Jump to content

How to Hide Action Attribute (Form Mail)?


Herbert at GC

Recommended Posts

If you are getting blank emails from the contact us form, it sounds like your script used to process the form isn't working properly? Ideally, the script you are using should be able to validate your input and make sure that all the fields in the form have been entered properly before sending email.

 

Hi Ben,

 

Thanks for your input. I'm using Dreamweaver to validate the form. I kind of think that someone has been viewing my contact page source code, cut and paste the full path to the browser, hit enter (key board) and goes the blank email. The reason I said this is because I was able to re-create it. So I was thinking that if I can hide the action attributes or the value then it will not be visible in the source code.???

 

Thanks,

Herbert

Link to comment
Share on other sites

In most cases, no, you can't remove the action attribute (unless your contact form redirects to the same page for processing.) However, it sounds like your best bet would be to ensure that the form processing page can't be accessed directly, and someone has to submit the form in order for it to send the email. Perhaps you can post the code from that page, and we can do our best to help you?

Link to comment
Share on other sites

In most cases, no, you can't remove the action attribute (unless your contact form redirects to the same page for processing.) However, it sounds like your best bet would be to ensure that the form processing page can't be accessed directly, and someone has to submit the form in order for it to send the email. Perhaps you can post the code from that page, and we can do our best to help you?

 

 

The contact form is entirely built using HTML, and use PHP as processor.

 

I think I will have to re-build the contact form using PHP to self submit, but I don't really now much about PHP yet.

 

Thanks,

Herbert

Link to comment
Share on other sites

Like I said, if you post the code, we can help.

 

 

 

Form source code below

 

-------------------------------------------------------------

 

<form method="post" action="contact.php">

<div align="right">

<table width="242" height="212" border="0" align="center" cellpadding="0" cellspacing="0"><tr>

<td colspan="3" align="left" class="style4"><label><strong><span class="style5 style6 style12"><br/>

</span><span class="style10">Contact Us</span><br />

About:</strong>

<select name="about" id="about">

<option selected="selected">Click Here</option>

<option value="Graphic Design">Graphic Design </option>

<option value="Website Design">Website Design </option>

<option value="Logo Design">Logo Design</option>

<option value="Signage">Signage</option>

<option value="Printed Promotional Materials">Printed Promotional Materials</option>

<option value="Technical Illustration">Technical Illustration</option>

<option value="Packaging Design">Packaging Design</option>

<option value="Website Update, Existing Customer">Website Update, Existing Customer</option>

<option value="Website Update, New Customer">Website Update, New Customer</option>

<option value="Labels & Decals">Labels & Decals</option>

<option value="OEM Custom Die Cut Decals">OEM Custom Die Cut Decals</option>

<option value="Labels & Decals RND/Prototyping">Labels & Decals RND/Prototyping</option>

<option value="Membrane Switch Production Engineering">Membrane Switch Production Engineering</ption>

<option value="Material Data Sheet">Material Data Sheet</option>

</select><br /></label><br />

<strong>Priority:</strong><br /> High

<input type="radio" name="priority" id="priority" value="High" /> Normal

<input type="radio" name="priority" id="priority2" value="Normal" /> Low

<input type="radio" name="priority" id="priority3" value="Low" /> <br />

</label></td></tr>

<tr><td width="49" class="style4"><div align="right" class="style29">

<label for="ID_textfieldName_1C7E60E43BF7560"></label><div class="contact">

<div align="left" class="style19"><p align="right" class="style3">Name:</p>

</div></div></div></td><td width="1" class="style4"></td>

<td width="304" class="style4"><div align="left">

<input name="name" type="text" id="name" size="30" /> </div></td>

</tr><tr><td class="style4">Company:</td><td class="style4"></td>

<td class="style4"><input name="company" type="text" id="company" size="30" /></td></tr>

<tr><td class="style4"><div align="right" class="style29"><label for="ID_textfieldName_1C7E60E5088ED30">

</label><div class="contact"><div align="left" class="style3">

<div align="right">E-mail:</div></div></div></div></td><td width="1" class="style4"></td>

<td width="304" class="style4"><div align="left">

<input name="email" type="text" id="email" size="30" /></div></td></tr>

<tr><td class="style4"><div align="right" class="style29">

<label for="ID_textfieldName_1C7E60E580F5940"> </label>

<div class="contact"><div align="left" class="style3">

<div align="right">Phone:</div></div></div></div></td>

<td width="1" class="style4"></td><td width="304" class="style4">

<div align="left"><input id="phone" type="text" name="phone" size="30" />

</div></td></tr><tr><td class="style4"><div align="right" class="style29">

<label for="ID_textfieldName_1C7E60E5A5EA070"> </label><div class="contact">

<div align="left" class="style3"><div align="right">Fax:</div></div>

</div></div></td><td width="1" class="style4"></td>

<td width="304" class="style4"><div align="left">

<input id="fax" type="text" name="fax" size="30" />

</div></td></tr><tr><td colspan="3" class="style4"></td>

</tr><tr><td height="25" colspan="3" valign="bottom" class="style4"><div align="center">

<div class="contact"><div align="left" class="style7">

<font face="Arial">Please enter your message below</font>:</div>

</div></div></td></tr><tr><td colspan="3"></td></tr><tr>

<td colspan="3" align="left"><div align="left"><p>

<textarea name="comments" rows="6" cols="32" id="comments"></textarea><br />

<input type="submit" onclick="MM_validateForm('name','','R','company','','R','email','','RisEmail');return document.MM_returnValue" value="Send" /><input type="reset" name="Reset" id="button" value="Reset" />

</p></div></td></tr><tr><td colspan="3"></td></tr></table><br /></div> <div align="right"></div>

</form>

 

------------------------------------------

Thanks,

Herbert

Link to comment
Share on other sites

Sorry, I should have been clearer -- I mean the PHP code that processes the form (contact.php).

 

 

PHP code below

 

---------------------------------------

<?php

 

$about = $_REQUEST['about']."\n";

 

$priority = $_REQUEST['priority']."\n";

 

$name = $_REQUEST['name']."\n";

 

$email = $_REQUEST['email']."\n";

 

$phone = $_REQUEST['phone']."\n";

 

$fax = $_REQUEST['fax']."\n";

 

$company = $_REQUEST['company']."\n";

 

$callme = $_REQUEST['callme']."\n";

 

$comments = $_REQUEST['comments']."\n";

 

$email_message = "About: {$about} Priority: {$priority} Name: {$name} E-mail: {$email} Phone: {$phone} Fax: {$fax} Message: {$comments} Company: {$company} Please call me at: {$callme}";

 

mail('email@sbcglobal.net','GC Feedback', $email_message);

 

?>

 

----------------------------------------

 

Again I'm using Dreamweaver to validate the form.

 

Thanks,

Herbert

Link to comment
Share on other sites

Here's one way to handle things... In the PHP processing page, make sure the correct form fields are filled in before emailing. I know you say that Dreamweaver validates the form, but it only validates the form if the user submits it from your contact html page -- if a user tries to access contact.php directly, it will email a blank message because there is no validation.

 

(make sure to update your email and contact.html page in the below example. The "header()" line near the bottom of the code is used to redirect the user back to your contact form if someone tries to access the .php page directly.)

 

<?php

if (isset($_POST['name']) && isset($_POST['company']) && isset($_POST['email']))
{
$about = htmlentities($_REQUEST['about']."\n", ENT_QUOTES);
$priority = htmlentities($_REQUEST['priority']."\n", ENT_QUOTES);
$name = htmlentities($_REQUEST['name']."\n", ENT_QUOTES);
$email = htmlentities($_REQUEST['email']."\n", ENT_QUOTES);
$phone = htmlentities($_REQUEST['phone']."\n", ENT_QUOTES);
$fax = htmlentities($_REQUEST['fax']."\n", ENT_QUOTES);
$company = htmlentities($_REQUEST['company']."\n", ENT_QUOTES);
$callme = htmlentities($_REQUEST['callme']."\n", ENT_QUOTES);
$comments = htmlentities($_REQUEST['comments']."\n", ENT_QUOTES);

$email_message = "About: {$about} Priority: {$priority} Name: {$name} E-mail: {$email} Phone: {$phone} Fax: {$fax} Message: {$comments} Company: {$company} Please call me at: {$callme}";

mail('youremail@sbcglobal.net','GC Feedback', $email_message);
}
else
{
header("Location: your_contact_page.html");
}

?>

I have also used the htmlentities() function (http://php.net/manual/en/function.htmlentities.php) when getting the data from your form since I feel a bit more comfortable knowing that there's less of a chance that something invalid/malicious can get through.

Link to comment
Share on other sites

Hi Ben,

 

Thanks for adding validation to the PHP code. Works great!

I appreciate your help!

 

 

FYI, I just purchased the Killer PHP complete web programming video tutorial.

You guys did a great job putting it together! Love it, highly recommended.

 

 

 

Thanks again,

Herbert

 

 

 

 

 

 

 

 

 

Here's one way to handle things... In the PHP processing page, make sure the correct form fields are filled in before emailing. I know you say that Dreamweaver validates the form, but it only validates the form if the user submits it from your contact html page -- if a user tries to access contact.php directly, it will email a blank message because there is no validation.

 

(make sure to update your email and contact.html page in the below example. The "header()" line near the bottom of the code is used to redirect the user back to your contact form if someone tries to access the .php page directly.)

 

<?php

if (isset($_POST['name']) && isset($_POST['company']) && isset($_POST['email']))
{
$about = htmlentities($_REQUEST['about']."\n", ENT_QUOTES);
$priority = htmlentities($_REQUEST['priority']."\n", ENT_QUOTES);
$name = htmlentities($_REQUEST['name']."\n", ENT_QUOTES);
$email = htmlentities($_REQUEST['email']."\n", ENT_QUOTES);
$phone = htmlentities($_REQUEST['phone']."\n", ENT_QUOTES);
$fax = htmlentities($_REQUEST['fax']."\n", ENT_QUOTES);
$company = htmlentities($_REQUEST['company']."\n", ENT_QUOTES);
$callme = htmlentities($_REQUEST['callme']."\n", ENT_QUOTES);
$comments = htmlentities($_REQUEST['comments']."\n", ENT_QUOTES);

$email_message = "About: {$about} Priority: {$priority} Name: {$name} E-mail: {$email} Phone: {$phone} Fax: {$fax} Message: {$comments} Company: {$company} Please call me at: {$callme}";

mail('youremail@sbcglobal.net','GC Feedback', $email_message);
}
else
{
header("Location: your_contact_page.html");
}

?>

I have also used the htmlentities() function (http://php.net/manual/en/function.htmlentities.php) when getting the data from your form since I feel a bit more comfortable knowing that there's less of a chance that something invalid/malicious can get through.

Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...