homepage Welcome to WebmasterWorld Guest from 54.205.106.111
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Web Forms
GhostPig




msg:3783642
 8:27 pm on Nov 10, 2008 (gmt 0)

Hi all,

I need to put together a simple webform to give people the chance to offer feedback on a variety of topics - once filled in it should be sent to an email address.

Just curious as to if there are any web-design do's and don'ts that I should be aware of before I make a mess of things?

Thanks

 

lorax




msg:3783656
 8:39 pm on Nov 10, 2008 (gmt 0)

Some things to consider:

Required fields or no? If so, how will you require them? JavaScript is often used to check a form before it's submitted. Alternately, you could use a script language like PHP to handle the form results and check for missing items there - if found, send the user back to the form (with fields filled in please)

Are you taking personal information? If so, secure the form using SSL.

How are you going to generate the email - HTML form handler or a script language like PHP? HTML form emailer is very basic with no formatting. A script language is a few shades better because you can add text and rearrange the form field data. It also allows you to do other nifty things like dump form data into a database or use logic to add other functionality.

Hacks - check your form fields before submitting if at all possible for hacks and malformed data.

piatkow




msg:3783660
 8:52 pm on Nov 10, 2008 (gmt 0)

A lot depends on your own skills. If you are unsure of the basics of building forms then I would suggest starting out with a free hosted form service and concentrate on learning how to do the front end. Once you have sorted that then think about learning PHP and bringing the processing "in house".

mack




msg:3784394
 9:22 pm on Nov 11, 2008 (gmt 0)

This is one area where you really need to be secure. A form mail script can not only lead to an increase of spam mail being sent to you, it can also lead to spam mail being sent to other people from your server. This can be pretty bad news and long term can lead to your server being listed as a spam IP.

As has been mentioned it comes down to what skills you have. What you need to do is the following.

Decide what information your form will ask for, decide what items will be required fields and work out exactly how the information will be sent.

In your case you want the message to be send as an email, most scripting languages such as PHP and Perl support this. you do however need to validate your form input before it is being sent.

Make sure the user can never see your email address, wither from the page or by viewing source.

make sure they are not able to specify a different email address. The receiver email address should be hard coded into the script file that handles the actual sendign of the message.

There is a lot more to it, what I would suggest is working out your basics then perhaps seeking further advice from one of the scripting forums on WebmasterWorld.

Mack.

GhostPig




msg:3784461
 10:50 pm on Nov 11, 2008 (gmt 0)

Thanks for the feedback; and this was why I was asking - I used to do the basics of webdesign along with some PHP coding, but that was a few years back and I've not touched the stuff recently; a friend asked with regards to a form, and I mentioned that it SHOULD be possible - and then I thought that I really should ask people with more of a solid idea than me and my faint recollections.

The form is very basic and just a selection of text boxes (from what I gather), although obviously it would be good to have checks on things like email addresses and phone numbers - I'll put more thought into it, but is there an internet guide to form creation that I could read up on when I get a moment?

Thanks also for all the concerns with regards to security - I'll be sure to run the final form and site by someone who can verify that it won't cause lots of problems.

Thanks again

rocknbil




msg:3784491
 12:13 am on Nov 12, 2008 (gmt 0)

Just to supplement mack's suggestions - the problems that arise here are not the form, they are the form processor. Once they visit your form and collect it's action attribute and the names of the fields, they never need to come to your web site again - they can just point a robot at the form processor and do all sorts of nasty stuff.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved