[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] web form handling software

To: SAGE Members <sage-members@usenix.org>
Subject: Re: [SAGE] web form handling software
From: Anthony Howe <achowe@snert.com>
Date: Thu, 13 Jan 2005 07:03:02 +0100
In-Reply-To: <20050112122044.A53380@bolthole.com>
Organization: Snert
References: <20050106223237.GK18275@netmeister.org> <p06200708be0371277243@[10.0.1.2]> <20050112111233.C68082@bolthole.com> <16869.32182.48902.263230@smtp.charter.net> <20050112122044.A53380@bolthole.com>
Sender: owner-sage-members@usenix.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217

Philip Brown wrote:
> On Wed, Jan 12, 2005 at 02:42:46PM -0500, John Stoffel wrote:
> 
>>Philip> Would anyone have a recommendation for free, or at minimum
>>Philip> cheap (to universities) software, for handling web forms?

>>Philip> 2. handles collection of actual data by people clicking
>>Philip> "submit" on the form
>>
>>This is not a good definition of a need.  Does the data need to get
>>inserted into a DB?  Or put into an email message and sent to someone?
>>How is the data to be sanitized and bounds checking done, etc? 
> 
> 
> At this point, I'll take ANY fulfilment of this description. even if it's
> as trivial as "saves it to a directory somewhere, in some format that can
> be reasonably read".

Below is what I use in PHP on a per site basis. It formats the URL 
encoded output into a human readable email. It avoids issues that plague 
some form scripts that passed parameters via the form that spammers love 
to abuse, by embedding the destination address in the script itself.

If you modify this to send a copy of the form to the sumbmitter of the 
form, then you will be abused by spammers who will relay spam via your 
form if they find it and if it has a general comment field. So that is 
NOT recommended.

----sendform.php----
<?
///////////////////////////////////////////////////////////////////////
// CHANGE THE VALUES BELOW HERE
///////////////////////////////////////////////////////////////////////

$SEND_TO = 'achowe@snert.com';
$SUBJECT = 'From the web form...';

///////////////////////////////////////////////////////////////////////
// CHANGE THE VALUES ABOVE HERE
///////////////////////////////////////////////////////////////////////

$maxWidth = 0;

foreach ($_GET as $name => $value) {
	if ($maxWidth < strlen($name))
		$maxWidth = strlen($name);
}

foreach ($_POST as $name => $value) {
	if ($maxWidth < strlen($name))
		$maxWidth = strlen($name);
}

$body = '';
$fmt = "%{$maxWidth}s: %s\n";

foreach ($_GET as $name => $value) {
	$body .= sprintf($fmt, $name, $value);
}

foreach ($_POST as $name => $value) {
	$body .= sprintf($fmt, $name, $value);
}

mail($SEND_TO, $SUBJECT, $body);

///////////////////////////////////////////////////////////////////////
// MODIFY THE HTML BELOW
///////////////////////////////////////////////////////////////////////
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>

</title>
</head>
<body>

<center>
Thank you.
</center>

</body>
</html>

-- 
Anthony C Howe                                 +33 6 11 89 73 78
http://www.snert.com/       ICQ: 7116561         AIM: Sir Wumpus

            "Once...we were here."  - Last of The Mohicans

References:
- [SAGE] number of eggs in a basket
  - From: Jan Schaumann <jschauma@netmeister.org>
- Re: [SAGE] number of eggs in a basket
  - From: Brad Knowles <brad@stop.mail-abuse.org>
- [SAGE] web form handling software
  - From: Philip Brown <phil@bolthole.com>
- Re: [SAGE] web form handling software
  - From: John Stoffel <john@stoffel.org>
- Re: [SAGE] web form handling software
  - From: Philip Brown <phil@bolthole.com>

Prev by Date: Re: [SAGE] Re: sage-members-digest V2 #1703
Next by Date: [SAGE] mirapoint?
Prev by thread: Re: [SAGE] web form handling software
Next by thread: Re: [SAGE] web form handling software
Index(es):
- Date
- Thread