SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: Order Forms

  1. #1
    SitePoint Addict
    Join Date
    Mar 2008
    Location
    Sterling, CO
    Posts
    275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Order Forms

    Hi,

    I'm trying to create an 'order form' for my website. I'm not sure where the correct place to post this at so I posted here.

    My 'order form' needs to gather information i.e. name, address, phone number and the customers order then somehow record and send this information to me in a secure way.

    My question is where do I start to be able to do this? It seems I would have to make an HTML order form page, then a PHP page??, and have SSL? Something like that. I just want to make sure that it works on every ones computers.

    Thanks

  2. #2
    SitePoint Enthusiast
    Join Date
    Apr 2008
    Location
    UK
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If ya server has cgi scripts enabled it might be worth looking at matts form mail script. This is easy to implement for a beginner and will send whatever data you wish to capture from your form to your email inbox. An alternative is to use php mail() function. But you need to make sure that sendmail is enabled in the php.ini file on the server.

    The code will probably be something like this:-

    Code:
    <form method="post" action="send.php">
    What is your name:-<input type="text" name="name" />
    What is your email address:- <input type="text" name="email" />
    AND SO ON AND SO FORTH
    
    </form>
    You can get an php process script from any number of places, but it is pretty easy to make one yaself. You need to simply get the data from the form and store them in variables in php and then send them with the mail() funtion. There is a tutorial on w3c of how it works and I suggest reading up on it as I might make a mistake when typing it out on here and I don't wanna send you on the wrong track.
    Hope this helps

    Ash

  3. #3
    SitePoint Addict palgrave's Avatar
    Join Date
    Jan 2006
    Posts
    357
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Freejoy View Post
    HTML order form page, then a PHP page??, and have SSL?
    Yes, or substitute the php with any server-side scripting language.

    However, forms need to be secure.

    Bad people or programs can use a web form to send spam. You need to make sure it is protected against header injection attacks. If the form variables are sent to a database, you also need to protect against sql injection attacks, that have the potential to open up your database to a hacker, and for the whole database to be deleted.

    If you aren't sure how to implement security measures, use something like Form2Mail. They do all the hard work for you, and best of all, it's free.

  4. #4
    SitePoint Addict
    Join Date
    Mar 2008
    Location
    Sterling, CO
    Posts
    275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks!

    Everything is simple when you know how!

    Well as much as I appreciate your advice, I now have a fly to your cart ...thing. I got it connected in but it will not keep the totals figured from one page to the next. It was free and I just cut and pasted and wiggled it in the until it worked. It's demo and one is suppose to know what their doing to get it working correctly. It works with Ajax and php I know nothing about. But I'm reading fast as I can.

    Is there a script I can past in to make it work from page to page?

  5. #5
    SitePoint Enthusiast
    Join Date
    Apr 2008
    Location
    UK
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by palgrave View Post
    If the form variables are sent to a database, you also need to protect against sql injection attacks, that have the potential to open up your database to a hacker, and for the whole database to be deleted.
    SQL injection attacks are automatically protected with php5 though aren't they?

    I was under the impression that in php5 if you put a if statement in the form element, php would just comment it out.

    Correct me if i'm wrong.

    Ash

  6. #6
    SitePoint Member
    Join Date
    Apr 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, that is not correct. You can use many different command to do an SQL injection.

    But do you need a DB or do you just need to collect the info and have that sent to you? Depends on what information you collect, you might be OK to just have it sent to you securely or post it in a DB, but as soon as you start collecting credit card information or private data (SSN) you are in a different security area which requires adherence to US laws and regulations...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •