need to create simple html comment form

I would like a multiline textbox and a button that sends the comment to my email.

I’ve been trying to dig up some simple code to do this, but everything I see uses, mailto, which is giving me some prompt saying it’s insecure. I would like to avoid pulling up the person’s email client, instead just let them type, click the button, and be done with it.

Any advice?

If you want your visitor to fill out a web page and click the Submit button to launch an email to you, then you’ll need some scripting permissions on your web host. Assuming you have that, many make available a Perl script which does this exact thing. Or you can write your own. I did. Here’s mine:

use strict;

my ($buffer,@pairs,$pair,$contents);
my (%FORM,$name,$value,$result,$pw,$i);

# Get the input
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# ---- Split the name-value pairs
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
  ($name, $value) = split(/=/, $pair);
  $value =~ tr/+/ /;
  $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
  $value =~ tr/\|/ /;
  $FORM{$name} = $value;
  $contents .= "$name: $value


# send the e-mail
open(MAIL, "|/usr/sbin/sendmail -t -fjoe\") || print $!;
print MAIL "To: joe\
print MAIL "From: joe\
print MAIL "Subject: report

print MAIL "$contents";
close MAIL;

# start printing out results page
print "Content-type:text/html

print "
<\!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<HTML><HEAD><TITLE>Report submitted</TITLE><link rel=\"StyleSheet\" href=\"../style.css\" type=\"text/css\"></HEAD><BODY>
print "<H2>Thank you for your report submission.</H2>
print "<P>The following email has been sent to Mr. Blow:<BR>
$contents =~ s/
print "$contents
print "</BODY></HTML>";

Ok, unfortunately that doesn’t make much sense to me :smiley:

I have full control over my website, so I assume I will need to dump something in the CGI-Bin folder.

The code you just showed me goes in the HTML file?

Perhaps we could go through the basic steps.

  1. User types “you are the best, I love you!!!” into the textbox.
  2. User clicks submit button.
  3. Clicking button calls script from my cgi-bin folder
  4. Script parses text and forwards it to email address specified in script.

Is this right so far?

So I need an html page using the FORM tag in some fashion, and a script to place in my cgi-bin folder?

Well written and documented. Read the whole site before you go ahead, though, as you are doing stuff that if done wrong could turn your site into a spam relay…

Viking, isn’t it true that if I hard-coded the To: address in the program, that I’m pretty safe from having my script abused by hackers? I think that’s true, so my advice to World Eater is to be sure to hard-code that address, so that someone won’t be able to use your program to send mail to anyone they want to.

World Eater, what you’re looking for now is how to do what’s called “CGI.” Learn that and you’re there.

most probably, as long as you check everything else passed in to the code for malicious code, etc. For instance, could someone put an ``end this email, start another one to’’ snippet into the body of the email and have everything go pear-shaped?

Which takes a bit of doing, and which is why I would recommend a) using code written by people better than I at it, and b) understanding exactly what’s going on and what security warnings the authors have in the readmes.

CurtC, Does that form actually send the information people type into the form? I tried programing a varation of this for my website a couple of weeks ago, and it looks very nice. Except when you push send it opens a blank e-mail to me. I don’t see the point of this, since nothing you imput into the form actually appears in the e-mail…

elfkin, yes, it works. That’s the program I have on my web site for people to send me some info. There are several fields on that HTML page, and this form sends the name of the field, then its contents, to me. I changed only the email address in this example.

That email link that you provided is supposed to open up a new email to you in your regular email client, and fill in certain fields. Except that different email clients have varying degrees of support for the extra stuff beyond the recipient address. Looks like yours doesn’t.

I actually found a utility offered by my web hosts.

They provided a generic .FormMail.conf to stick in my home directory, and then provided some form HTML that just needed the email addy plugged in.

Thanks all for the help. BTW it’s a nms script :smiley: