how to create a web form

Associate
Joined
8 Jul 2007
Posts
321
Location
Reading
How do I create a form that a customer can fill in that'll come through to my email

Something simple like seperate boxes for name, address, comments and then submit

All help much appreciated
 
A quick Google brings up loads of results for customizable free web email forms on the internet. Something like this: looks suitable though.

If not plenty more tutorials are available on 'w3schools', which are very useful.
Hope that helps.
 
not sure this is the best way of doing it but a simple php mailer works nicely

Code:
<form name="form" method="post" action="emailscript.php">
<table cellspacing="5" cellpadding="5" border="0">
	<tr>
		<td>
			<strong> Name: </strong>
		</td>
		<td>
			<input type="text" name="name" size="35" />
		</td>
	</tr>
	<tr>
		<td>
			<strong> Email Address: </strong>
		</td>
		<td>
			<input type="text" name="email" size="35" />
		</td>
	</tr>
		<tr>
		<td>
			<strong> Subject: </strong>
		</td>
		<td>
			<input type="text" name="subject" size="35" />
		</td>
	</tr>
	<tr>
		<td>
			<strong> Question: </strong>
		</td>
		<td>
			<textarea name="question" cols="27" rows="4" ></textarea>
		</td>
	</tr>
	<tr>
		<td align="center"><div align="right">
			  <input name="reset" type="reset" value=" Reset Form " />
		</div>
		</td>
		<td align="center"><div align="left">
			  <input name="submit" type="submit" value=" Submit Form " />
		</div>
		</td>
	</tr>
</table>
</form>

emailscript.php then looks like this:

PHP:
<?php
$to = "[email protected]";
$subject = $_REQUEST['subject'];
$email = $_REQUEST['email'];
$name = $_REQUEST['name'];
$question = $_REQUEST['question'];

$message = $question;

$headers = "From: $email\n";

$sent = mail($to, $subject, $message, $headers) ;
if($sent) {
header ( "Location: index.php?id=emailsuccess" ) ; 
}
else {
header ( "Location: index.php?id=emailfail" ) ; 
}
?>
 
Not quite. $email is unsanitised user input put straight into the mail headers, which leaves it open to exploitation:
PHP:
<?php

$email = $_REQUEST['email'];
$headers = "From: $email\n";
$sent = mail($to, $subject, $message, $headers);

?>
 
So, how would you secure the email header just out of interest? Lock it to something generic that the user has no control over?
 
adelburn said:
Am I right in thinking an input validater needs to be added i.e spamcheck

Yeah it's always best to take extra care when creating and adding input forms to your website, for whatever use they may have.

With email forms you should really be looking at adding in validation for each input field, which helps 'combat' spam and poorly written forms. But also the security side of the form needs to be looked at to ensure it cannot (or greatly reduce the risk) be exploited.
 
Back
Top Bottom