar properly (or disable it altogether)? I would understand if it's not for an intranet, where you don't have control over who visits the site.

It's not my system and I wouldn't dream of dictating to them what browser they use, or how they configure it. I just want to deliver software that works as I want it to.While it seems I can't control Google Toolbar from my application to stop it colouring in fields (I tried!), at least by giving each element a title, I can make it pop up my own text, instead of Google's. But that's a lot of extra work, and it's not as though I am getting paid.

[justsomeguy]

It's not as bad as you're thinking, I've done things like this myself. In practice it's not bad to maintain. You have 2 parts, the form and the PHP. The form is easy enough to figure out because you have a text label sitting next to the field.First Name: <input name="zmd93kw8" ...In PHP I've found the easiest way is to declare variables at the top so that I can use the variables instead of the random string, you just have to use variable variables instead of normal variables (which may be confusing in itself).

<?php$fname = "zmd93kw8";...$$fname = $_POST[$fname];echo "<input name=\"{$fname}\" value=\"{$$fname}\">";

[jeffg]

Actually, things don't appear to be that simple. As a quick test, I changed my field named 'mobile' to the following:

		<TD><SMALL>Mobile phone</SMALL></TD>		<TD WIDTH=160><INPUT TYPE=\"TEXT\" TABINDEX=8 MAXLENGTH=15 NAME=\"xyz50zz32\" VALUE=\"$mobile\"></TD>

and it still came out "Googled", together with some other fields. On another screen, a field named 'address1' was not highlighted, whereas the next field 'address2' was. The 'address1' field was first in a fieldset - I don't know if that has any bearing on the issue.

[jeffg]

Please can you explain this, before I give up entirely I tried your suggestion to define fields at the start of my script. This is a small part of the generated HTML:

  <FIELDSET><LEGEND><SMALL>Home Address</SMALL></LEGEND>	<TABLE>	  <TR>		<TD><FONT COLOR="BLACK"><SMALL>Address line 1<SUP>*</SUP></SMALL></FONT></TD>		<TD WIDTH=200><INPUT TYPE="TEXT" TABINDEX=12 MAXLENGTH=20 NAME="zq50pv21yx12" VALUE=""></TD>		<TD><SMALL>Telephone</SMALL></FONT></TD>		<TD><INPUT TYPE="TEXT" TABINDEX=16 MAXLENGTH=15 NAME="zq50pv21yx16" VALUE=""></TD>	  </TR><TR>		<TD><SMALL>Address line 2</SMALL></FONT></TD>		<TD><INPUT TYPE="TEXT" TABINDEX=13 MAXLENGTH=20 NAME="zq50pv21yx13" VALUE=""></TD>	  </TR>	  <TR>		<TD><FONT COLOR="BLACK"><SMALL>Town<SUP>*</SUP></SMALL></FONT></TD>		<TD><INPUT TYPE="TEXT" TABINDEX=14 MAXLENGTH=20 NAME="zq50pv21yx14" VALUE=""></TD>	  </TR>	  <TR>		<TD><SMALL>Postcode</SMALL></FONT></TD>		<TD><INPUT TYPE="TEXT" TABINDEX=15 MAXLENGTH=8 NAME="zq50pv21yx15" VALUE=""></TD>	  </TR>	</TABLE>  </FIELDSET>

(You'll see that all names are encoded.)But this is what I get:The first field is OK, but all the others are "Googled". :)Edit: I can see that the toolbar can be very helpful if you are one person filling in online forms at multiple sites and need to enter the same information over and over again, but if you are entering details of multiple people on one site for your own database, it is quite the opposite.Edit #2: Never mind - I found that if I turn off Autofill, the problem goes away. I expect I can persuade them to do that.

[justsomeguy]

That's weird though, I'm surprised it picks those up. I'm not sure why. It might have to do with naming the fields sequentially. I use this method to trap spam bots, I have forms that look like this:

<form action="submit.php" method="post">	  <input type="text" name="name" style="display: none;">	  <input type="text" name="email" style="display: none;">	  <input type="text" name="subject" style="display: none;">	  <input type="text" name="comments" style="display: none;">	  <table cellpadding="2" cellspacing="0">		<tr>		  <td class="left_box">Name:</td>		  <td><input type="text" name="md84idkf" size="30" class="input_text"></td>		</tr>		<tr>		  <td class="left_box">Email Address:</td>		  <td><input type="text" name="s83kf84j" size="30" class="input_text"></td>		</tr>		<tr>		  <td class="left_box">Phone:</td>		  <td><input type="text" name="l2ja74j9" size="15" class="input_text"></td>		</tr>	  </table>	  </form>

The "normal" names on the top are all hidden, they aren't displayed on the page, so any spam bots will fill in those when it submits the form. The fields that are actually displayed for the user have their names randomized. On the PHP script I check the first 4 fields to see if any of them are filled in and I don't send the email if they are.