BlokeInPub.com

Blog - Creating a Contact Us Form (2008-02-01)

Totty Roads
RSS Feed Atom Feed 
Other feeds
What's New

Previous blog Next blog Archive


Creating a Contact Us Form (2008-02-01)

Category: Web Design. Posted: 2008-02-03 17:48:13 GMT. Updated: 2008-02-03 21:11:33 GMT.

Putting your e-mail address on a website using the mailto value with an e-mail address in the HREF attribute of the <a> tag will let visitors contact you easily. For example <a href="mailto:me@example.com">me@example.com</a>

This has two main disadvantages:

A commonly used alternative is to try to disguise your e-mail address in text. An example would be me#AT#example#DOT#com to mean me@example.com. This is OK, but does assume that people understand what you mean, and doesn't guarantee that Spambots won't figure it out.

Example emailAnother alternative is to put your e-mail address as a picture file. This option is OK, but relies on visitors having a working e-mail client (or webmail), and also relies on them correctly typing in what is on the picture file. It's also not impossible for a good Spambot to figure out what the e-mail address is.

A far better option is to use a contact us form. An easy to use one can be found at http://www.ibdhost.com/contact/. This is a good form, but when creating any PHP form that sends e-mail, you need to guard against e-mail injection (see Wikipedia and SecurePHP for more information). The I B D Host form tries to guard against e-mail injection by stating that the BCC: function should be blocked, but this isn't always possible. Even large firms make the mistake of not guarding against e-mail injection (see Ikea rapped for flat-pack spam).

However you decide to create your form, make sure that your e-mail address is stored on the server, and NOT stored in the form itself. There is a commonly used PERL script that uses hidden variables in the HTML form itself to store the recipient's e-mail address. Just because the browser doesn't show the field doesn't mean that the Spambots can't find it. Don't use this type of form.

A final solution that I don't know much about is to use Javascript. See Use JavaScript To Protect Your Email Address for more information.


Please feel free to post comments about my blog here, but please keep to these rules:

When you click on the Next button below, your comment will be displayed, so that you can check you're happy with it, but it won't actually be entered. You will then need to click on the Submit Comment button, before your comment is actually submitted.

Your Name:

Where you're from:

Comments:




Previous blog Next blog Archive

Bookmark with:
Post to Delicious Post to Digg Post to reddit Post to Facebook Post to StumbleUpon Post to Furl 

© 2002-2021. [ Contact me ] [ Site Map ] [ Guestbook ][ Privacy ]
Created on: 15 Jun 2006. Modified on: 15 Jun 2006.
Valid HTML 4.01
Valid CSS