Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
I can't find much about this and it does strike me that I never really get forms showing up in my inbox. So is it
1. Something people don't do because it's difficult?
2. Something people don't do because it's impossible?
3. Something people don't do because it's a stupid idea?
Can I make the form only available to people to have received the email?
The aim is to make the experience look and feel personal, rather than a big, open, public experience.
you'd just have to make sure that the URL on the form was an absolute one.
and you'd have to thoroughly check and santise any data that you receive from it. because there would be nothing to stop anyone rewriting the form's HTML before they press submit. you could literally receive anything.
So I guess the most secure way is to do what Piatkow says and point my email recipients at a HTML page hosted by me?
However, I think I have to go and read about GET/POST to understand your first line. I know its the two main ways but I barely know what POST means (it puts the data into the db, right?)
it is what you do with the data when you receive it that puts it into the database.
you'd still have to properly check the data even if the form was hosted on your own site, because there's nothing to stop people rewriting the form there either. (they'd just have to download the HTML, change it, and make sure the URL sent it straight back to yours. it's surprisingly easy to do)
if you don't check the data, both ways are as insecure as each other.
However, since people do not expect forms in their email, I doubt that any method used to achieve this is a good idea.
Email clients are not browsers; they don't post forms like browsers do. If you send a properly formatted html email, the form indeed appears in the email but when you try to submit it just goes to the URL in the action of the form, like a link. It doesn't bring any of the form fields with it.
It *might* work in web-based mail services, but those are likely to squelch forms for security reasons.
Recent discussion [webmasterworld.com]