Welcome to WebmasterWorld Guest from 23.22.220.37

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

Whats the best way to make a form?

     
4:24 pm on Mar 30, 2006 (gmt 0)

Full Member

5+ Year Member

joined:Mar 30, 2006
posts:333
votes: 0


Hi,

I'm new to this so I apologise if I'm asking something that has been asked before. Basically I want a form on my site but I know that mailto is no longer supported.

So whats the easiest way to do a form?

I have checked out [nms-cgi.sourceforge.net...] but found it very confusing. I did matt's form script years ago but have now totally forgot even where to put each file etc.

Where is the best place to start?

Many thanks

7:32 pm on Apr 2, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 12, 2003
posts:1199
votes: 0


The first line of your script will look something like this:

<form action=myscript.cgi method=post>

Change "myscript.cgi" to the name of whatever script you download. Some webhosts let you put the script anywhere, some require it go in a cgi-bin folder. If it's the latter then your form will say action=/cgi-bin/myscript.cgi.

Matt's script is well documented, just read the help that's freely provided.

12:45 pm on Apr 3, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Dec 30, 2003
posts:428
votes: 0


Look at CGI.pm, it's easy and safe to use, and there is probably an example of what you want in the man page.

Sean

9:39 pm on Apr 5, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 12, 2003
posts:1199
votes: 0


Be careful about rolling your own script. Unless you know what you're doing, spammers will hijack it to send out spam. [webmasterworld.com ]
10:50 pm on Apr 14, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Sept 7, 2005
posts:242
votes: 0


Be careful about rolling your own script

Like Matt's formmail hasn't been hijacked more than Air Israeli, you'd be better off programming your own and filtering out all the nonsense.
2:19 am on Apr 20, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 12, 2003
posts:1199
votes: 0


Do I think a homegrown script from a novice programmer will be more vulnerable than a public script that's been constantly updated to make it more secure? Absolutely. Doesn't mean that the more popular formmail scripts are bullet-proof, but the're a LOT more secure than someone's first cobbled-together effort, for sure.
5:12 pm on Apr 21, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:May 14, 2004
posts:41
votes: 0


Use -T on your shebang line.

This is taint mode. While it requires some extra knowledge you will benefit from being forced to learn some new tricks.

5:19 pm on Apr 21, 2006 (gmt 0)

Full Member

5+ Year Member

joined:Mar 30, 2006
posts:333
votes: 0


Sorry Mark I have absolutely no clue what you are talking about.... call me blonde!
5:27 pm on Apr 21, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:May 14, 2004
posts:41
votes: 0


TAINT mode puts a Perl script into "PARANOID" mode.

All user supplied data is considered unsafe...

google 'perl taint mode'

6:06 pm on May 4, 2006 (gmt 0)

New User

10+ Year Member

joined:Nov 26, 2005
posts:21
votes: 0


You could use a free script until you learn some regular expressions, then you could allow only what inputs you wanted.

For instance:

In a name input you'd probably only want letters & spaces:


if ($name!~ m/^[a-zA-Z\s]+$/) {
error
}
else {
ok
}

In an email input you'd probably want the format correct:
I didn't write this, I found it a couple years ago & it seems to work well

if ($email!~ /^[A-Z0-9][_\-\.A-Z0-9]*\@\[?[\-\.A-Z0-9]+\.([A-Z]{2,4}¦[0-9]{1,3})\]?$/i) {
error
}
else {
ok
}

Also - you could limit the inputs to a certain character length for names, email addresses, phone numbers, etc:

$inputLENGTH = length ($input);
if (($inputLENGTH < $my_min_value)¦¦($inputLENGTH > $my_max_value)) {
error
}
else {
ok
}
8:56 pm on May 4, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 12, 2003
posts:1199
votes: 0


Don't forget that some people have apostrophes in their names (O'Hanlon), periods and commas (Carlos Santana, Jr.), and special characters (Mötley Crûé). If you're error-checking, don't disallow these.
3:38 pm on May 10, 2006 (gmt 0)

New User

5+ Year Member

joined:Apr 21, 2006
posts:30
votes: 0


If you are looking to verify email addresses, you may be best served by offloading the task to a Web service. That way you can not only assure that the format of the address is correct but also check the host portion of the address against DNS. Try a Web search for "verify email address Web service", or check out this article to learn more:

[informationweek.com...]

6:33 pm on May 10, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 5, 2006
posts:536
votes: 0


The Email::Valid module does the DNS and other checks on emails.