Welcome to WebmasterWorld Guest from 54.196.233.239

Forum Moderators: coopster & jatar k & phranque

Message Too Old, No Replies

Whats the best way to make a form?

     

Rightz

4:24 pm on Mar 30, 2006 (gmt 0)

5+ Year Member



Hi,

I'm new to this so I apologise if I'm asking something that has been asked before. Basically I want a form on my site but I know that mailto is no longer supported.

So whats the easiest way to do a form?

I have checked out [nms-cgi.sourceforge.net...] but found it very confusing. I did matt's form script years ago but have now totally forgot even where to put each file etc.

Where is the best place to start?

Many thanks

MichaelBluejay

7:32 pm on Apr 2, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The first line of your script will look something like this:

<form action=myscript.cgi method=post>

Change "myscript.cgi" to the name of whatever script you download. Some webhosts let you put the script anywhere, some require it go in a cgi-bin folder. If it's the latter then your form will say action=/cgi-bin/myscript.cgi.

Matt's script is well documented, just read the help that's freely provided.

SeanW

12:45 pm on Apr 3, 2006 (gmt 0)

10+ Year Member



Look at CGI.pm, it's easy and safe to use, and there is probably an example of what you want in the man page.

Sean

MichaelBluejay

9:39 pm on Apr 5, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Be careful about rolling your own script. Unless you know what you're doing, spammers will hijack it to send out spam. [webmasterworld.com ]

BananaFish

10:50 pm on Apr 14, 2006 (gmt 0)

5+ Year Member



Be careful about rolling your own script

Like Matt's formmail hasn't been hijacked more than Air Israeli, you'd be better off programming your own and filtering out all the nonsense.

MichaelBluejay

2:19 am on Apr 20, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Do I think a homegrown script from a novice programmer will be more vulnerable than a public script that's been constantly updated to make it more secure? Absolutely. Doesn't mean that the more popular formmail scripts are bullet-proof, but the're a LOT more secure than someone's first cobbled-together effort, for sure.

markanthony

5:12 pm on Apr 21, 2006 (gmt 0)

10+ Year Member



Use -T on your shebang line.

This is taint mode. While it requires some extra knowledge you will benefit from being forced to learn some new tricks.

Rightz

5:19 pm on Apr 21, 2006 (gmt 0)

5+ Year Member



Sorry Mark I have absolutely no clue what you are talking about.... call me blonde!

markanthony

5:27 pm on Apr 21, 2006 (gmt 0)

10+ Year Member



TAINT mode puts a Perl script into "PARANOID" mode.

All user supplied data is considered unsafe...

google 'perl taint mode'

webgo2

6:06 pm on May 4, 2006 (gmt 0)

5+ Year Member



You could use a free script until you learn some regular expressions, then you could allow only what inputs you wanted.

For instance:

In a name input you'd probably only want letters & spaces:


if ($name!~ m/^[a-zA-Z\s]+$/) {
error
}
else {
ok
}

In an email input you'd probably want the format correct:
I didn't write this, I found it a couple years ago & it seems to work well

if ($email!~ /^[A-Z0-9][_\-\.A-Z0-9]*\@\[?[\-\.A-Z0-9]+\.([A-Z]{2,4}¦[0-9]{1,3})\]?$/i) {
error
}
else {
ok
}

Also - you could limit the inputs to a certain character length for names, email addresses, phone numbers, etc:

$inputLENGTH = length ($input);
if (($inputLENGTH < $my_min_value)¦¦($inputLENGTH > $my_max_value)) {
error
}
else {
ok
}

MichaelBluejay

8:56 pm on May 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Don't forget that some people have apostrophes in their names (O'Hanlon), periods and commas (Carlos Santana, Jr.), and special characters (Mötley Crûé). If you're error-checking, don't disallow these.

evaddnomaid

3:38 pm on May 10, 2006 (gmt 0)

5+ Year Member



If you are looking to verify email addresses, you may be best served by offloading the task to a Web service. That way you can not only assure that the format of the address is correct but also check the host portion of the address against DNS. Try a Web search for "verify email address Web service", or check out this article to learn more:

[informationweek.com...]

perl_diver

6:33 pm on May 10, 2006 (gmt 0)

5+ Year Member



The Email::Valid module does the DNS and other checks on emails.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month