Welcome to WebmasterWorld Guest from 54.225.20.19

Forum Moderators: keyplyr & mack

Message Too Old, No Replies

Web Forms

     
8:27 pm on Nov 10, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 28, 2004
posts:47
votes: 0


Hi all,

I need to put together a simple webform to give people the chance to offer feedback on a variety of topics - once filled in it should be sent to an email address.

Just curious as to if there are any web-design do's and don'ts that I should be aware of before I make a mess of things?

Thanks

8:39 pm on Nov 10, 2008 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


Some things to consider:

Required fields or no? If so, how will you require them? JavaScript is often used to check a form before it's submitted. Alternately, you could use a script language like PHP to handle the form results and check for missing items there - if found, send the user back to the form (with fields filled in please)

Are you taking personal information? If so, secure the form using SSL.

How are you going to generate the email - HTML form handler or a script language like PHP? HTML form emailer is very basic with no formatting. A script language is a few shades better because you can add text and rearrange the form field data. It also allows you to do other nifty things like dump form data into a database or use logic to add other functionality.

Hacks - check your form fields before submitting if at all possible for hacks and malformed data.

8:52 pm on Nov 10, 2008 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3402
votes: 40


A lot depends on your own skills. If you are unsure of the basics of building forms then I would suggest starting out with a free hosted form service and concentrate on learning how to do the front end. Once you have sorted that then think about learning PHP and bringing the processing "in house".
9:22 pm on Nov 11, 2008 (gmt 0)

Moderator This Forum from GB 

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 15, 2001
posts:7661
votes: 29


This is one area where you really need to be secure. A form mail script can not only lead to an increase of spam mail being sent to you, it can also lead to spam mail being sent to other people from your server. This can be pretty bad news and long term can lead to your server being listed as a spam IP.

As has been mentioned it comes down to what skills you have. What you need to do is the following.

Decide what information your form will ask for, decide what items will be required fields and work out exactly how the information will be sent.

In your case you want the message to be send as an email, most scripting languages such as PHP and Perl support this. you do however need to validate your form input before it is being sent.

Make sure the user can never see your email address, wither from the page or by viewing source.

make sure they are not able to specify a different email address. The receiver email address should be hard coded into the script file that handles the actual sendign of the message.

There is a lot more to it, what I would suggest is working out your basics then perhaps seeking further advice from one of the scripting forums on WebmasterWorld.

Mack.

10:50 pm on Nov 11, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 28, 2004
posts:47
votes: 0


Thanks for the feedback; and this was why I was asking - I used to do the basics of webdesign along with some PHP coding, but that was a few years back and I've not touched the stuff recently; a friend asked with regards to a form, and I mentioned that it SHOULD be possible - and then I thought that I really should ask people with more of a solid idea than me and my faint recollections.

The form is very basic and just a selection of text boxes (from what I gather), although obviously it would be good to have checks on things like email addresses and phone numbers - I'll put more thought into it, but is there an internet guide to form creation that I could read up on when I get a moment?

Thanks also for all the concerns with regards to security - I'll be sure to run the final form and site by someone who can verify that it won't cause lots of problems.

Thanks again

12:13 am on Nov 12, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Just to supplement mack's suggestions - the problems that arise here are not the form, they are the form processor. Once they visit your form and collect it's action attribute and the names of the fields, they never need to come to your web site again - they can just point a robot at the form processor and do all sorts of nasty stuff.