Welcome to WebmasterWorld Guest from

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Web Forms



8:27 pm on Nov 10, 2008 (gmt 0)

10+ Year Member

Hi all,

I need to put together a simple webform to give people the chance to offer feedback on a variety of topics - once filled in it should be sent to an email address.

Just curious as to if there are any web-design do's and don'ts that I should be aware of before I make a mess of things?



8:39 pm on Nov 10, 2008 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Some things to consider:

Required fields or no? If so, how will you require them? JavaScript is often used to check a form before it's submitted. Alternately, you could use a script language like PHP to handle the form results and check for missing items there - if found, send the user back to the form (with fields filled in please)

Are you taking personal information? If so, secure the form using SSL.

How are you going to generate the email - HTML form handler or a script language like PHP? HTML form emailer is very basic with no formatting. A script language is a few shades better because you can add text and rearrange the form field data. It also allows you to do other nifty things like dump form data into a database or use logic to add other functionality.

Hacks - check your form fields before submitting if at all possible for hacks and malformed data.


8:52 pm on Nov 10, 2008 (gmt 0)

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

A lot depends on your own skills. If you are unsure of the basics of building forms then I would suggest starting out with a free hosted form service and concentrate on learning how to do the front end. Once you have sorted that then think about learning PHP and bringing the processing "in house".


9:22 pm on Nov 11, 2008 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

This is one area where you really need to be secure. A form mail script can not only lead to an increase of spam mail being sent to you, it can also lead to spam mail being sent to other people from your server. This can be pretty bad news and long term can lead to your server being listed as a spam IP.

As has been mentioned it comes down to what skills you have. What you need to do is the following.

Decide what information your form will ask for, decide what items will be required fields and work out exactly how the information will be sent.

In your case you want the message to be send as an email, most scripting languages such as PHP and Perl support this. you do however need to validate your form input before it is being sent.

Make sure the user can never see your email address, wither from the page or by viewing source.

make sure they are not able to specify a different email address. The receiver email address should be hard coded into the script file that handles the actual sendign of the message.

There is a lot more to it, what I would suggest is working out your basics then perhaps seeking further advice from one of the scripting forums on WebmasterWorld.



10:50 pm on Nov 11, 2008 (gmt 0)

10+ Year Member

Thanks for the feedback; and this was why I was asking - I used to do the basics of webdesign along with some PHP coding, but that was a few years back and I've not touched the stuff recently; a friend asked with regards to a form, and I mentioned that it SHOULD be possible - and then I thought that I really should ask people with more of a solid idea than me and my faint recollections.

The form is very basic and just a selection of text boxes (from what I gather), although obviously it would be good to have checks on things like email addresses and phone numbers - I'll put more thought into it, but is there an internet guide to form creation that I could read up on when I get a moment?

Thanks also for all the concerns with regards to security - I'll be sure to run the final form and site by someone who can verify that it won't cause lots of problems.

Thanks again


12:13 am on Nov 12, 2008 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Just to supplement mack's suggestions - the problems that arise here are not the form, they are the form processor. Once they visit your form and collect it's action attribute and the names of the fields, they never need to come to your web site again - they can just point a robot at the form processor and do all sorts of nasty stuff.

Featured Threads

Hot Threads This Week

Hot Threads This Month