Industry guru Dave Taylor offers tech support on technical and business topics, including iPhone, iPod, Microsoft Windows, Sony PSP, cellphones, online advertising, CSS, Web design, business, Unix, Linux, SEO, Mac OS X, and shell script programming.     


How does CGI work?

I maintain a website for a grammar school and I would like to put a form in on our alumni page with their name, graduating year and email address. I can create the form on Frontpage or Dreamweaver, but I don't quite get how the info is sent out. I would like the info sent to a particular email address but I don't know where to put that email address. Can you help?


Dave's Answer:

I'm going to presume that when you want to leave the email contact you don't just want to leave the alumni's email address which would be a potential spam target, and that when you say form you mean email contact form sort of like the one in the middle of the Ask Dave A Question page.

First create the form in Frontpage or Dreamweaver or however you normally create your html documents. Now looking at the html code for the document the actual form part will look something like this:

<form action="email.php" method="post">
<p><div class="postbody">Your Name:</div>
  <input type="text" name="name" /></p>
<p><div class="postbody">Your Email:</div>
  <input type="text" name="email" /></p><p><div class="postbody">Subject:</div>
  <input type="text" name="subject" /></p><p>
<div class="postbody">Message:</div>
  <textarea rows="7" name="message" cols="40">
  </textarea></p><p><input type="submit"
  name="Submit" value="Submit"></p>
</form>

What you need to do is tell the form what to 'do' after you press the submit button.

What people often do is to write a program or script to tell the form what to do and save it separately on the server, this is called sever side scripting. There are several languages you can write this script in but most commonly used are Microsoft's Active Server Pages (ASP) or the open source Hypertext Preprocessor (PHP).

In this example I'll use PHP.

If you look at the first line of the html form code <form action="email.php" method="post"> it's the action part which tells the form what its going to do.

In this case action="email.php" so what I need to do is to write a document telling the form what to do and call it "email.php".

Here's a very basic example of what to write in the "email.php" file:

<p>Hello, <?php echo $_POST['name']; ?>
and thank you for your message.
The following message has been sent from
<?php echo $_POST['email']; ?> to alumni@yourschool.com</p>
<p><u>Subject</u>
  <input type="text" name="subject" size="42"
  value="<?php echo $_POST['subject']; ?>"></p>
<p><u>Message</u>
  <textarea rows="4" name="message" cols="49">
  <?php echo $_POST['message']; ?></textarea></p>
<?php if(!empty($_POST['message'])) { mail('alumni@yourschool.com',
  stripslashes($_POST['subject']),
  stripslashes($_POST['message']), 'From: ' .
  stripslashes($_POST['name']) . ' <' .
  stripslashes($_POST['email']) . '>'); }
?>

You will need to change the two occurrences of alumni@yourschool.com highlighted to which ever email contact address you want.

To create this document you need to use a ASCII text editor such as Microsoft's Notepad. Once written go to Save As and where it says File name: write "email.php". Then be sure to change Save Type As: from Text Document (*.txt) to All files or it will save the document as a text file and not a PHP file.

You then need to upload both files to your website hosting server making sure the form part of the html document has the form action changed to action="email.php".

This method will only work if the server where you are hosting your website files has the ability to read sever side scripts and you may need to ask your website host if, and how they do this.

If you need to use a different language here's an example of a site which helps you create forms in various script languages: Tele-Pro.

The example I gave was quite basic as you may want to add extra features such as the page to redirect to once the form is submitted or a page to point out any errors in the submited form, but these would require additional pages. There are lots of examples out there if you 'Google' around a bit.

It's also important to be cognizant of security issues with web pages that can send email. Spammers have been known to find and exploit sites with email forms that are not setup properly to avoid email being sent to any addresses other than the intended one. For example, if you used a hidden field in your form with the "To:" email address, these hidden fields can actually be changed before the form is submitted back to you. The spammer could set up a script that would modify that field for each email sent, and send spam through your web server.

Hope this helps.

Thanks to Ed Ellis and Chris for their assistance.

More Useful HTML, JavaScript and Web Site Programming Articles:
✔   How to Create Predefined Google Image Search Links?
Thanks for the Amazon URL [see Creating Amazon Search Links]. That worked beautifully. In fact, I sent you $5.00 for coffee in thanks....
✔   Can I embed a Facebook search box on my blog site?
I've seen your articles about how to add a Twitter or Google search box on a Web page, but I have a tougher...
✔   Can I use CSS for drop shadows on my blog?
I want to give my site a bit of a facelift and add some neat graphical elements. One of which is drop shadows....
✔   How can I embed interactive photo panoramas on my site/blog?
I read through your blog entry about how to take panoramic photos with iOS 6 and an iPhone 5 and got enthused. I've...
✔   How can I create a Twitter search URL shortcut?
I'd like to add a few Twitter search links to my Web site. Is that possible, or does Twitter prohibit this sort of...

Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
    Enter your name: and your email addr:  









Reader Comments To Date: 5

uzyn said, on April 27, 2005 2:54 AM:

For emailing of data, one doesn't need server side scripting (PHP), just simply start the form with:

<form action="mailto:your@email.com" method="post">

will do.

However, there's a limitation to this. That is the viewer's browser has to be set with the correct SMTP parameters for it to work.

Dave Taylor said, on April 27, 2005 5:55 AM:

I actually never recommend that people use the "mailto:" action, because it's both not widely supported and leaves your email address in an HTML form that can then be scraped by spammers.

Karl said, on August 31, 2005 12:29 AM:

Hi Dave

Excellent site...

I have just installed Tiger Server, all workd great, afp, dhcp web etc, I follwed the instruction from the article 'How does CGI work?' uploaded the files to the webserver. When I submit the form, I get an error message back 'Method Not Allowed

The requested method POST is not allowed for the URL /email.php.' yet the url shows the return of email.php.

Can you help - many thanks - Karl

Cyndi said, on November 9, 2006 8:43 AM:

I can't get my script to work.
Any chance you can take a moment to look at it. I would be happy to send you my php file.
Thank you,
Cyndi VanGilder

Dan said, on July 18, 2007 4:27 AM:

Um I had a question... how do you get a comment form like this one that will post what you comment on the page and not just email it?

Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!

I do have a comment, now that you mention it!











I will never send you any unsolicited email. Ever.






Check This Out Too...

 
Look for Answers
Need Help? Ask Dave Taylor!


Follow Me on Pinterest

Find Me on Google+
ADT on G+
© 2002 - 2013 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. My lawyer says "Thanks".
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.