Whats the best way to make a form?

Forum Moderators: coopster & phranque

Message Too Old, No Replies

Whats the best way to make a form?

Rightz

4:24 pm on Mar 30, 2006 (gmt 0)

Hi,

I'm new to this so I apologise if I'm asking something that has been asked before. Basically I want a form on my site but I know that mailto is no longer supported.

So whats the easiest way to do a form?

I have checked out [nms-cgi.sourceforge.net...] but found it very confusing. I did matt's form script years ago but have now totally forgot even where to put each file etc.

Where is the best place to start?

Many thanks

MichaelBluejay

7:32 pm on Apr 2, 2006 (gmt 0)

The first line of your script will look something like this:

<form action=myscript.cgi method=post>

Change "myscript.cgi" to the name of whatever script you download. Some webhosts let you put the script anywhere, some require it go in a cgi-bin folder. If it's the latter then your form will say action=/cgi-bin/myscript.cgi.

Matt's script is well documented, just read the help that's freely provided.

SeanW

12:45 pm on Apr 3, 2006 (gmt 0)

Look at CGI.pm, it's easy and safe to use, and there is probably an example of what you want in the man page.

Sean

MichaelBluejay

9:39 pm on Apr 5, 2006 (gmt 0)

Be careful about rolling your own script. Unless you know what you're doing, spammers will hijack it to send out spam. [webmasterworld.com ]

BananaFish

10:50 pm on Apr 14, 2006 (gmt 0)

Be careful about rolling your own script

Like Matt's formmail hasn't been hijacked more than Air Israeli, you'd be better off programming your own and filtering out all the nonsense.

MichaelBluejay

2:19 am on Apr 20, 2006 (gmt 0)

Do I think a homegrown script from a novice programmer will be more vulnerable than a public script that's been constantly updated to make it more secure? Absolutely. Doesn't mean that the more popular formmail scripts are bullet-proof, but the're a LOT more secure than someone's first cobbled-together effort, for sure.

markanthony

5:12 pm on Apr 21, 2006 (gmt 0)

Use -T on your shebang line.

This is taint mode. While it requires some extra knowledge you will benefit from being forced to learn some new tricks.

Rightz

5:19 pm on Apr 21, 2006 (gmt 0)

Sorry Mark I have absolutely no clue what you are talking about.... call me blonde!

markanthony

5:27 pm on Apr 21, 2006 (gmt 0)

TAINT mode puts a Perl script into "PARANOID" mode.

All user supplied data is considered unsafe...

google 'perl taint mode'

webgo2

6:06 pm on May 4, 2006 (gmt 0)

You could use a free script until you learn some regular expressions, then you could allow only what inputs you wanted.

For instance:

In a name input you'd probably only want letters & spaces:


if ($name!~ m/^[a-zA-Z\s]+$/) {
error
}
else {
ok
}

In an email input you'd probably want the format correct:
I didn't write this, I found it a couple years ago & it seems to work well


if ($email!~ /^[A-Z0-9][_\-\.A-Z0-9]*\@\[?[\-\.A-Z0-9]+\.([A-Z]{2,4}�[0-9]{1,3})\]?$/i) {
error 
}
else {
ok
}

Also - you could limit the inputs to a certain character length for names, email addresses, phone numbers, etc:


$inputLENGTH = length ($input);
if (($inputLENGTH < $my_min_value)��($inputLENGTH > $my_max_value)) {
error
}
else {
ok
}

MichaelBluejay

8:56 pm on May 4, 2006 (gmt 0)

Don't forget that some people have apostrophes in their names (O'Hanlon), periods and commas (Carlos Santana, Jr.), and special characters (M�tley Cr��). If you're error-checking, don't disallow these.

evaddnomaid

3:38 pm on May 10, 2006 (gmt 0)

If you are looking to verify email addresses, you may be best served by offloading the task to a Web service. That way you can not only assure that the format of the address is correct but also check the host portion of the address against DNS. Try a Web search for "verify email address Web service", or check out this article to learn more:

[informationweek.com...]

perl_diver

6:33 pm on May 10, 2006 (gmt 0)

The Email::Valid module does the DNS and other checks on emails.