How does CGI work?
I maintain a website for a grammar school and I would like to put a form in on our alumni page with their name, graduating year and email address. I can create the form on Frontpage or Dreamweaver, but I don't quite get how the info is sent out. I would like the info sent to a particular email address but I don't know where to put that email address. Can you help?
Dave's Answer:
I'm going to presume that when you want to leave the email contact you don't just want to leave the alumni's email address which would be a potential spam target, and that when you say form you mean email contact form sort of like the one in the middle of the Ask Dave A Question page.
First create the form in Frontpage or Dreamweaver or however you normally create your html documents. Now looking at the html code for the document the actual form part will look something like this:
<form action="email.php" method="post">
<p><div class="postbody">Your Name:</div>
<input type="text" name="name" /></p>
<p><div class="postbody">Your Email:</div>
<input type="text" name="email" /></p><p><div class="postbody">Subject:</div>
<input type="text" name="subject" /></p><p>
<div class="postbody">Message:</div>
<textarea rows="7" name="message" cols="40">
</textarea></p><p><input type="submit"
name="Submit" value="Submit"></p>
</form>
What you need to do is tell the form what to 'do' after you press the submit button.
What people often do is to write a program or script to tell the form what to do and save it separately on the server, this is called sever side scripting. There are several languages you can write this script in but most commonly used are Microsoft's Active Server Pages (ASP) or the open source Hypertext Preprocessor (PHP).
In this example I'll use PHP.
If you look at the first line of the html form code <form action="email.php" method="post"> it's the action part which tells the form what its going to do.
In this case action="email.php" so what I need to do is to write a document telling the form what to do and call it "email.php".
Here's a very basic example of what to write in the "email.php" file:
<p>Hello, <?php echo $_POST['name']; ?>
and thank you for your message.
The following message has been sent from
<?php echo $_POST['email']; ?> to alumni@yourschool.com</p>
<p><u>Subject</u>
<input type="text" name="subject" size="42"
value="<?php echo $_POST['subject']; ?>"></p>
<p><u>Message</u>
<textarea rows="4" name="message" cols="49">
<?php echo $_POST['message']; ?></textarea></p>
<?php if(!empty($_POST['message'])) { mail('alumni@yourschool.com',
stripslashes($_POST['subject']),
stripslashes($_POST['message']), 'From: ' .
stripslashes($_POST['name']) . ' <' .
stripslashes($_POST['email']) . '>'); }
?>
You will need to change the two occurrences of
alumni@yourschool.com highlighted to which ever email contact address you want.
To create this document you need to use a ASCII text editor such as Microsoft's Notepad. Once written go to Save As and where it says File name: write "email.php". Then be sure to change Save Type As: from Text Document (*.txt) to All files or it will save the document as a text file and not a PHP file.
You then need to upload both files to your website hosting server making sure the form part of the html document has the form action changed to action="email.php".
This method will only work if the server where you are hosting your website files has the ability to read sever side scripts and you may need to ask your website host if, and how they do this.
If you need to use a different language here's an example of a site which helps you create forms in various script languages: Tele-Pro.
The example I gave was quite basic as you may want to add extra features such as the page to redirect to once the form is submitted or a page to point out any errors in the submited form, but these would require additional pages. There are lots of examples out there if you 'Google' around a bit.
It's also important to be cognizant of security issues with web pages that can send email. Spammers have been known to find and exploit sites with email forms that are not setup properly to avoid email being sent to any addresses other than the intended one. For example, if you used a hidden field in your form with the "To:" email address, these hidden fields can actually be changed before the form is submitted back to you. The spammer could set up a script that would modify that field for each email sent, and send spam through your web server.
Hope this helps.
Thanks to Ed Ellis and Chris for their assistance.
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
For emailing of data, one doesn't need server side scripting (PHP), just simply start the form with:
<form action="mailto:your@email.com" method="post">
will do.
However, there's a limitation to this. That is the viewer's browser has to be set with the correct SMTP parameters for it to work.