1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 3:08 am May 22, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Multiple recipients

Forms and how to chose recipient by selection

         

mika_jussi

9:00 am on Sep 2, 2004 (gmt 0)

10+ Year Member



I'm trying to get a form that includes a selection of recipient work. I've tried different ways to solve the problem, and now I got the form working to a certain extent.

I'm working with formmail.pl, which I guess comes with some kind of limitations.

The problem at the moment is that the form gets posted, but it always is sent to the same e-mail adress, which is the first option in the selection list.

Another problem is that I'd had to leave the first option empty, otherwise the first option disappeard. Now the option disappearing is empty - which doesn't make sense, amybe someone knows to explain why. I also tried to leave the recipient value empty, but it didn't change anything.

I'd be thankful for some help.

Script below:

<script language="JavaScript" type="text/JavaScript">
function setEmail(){
theForm = document.mailForm;
theForm.recipient.value = theForm.where.options[theForm.where.selectedIndex].value;
}
</script>

<FORM NAME="mailForm" ACTION="/cgi-sys/formmail.pl" METHOD="post">

<input type=hidden name="recipient" value="mailadress@mail.com">

<!-- other fields in the form are here in between-->

<SELECT NAME="where" onchange="setEmail()>
<OPTION VALUE="" SELECTED>
<p>

</OPTION>
<OPTION VALUE="mailadress@mail.com">
<p>
Receiver1
</OPTION>
<OPTION VALUE="mailadress2@mail.com">
<p> Receiver2
</OPTION>
</SELECT>

</FORM>

mincklerstraat

10:04 am on Sep 3, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'm not sure I'm understanding what's happening here exactly, but I'd advise you to avoid using formmail.pl in the first place, and look for a simple alternative form mail script.

For one, a lot of scriptkiddies are looking for formmail.pl. I've seen this in my server logs. You don't want anything on your site that scriptkiddies are looking for, believe me. If anything, you could just change its name, but that won't do too much for a scriptkiddy who has an attention span beyond 1 minute - they'll just see what the form action is, and try that script.

A second reason: the script relies on the actual e-mail addresses being sent to it via GET or POST. This means, for example, that you could send it my e-mail address, and everything it's supposed to be sent would get sent to me, instead of to you, or the other addresses on your list. Not really so utterly horrible, but remember, this form could be used to send people mail who don't want it. Probably not tempting to a serious spammer, because of all the other form information it sends out, but perhaps enough to hurt your reputation, or get your domain blacklisted, if somebody's really out to get you.

It's easy enough just to have the e-mail addresses you want to use in the script itself so this isn't a possiblility.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 3:08 am May 22, 2026