![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
how do I create a contact us page?
- Thread starter umcpgrad
- Start date
Sgraffite
Supreme [H]ardness
- Joined
- Jan 10, 2006
- Messages
- 4,405
You can create and html form that posts to your web server. On the web server side you take the posted information and create an email with to, from, subject, and message. Make sure the "to" field is set to your email address, and send the message.
Sp33dFr33k
2[H]4U
- Joined
- Apr 20, 2002
- Messages
- 2,481
Sgraffite
Supreme [H]ardness
- Joined
- Jan 10, 2006
- Messages
- 4,405
You can create as many forms as you'd like, or put a "Nature of contact" dropdown on the form too. Configuring the web server is specific to the type of web server, and that is a separate question really.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
Look into php, something like this:
Client side:
Server side:
This is rather crude and untested, no error checking, and while I used Sanitize() and SanitizeMultiLine() those are not real functions, you'll have to code them. Basically you want to ensure there arn't any characters or sequences that could inject bad data into the mail command. You never want to trust GET or POST or any data from the user. Even the result of a drop down can be changed to anything so you don't want to trust it.
If you want more fields, you can add more and place them where you want. Ex: instead of just putting $comm in the body you could have something a bit more elaborate. You could even have if statements that send comments to a different email based on the category.
Client side:
Code:
<form action="contactus.php?act=submit" method="post">
Your name: <input type="text" name="name"><br>
Your email: <input type="text" name="email"><br>
Comments:<textarea name="comm"></textarea><br><br>
<input type="submit">
</form>Server side:
Code:
<?php
$name = Sanitize($_POST['name']));
$email = Sanitize($_POST['email']));
$comm = SanitizeMultiLine($_POST['comm']));
mail("[email protected]","Form submission from ".$name,$comm,"From:".$from."<".$email.">")
echo("Thanks, we probably received your comment (but did not bother doing error checking, so maybe not!)");
?>This is rather crude and untested, no error checking, and while I used Sanitize() and SanitizeMultiLine() those are not real functions, you'll have to code them. Basically you want to ensure there arn't any characters or sequences that could inject bad data into the mail command. You never want to trust GET or POST or any data from the user. Even the result of a drop down can be changed to anything so you don't want to trust it.
If you want more fields, you can add more and place them where you want. Ex: instead of just putting $comm in the body you could have something a bit more elaborate. You could even have if statements that send comments to a different email based on the category.
Sgraffite
Supreme [H]ardness
- Joined
- Jan 10, 2006
- Messages
- 4,405
There's no reason to add the "?act=submit" to your form action, because on the server side you can divine what the user is doing in that case like this:
Code:
if ($_SERVER['REQUEST_METHOD'] === 'POST')Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
Yeah did that by habit. If I have more than one form on the same page they'll typically have their own action. But yeah for this particular example it would not be needed. You can also check if the submit button is "set" since whatever you put for the value will be sent. Different ways to do it.
Sgraffite
Supreme [H]ardness
- Joined
- Jan 10, 2006
- Messages
- 4,405
I understand and no no worries. I thought I'd mention it since I feel like goes along with the never trust user input idea that you mentioned. So whenever you can have knowledge of something server side, you don't pass that in from the form, because then the user has a change to change it prior to submitting the form.
Sgraffite
Supreme [H]ardness
- Joined
- Jan 10, 2006
- Messages
- 4,405
You filled out a form to post that...