Msg#: 3783640 posted 8:39 pm on Nov 10, 2008 (gmt 0)
Some things to consider:
Are you taking personal information? If so, secure the form using SSL.
How are you going to generate the email - HTML form handler or a script language like PHP? HTML form emailer is very basic with no formatting. A script language is a few shades better because you can add text and rearrange the form field data. It also allows you to do other nifty things like dump form data into a database or use logic to add other functionality.
Hacks - check your form fields before submitting if at all possible for hacks and malformed data.
Msg#: 3783640 posted 8:52 pm on Nov 10, 2008 (gmt 0)
A lot depends on your own skills. If you are unsure of the basics of building forms then I would suggest starting out with a free hosted form service and concentrate on learning how to do the front end. Once you have sorted that then think about learning PHP and bringing the processing "in house".
Msg#: 3783640 posted 9:22 pm on Nov 11, 2008 (gmt 0)
This is one area where you really need to be secure. A form mail script can not only lead to an increase of spam mail being sent to you, it can also lead to spam mail being sent to other people from your server. This can be pretty bad news and long term can lead to your server being listed as a spam IP.
As has been mentioned it comes down to what skills you have. What you need to do is the following.
Decide what information your form will ask for, decide what items will be required fields and work out exactly how the information will be sent.
In your case you want the message to be send as an email, most scripting languages such as PHP and Perl support this. you do however need to validate your form input before it is being sent.
Make sure the user can never see your email address, wither from the page or by viewing source.
make sure they are not able to specify a different email address. The receiver email address should be hard coded into the script file that handles the actual sendign of the message.
There is a lot more to it, what I would suggest is working out your basics then perhaps seeking further advice from one of the scripting forums on WebmasterWorld.
Msg#: 3783640 posted 10:50 pm on Nov 11, 2008 (gmt 0)
Thanks for the feedback; and this was why I was asking - I used to do the basics of webdesign along with some PHP coding, but that was a few years back and I've not touched the stuff recently; a friend asked with regards to a form, and I mentioned that it SHOULD be possible - and then I thought that I really should ask people with more of a solid idea than me and my faint recollections.
The form is very basic and just a selection of text boxes (from what I gather), although obviously it would be good to have checks on things like email addresses and phone numbers - I'll put more thought into it, but is there an internet guide to form creation that I could read up on when I get a moment?
Thanks also for all the concerns with regards to security - I'll be sure to run the final form and site by someone who can verify that it won't cause lots of problems.
Msg#: 3783640 posted 12:13 am on Nov 12, 2008 (gmt 0)
Just to supplement mack's suggestions - the problems that arise here are not the form, they are the form processor. Once they visit your form and collect it's action attribute and the names of the fields, they never need to come to your web site again - they can just point a robot at the form processor and do all sorts of nasty stuff.