Let's (not) make some forms
Published | 16.15, 23rd of January 2009, by Jay Vincent | Technical
One of the most unenjoyable tasks I often have to undertake is the creation of forms - simple web-to-email forms. Therefore, I've decided to create a little wizard-like application to allow non-webbies to create them, so I don't have to. A few points to consider for anyone doing this are as follows:
- The PHP page which will process the form will need to be generic, and able to handle any input type thrown at it - a checkbox group is read as an array, where as radio button values are simply strings.
- The PHP proccessing page will need to recognise which fields are marked as required fields.
- If required fields are left blank, the PHP processing page will need to send the user back to the form, with values the user has already inputted preserved.
- Inputted values will run through a PHP regular expressions function which will allow only white-listed characters. This security measure will prevent form hi-jacking.
- The PHP processing page will need to verify it is receiving data from its own website. This is done by checking the $_SERVER['HTTP_REFERER'] variable.
- The recipients email address will be cross-referenced in a database table by a unique ID. This ID is what will be specified on the form page. This security measure means a hacker can't alter the recipient email address.
- The form will need to specify a redirect page the user will be sent to upon successful submission.
The creation of the form itself will be wizard-like - WYSIWYG almost, with the user specifying which type of input, its possible values, required fields, etc. Each form and its contents will be stored in a mySQL database table.
This will be a fun little mini-project for me to work on, and when its done it will either be attached onto Arena (our custom CMS) and/or sold here on our website!