HTML form help.

[thelifelessone]

Okay, I've got a form on my site for stat collection (I'm hosting several Blizzard related things... Such as guides on how to host), and I've got it to email me the information set in forms.

Now, I don't know much about HTML... I had to ask someone to make this script for me, but could someone tell me what I should add to make it save the information on a .html file on the server?

<form action="mailto:"> <!-- BE SURE TO CHANGE EMAIL HERE! -->

Username: <input type="text" size="30" maxlength="40" name="name"><br />
Server: <select name="server">
<option>Azeroth</option>
<option>Lordaeron</option>
<option>Northrend</option>
<option>Kalimdor</option>
</select><br />
Client: <select name="client"> <!-- YOU CAN ADD MORE OPTIONS OR EDIT THEM WITH THE SAME FORMAT -->
<option>Starcraft</option>
<option>Starcraft: Brood War</option>
<option>Diablo</option>
<option>Diablo 2</option>
<option>Diablo 2: LoD</option>
<option>Warcraft III: Reign of Chaos</option>
<option>Warcraft III: The Frozen Throne</option>
<option>Warcraft II: Battle.net Edition</option>
</select><br />
<input type="submit" value="Send">
</form>

Thanks for any help
- TheLifelessOne

 

[The_wand_mirror]

Pff, i dunno.

Is that even done with HTML? =/

 

[thelifelessone]

Pretty sure it is... Looks like HTML tags to me.
I don't know much HTML... Mostly just text formatting like this:
<p>This will show text</p>

It's all perfect for what I need, other than the: <form action="mailto:">
I just need that to save it to a file on the server I'm hosting it on.

 

[Elfsilver Lord]

You need an FTP application. Who's your hosting service?

 

[Ghan_04]

mailto:youremailhere

So, for me:

mailto:[email protected]

That's what needs to go there. And then save it as a .html file and upload to the server's web root (or some folder where you want to place it). You should then be able to access the page by the file name in a browser. (With the domain name in front, of course.)

 

[thelifelessone]

@Elfsilver Lord
I'm using 000webhost as a host, and either the online FTP or FileZilla for my FTP.
Whichever one is easiest at the time... I'm not always on my personal computer.

@Ghan 04

Huh....
The problem was when I used the <form action="mailto:"> tag, it would open an email program, which I don't want to happen.
All I want it to do is store the form information somewhere so I can look at it later.

 

[Elfsilver Lord]

That's windows problems, not yours. Outlook opens automatically. Lemme see if there is a tag for that, or if you'd need a script.

FireFTP. It beats all.

 

[Teelo]

You can't do that with just HTML.
Does your hosting allow PHP or some other scripting language?

 

[thelifelessone]

Yes. My domain is a sub under my clan site, which runs a forums.
Should be able to use all the scripting languages.

And I think JavaScript would work perfectly for this... But I don't I know it.

 

[Kercyn]

You don't need Javascript for a mailing form. You can do this in PHP/ASP or by using a Perl CGI script.

<?php
function injectionblock ($field)
{
$field = filter_var($field, FILTER_SANITIZE_EMAIL);

If (filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
else
    {
    return FALSE;
    }
}

If (isset($_REQUEST["email"]))
    $mailcheck = injectionblock($_REQUEST["email"]);

if ($mailcheck==FALSE)
    {
    echo "Data not valid!";
    }
else
    $email = $_REQUEST["email"];
    $subject = $_REQUEST["subject"];
    $message = $_REQUEST["message"];
    mail ([email protected]", "Subject: $subject", $message, "From: $email");
    echo "Mail sent";
    }
}

?>

Now, all you have to do is to CnP this code to a file named, for example, formmail.php. Then, use

<form method="POST" action="formmail.php">

and name your message, email and subject textboxes as you see them on the PHP script ("email", "message", "subject")

This is just a generic e-mail form. I don't know how exactly you can submit the option buttons though :/

The mailto protocol runs the user's default e-mail client and allows him/her to send the email from there. It doesn't send the email using the form.

 

[thelifelessone]

Thanks.
Tried it though, and I got this: Parse error: syntax error, unexpected '@' in /home/wchaveni/public_html/lifeless/formmail.php on line 27

 

[Sergeant Ray]

And then save it as a .html file and upload to the server's web root (or some folder where you want to place it). You should then be able to access the page by the file name in a browser. (With the domain name in front, of course.)

The "name" argument is the name of the file it's to be saved in, isn't it? That or the variable name, I don't remember which anymore.

 

[The_wand_mirror]

Pretty sure it is... Looks like HTML tags to me.

I meant is a Form like this even done in HTML?

Because i can't think of any dynamic HTML codes. CSS won't work either i guess.

 

[thelifelessone]

CSS is a way of formmating text.
Example:
p
{
font-family: Arial;
font-size: 12;
color: White;
}
That's your basic CSS syntax.
I don't know much CSS, but that's pretty much all there is to it.

I know HTML can't save this, that's why I'm asking for help.
JavaScript is confusing to me, an PHP is too advanced or me to learn at the moment, else I'd code this myself.

Anyway, the only problem I've had is it loads an email program.
All I want it to do is save that information on a text file in my server.
If that's not possible, email works too.

 

[Kercyn]

Thanks.
Tried it though, and I got this: Parse error: syntax error, unexpected '@' in /home/wchaveni/public_html/lifeless/formmail.php on line 27

I don't understand... There's no '@' in line 27. Are you trying to run this in your own computer? Because if you do, it won't work unless you have a PHP server installed. Try uploading it in your host and try again.

 

[thelifelessone]

No. I know you need something installed.
I'm running this off of a paid server (subdomain of my clans site).
I've got full PHP support.

 

[Kercyn]

Pf, I'm not the best person to debug PHP, but this link may help you further.

 

[Sergeant Ray]

The HTML form inserts data directly into the server. Hmm, try the following tag:

<form action="mailto" method="post">

<!--If you still have trouble, Try the get method-->

<form action="mailto" method="get">

If that doesn't work, then you may need to use PHP.

 

[Kercyn]

The HTML form inserts data directly into the server. Hmm, try the following tag:

<form action="mailto" method="post">

<!--If you still have trouble, Try the get method-->

<form action="mailto" method="get">

If that doesn't work, then you may need to use PHP.

The GET method is not good, as data are visible in the address bar. Besides, he has already tried the mailto protocol and it's not what he wants...

 

[Sergeant Ray]

I know for a fact that the get method isn't good, hence I offered the post method first.
If it isn't what he wants, then it's out of the hands of HTML.

 

[Samuraid]

<?php
function injectionblock ($field)
{
$field = filter_var($field, FILTER_SANITIZE_EMAIL);

If (filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
else
    {
    return FALSE;
    }
}

If (isset($_REQUEST["email"]))
    $mailcheck = injectionblock($_REQUEST["email"]);

if ($mailcheck==FALSE)
    {
    echo "Data not valid!";
    }
else
    $email = $_REQUEST["email"];
    $subject = $_REQUEST["subject"];
    $message = $_REQUEST["message"];
    mail ([email protected]", "Subject: $subject", $message, "From: $email");
    echo "Mail sent";
    }
}

?>

There's a syntax error on the line with mail(): please add a starting quote before [email protected].

Also, you need to sanitize your form input because there's a definite mail header injection/splitting vulnerability in the code, otherwise.

 

[Kercyn]

There's a syntax error on the line with mail(): please add a starting quote before [email protected].

Also, you need to sanitize your form input because there's a definite mail header injection/splitting vulnerability in the code, otherwise.

Duh, goddam typos! Doesn't injectionblock stop malicious code injection, 'cause I think it does...

 

[Samuraid]

It handles the email address field only. What about 'subject'?

 

[thelifelessone]

You all just said a bunch of things that confused me.

 

[Sergeant Ray]

Samuraid just told you that

<?php
function injectionblock ($field)
{
$field = filter_var($field, FILTER_SANITIZE_EMAIL);

If (filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
else
    {
    return FALSE;
    }
}

If (isset($_REQUEST["email"]))
    ($mailcheck = injectionblock($_REQUEST["email"]);

if ($mailcheck==FALSE)
    {
    echo "Data not valid!";
    }
else
    $email = $_REQUEST["email"];
    $subject = $_REQUEST["subject"];
    $message = $_REQUEST["message"];
    mail ([email protected]", "Subject: $subject", $message, "From: $email");
    echo "Mail sent";
    }
}

?>

is the the correct coding.

 

[Samuraid]

Actually, the error hasn't been fixed yet. There's still the missing quote " before [email protected]

 

[Sergeant Ray]

<?php
function injectionblock ($field)
{
$field = filter_var($field, FILTER_SANITIZE_EMAIL);

If (filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
else
    {
    return FALSE;
    }
}

If (isset($_REQUEST["email"]))
    ($mailcheck = injectionblock($_REQUEST["email"]);

if ($mailcheck==FALSE)
    {
    echo "Data not valid!";
    }
else
    $email = $_REQUEST["email"];
    $subject = $_REQUEST["subject"];
    $message = $_REQUEST["message"];
    mail ("[email protected]", "Subject: $subject", $message, "From: $email");
    echo "Mail sent";
    }
}

Missed that. That's what text editors are for.