UsageNotes/Forms

From Facebook Developers Wiki

The form tag now has several overrides with special behavior. These include fb:request-form, MultiFeedStory_form, and FeedStory_form.

Using a form tag in FBML will result in a number of hidden inputs being inserted into the generated HTML. The hidden tags provide information about the user submitting the form and the context in which the form was submitted. A signature allowing applications to verify that the form is being submitted from a Facebook page will also be provided.

The FBML code:

<form></form>

Would expand to (HTML) something similar to:

<form> <input type="hidden" name="fb_sig_profile" value="1160"/> <input type="hidden" name="fb_sig_user" value="1160"/> <input type="hidden" name="fb_sig_session_key" value="b12d7f73fc47536b32e89e-1160"/> <input type="hidden" name="fb_sig_time" value="1176705186"/> <input type="hidden" name="fb_sig" value="773af1263c2b7bade7958e6b58d3152f"/> </form>

The fb_sig value is generated using all of the other fb_sig_ parameters (but without the "fb_sig_" prefix included in their names) identically to how it is generated in the API authentication scheme. The fb_sig_user and fb_sig_session_key parameters will only be included if the user has a valid session with the application.

The form tag has an optional attribute requirelogin which defaults to true. When it is true, if a user without your session tries to submit the form, they will be prompted with a dialog about whether they want to submit data to your app, and if they agree to it, the fb_sig_user value will be passed to your application.

Note that you cannot use any custom input elements with names that start with "fb", as Facebook reserves that identifier.

Note that file uploads (i.e. forms with enctype="multipart/form-data" and <input type="file"> fields) will not work when the form is submitted to a canvas URL. Instead, you need to submit file uploads directly to your app and redirect back to a canvas page after the form is processed.