Favorite form submission program/language?

[jimbug]

QUESTION: What's your favorite form submission program or language and why?

I've been writing in PHP since 2000. I think PHP is by far the best language for general web programming and especially for form processing. In the "old days", you didn't have much choice other than use Matt Wright's formail perl script or write your own in perl. And I still send "posts" to some of my perl scripts. It's hard to beat perl for some things. But, PHP is a much more forgiving and intuitive language to work with, than perl.

Back in 2001, I was working for a hosting company. I won't mention their name. I left for ethical reasons. While working there, I wrote the beginnings of a PHP form submission script generator. I tweaked it for the next couple years, but it is substantially the same program today. The HTML is a little old by today's standards, but does the job.

It's not perfect and won't work for every circumstance, but does work for moderate form submissions. Here's how it is used...


1. You create your form and upload it.
2. Go to: http://www.jimbug.org/downloads/onli...sm/quicksm.php
3. Enter the URL to your form.
4. It reads in your form and gives you options on how to process it.
5. You enter the necessary data and it creates a PHP script to process your form, which you download.
6. You upload the PHP file to the same directory as the form.
7. Add the PHP filename to the form's action attribute and re-upload your form.


It creates a custom, formatted and commented PHP script for that form that you can easily edit to tweak it to specific needs. It's not a generic PHP page with "ifs" to get around extra stuff you don't need.

Anyone can use my online program to create PHP scripts to process their forms. I write programs for myself and provide some to the general public. If any of them can be useful to you, great, if not, so what. I didn't write it for you, I wrote it for me.

Back to the original question...

What's your favorite form submission program or language and why?

What do you use? Formail, cgiemail, your own scripts, something else?

[Serra]

Quote:

Originally Posted by jimbug

What do you use? Formail, cgiemail, your own scripts, something else?

I use Forms-To-Go. It takes the form and generates a PHP script to handle the form. Its very fast to output scrips and requires no coding to fix it up when it is done. Then if it needs editing, I can edit it.

Much faster than hand coding.

[jimbug]

Quote:

Originally Posted by Serra

I use Forms-To-Go. It takes the form and generates a PHP script to handle the form. Its very fast to output scrips and requires no coding to fix it up when it is done. Then if it needs editing, I can edit it.

Much faster than hand coding.

Forms-To-Go looks good. I downloaded it and did a quick test. I like how it outputs not just PHP, but perl too. In my quick test it seemed to do a good job at validation, but didn't display the validation error strings. A quick edit of the PHP made them show up. I would definitely recommend the program.

QUESTION: What's your favorite form submission program or language and why?

So far...

Quick SM (jimbug): http://www.jimbug.org/downloads/onli...sm/quicksm.php
Forms-To-Go (Serra): http://www.bebosoft.com/products/formstogo/

[wildweasel]

Maybe one of you could tell me how to "embed" a php form into a web page instead of jumping it to another page with a link. It's been driving me crazy. I finally found an HTML code to use, but I don't particularly like the form. So how do I get a "index.php" form embedded into a current html page? Thanks for any help or advice.

[Pitrow]

technically it shouldn't be too hard. have the form go to PHP_SELF, for example:

HTML Code:

<form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

and then in the page, before you do anything else, check to see if one of the variables is set. It might be worthwhile to create a separate hidden variable in the form you can check for. So for example at the top of your page:

PHP Code:


if ($_POST['formsubmited'] == true) then
{
    //do things to process form here
}
else
{
   //do normal stuff here
} 


That's kind of an over simplification, but it should get you on the right track.

[episkey]

I agree that PHP is especially well-suited for forms processing. The main issue for me with PHP has been security -- perhaps because I don't understand security nearly as well as I'd like. It seems that PHPsuExec provides the same level of security as cgi-bin. So I will most likely be making more use of PHP, now that PHPsuExec is available. I have one project, though, that requires me to use scripts that are "widely available, well-tested, and well-documented" for things like email forms. For that, I expect I'll stick with cgiemail.

I'll give QuickSM a try, jimbug. If I start needing to do more than the occasional simple form, I'll also try Forms-To-Go. Thanks to Serra and jimbug for the info and links.

[jimbug]

Quote:

Originally Posted by Pitrow

technically it shouldn't be too hard. have the form go to PHP_SELF, for example:

HTML Code:

<form name="guestbook" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

and then in the page, before you do anything else, check to see if one of the variables is set. It might be worthwhile to create a separate hidden variable in the form you can check for. So for example at the top of your page:

PHP Code:


if ($_POST['formsubmited'] == true) then
{
    //do things to process form here
}
else
{
   //do normal stuff here
} 


That's kind of an over simplification, but it should get you on the right track.

I have heard that $_SERVER['PHP_SELF'] is subject to XSS attacks. I haven't tested that out, though.

The best approach for a page that submits to itself is to use...

basename($_SERVER['SCRIPT_FILENAME']); or basename(__FILE__);

HTML Code:

<form name="guestbook" method="post" action="<?php echo basename($_SERVER['SCRIPT_FILENAME']); ?>">
 <input type="submit" name="submit" value="submit" />
 </form>
 
 <form name="guestbook" method="post" action="<?php echo basename(__FILE__); ?>">
 <input type="submit" name="submit" value="submit" />
 </form>

And never this...

HTML Code:

<form name="guestbook" method="post" action="#">
<input type="submit" name="submit" value="submit" />
</form>

The use of basename() assures you only get the filename and no GET data.

The above example with action="#" could include a user injected query string.

I do agree that forms should be a POST and not a GET. And after submission, get your data from $_POST[], but never from $_GET[] or $_REQUEST[].

I hope this is makes sense.

[jimbug]

QUESTION: What's your favorite form submission program or language and why?

So far...

Jimbug...
Program: Quick SM: http://www.jimbug.org/downloads/onli...sm/quicksm.php
Preferred language: PHP

Serra...
Program: Forms-To-Go: http://www.bebosoft.com/products/formstogo/
Preferred language: Assuming...PHP

Pitrow...
Program: Self coded?
Preferred language: Assuming...PHP

episkey...
Program: cgiemail: http://web.mit.edu/wwwdev/cgiemail/
Preferred language: Hopefully it will soon be PHP

[Pitrow]

Quote:

Originally Posted by jimbug

Pitrow...
Program: Self coded?
Preferred language: Assuming...PHP

Sorry, forgot to add that part... I use phpmailer for sending the form data via email, which is obviously written in PHP. The forms themselves I usually hand code. http://phpmailer.codeworxtech.com/

[codesight]

Yes, $_POST is preferred, but never trust your $_POST variable directly.

Always sanitize ANY input, whether it's user input or expected input from the script.

I typically write my own as they seem to always be out of scope of a generation tool.

They are simple to write anyway when you've been doing it for awhile.

[jimbug]

QUESTION: What's your favorite form submission program or language and why?

So far...

Jimbug...
Program: Quick SM: http://www.jimbug.org/downloads/onli...sm/quicksm.php
Preferred language: PHP

Serra...
Program: Forms-To-Go: http://www.bebosoft.com/products/formstogo/
Preferred language: Assuming...PHP

Pitrow...
Program: PHP Mailer": http://phpmailer.codeworxtech.com/
Preferred language: PHP

episkey...
Program: cgiemail: http://web.mit.edu/wwwdev/cgiemail/
Preferred language: Hopefully it will soon be PHP

codesight...
Program: None - Writes his own code.
Preferred language: PHP



Thanks, Pitrow. I'll look into PHP Mailer.


And to add to codesight comments, beware of PHP's eval() function. It's usually a good idea to avoid eval-ing user input!

[dashton]

Up until today I've only ever used the NMS Sourceforge formmail which was a further development from Matt Wrights. I am no programmer but if I ask for something to be done direct from my website it does it. For example a hidden field requesting certain parts of the form is compulsory or the submission is rejected. Also have the one form uploaded with multiple email addresses is very neat - you say at the html side send to email address no 1 for example so there is no harvesting of email addresses from your site. You can also allow other websites to access the formmail too. I haven't been able to get it to work yet - 20 mins attempt so far - but it worked for years at my other hosting company.

[Keith W]

Erm.. I use this

[Mooska]

I write my own PHP scripts when it comes to forms, its more customized, less errors, when I get errors I can fix it faster, only problem php these days is, I have had html form hi jacked time to time, its really important that you set up a spam setting on php forms now, sad....