Mark's Musings

A miscellany of thoughts and opinions from an unimportant small town politician and bit-part web developer

Best practice for online web forms


As part of an online discussion about best practice for online web forms which collect personal information, I contributed an extract of a document that I wrote a while ago for internal purposes. Someone asked me if it was online anywhere, which it wasn’t. So it is now!

This is just a brief summary, there are situations it doesn’t cover and there may well be good reasons where some of my recommendations are incorrect for certain circumstances. It’s also aimed at an English speaking audience writing websites for primarily English speaking (although worldwide) users; other languages and cultures have different conventions, and the comment about the PAF is specific to the UK.

Best practice for online forms is to make only the absolute minimum required information compulsory, and give as much flexibility as is reasonably possible for everything.

Some specific points:

“Title” (Mr, Mrs, etc), if present, MUST either a) be a single free-form text field, or b) have a free-form “other” option in addition to a preset list of the most common, and MUST NOT be a required field. If you do have a preset list of common options, the absolute minimum set is “Mr”, “Dr”, “Mrs”, “Miss” and “Ms”.

“Name” MUST be a single free-form field. DO NOT split names into first and last, or Christian and surname. (And do not assume that the first word in the name is the name that people wish to be addressed as when emailing them). If you do not have a separate title field, be aware that some people will include their title as part of their name.

“Telephone number”, if present, MUST NOT be an all-numeric field (consider people with extension numbers), and MUST NOT be a required field unless the purpose of the form is for the person completing it to explicitly request a telephone call or SMS message.

“Address”, if present, MAY include a separate field for postcode/zip code, but SHOULD NOT include a drop-down for county/state/country/whatever unless all possible legal options are included. A field for postcode/zip code MUST NOT be required unless necessary for delivery/billing purposes.

“Age” or “Date of Birth”, if present, MUST NOT be a required field. If necessary to validate age for legal purposes, a single checkbox for “I confirm that I am over 18” (or wording as appropriate) may be a required field.

“Sex” or “Gender”, if present, MUST NOT be a required field.

Data which has a canonical format (eg, postcodes, telephone numbers, credit card numbers) should be accepted in any format (eg, with or without spaces, with or without brackets) and post-processed into the canonical format. DO NOT reject form submissions for not using the correct format.

If validating postal addresses against the PAF, always allow for manual address entry as an alternative to selecting from the PAF options for the postcode.