Hi.....

If there arent any templates in place.. or the options to do that with act then
this could potentially be a lot more work than you anticipated paul.. just to warn you.

As to whether there are or not, I couldnt tell you personally, as am still new to this bit of software.

Yet, be aware...as soon as you give the customer the opportunity to enter some data.. or click a button, and pass that data to a script then you open yourself up to a potential security risk... plus if theres a wrong button to click. you can guarantee that they will click it.

So, you have to make sure that all the data is validated both pre and post submission, and is sanitised before handling. Remove all those nasty email header and mysql injection attacks. There are also plenty of bots trolling round the net and filling in email address field and clicking buttons left right and centre in the hope that you have not followed the security procedures.

So there are lies statistics and bot statistics...

You interested in this as for something to do to? .. or do you just want the end result?

Hi thanks.

Ah, the security aspect it not something I had considered.

On both forms I had intended to keep buttons to a minimum - e.g. submit only.

However on the questionaire form I was expecting to have 10 -15 questions / fields (the objective of the questionnaire is specific market research). I could probably get away with using drop down options for most questions but would like a few freeform text options as well. And of course the email address field!

Are there any recommended (and low cost / good value) form building softwares out there?

Paul

There is a very good script (Formmail) you can get from this site....

http://nms-cgi.sourceforge.net/

However it is crucial that you configure it correctly to ensure security.

here are the lines you have to configure (unix/linux)

$DEBUGGING = 0;
$emulate_matts_code= 0; do not use 1
$secure = 1; must be 1 to stop spammers using your relay
$allow_empty_ref = 1;set to 1 to stop bad referrer messages whilst leaving security in tact
$max_recipients = 1; reduce the number of recipients to one
$mailprog = '/usr/sbin/sendmail -oi -t'; depends on your server
$postmaster = 'prefix@yourdomain.co.uk'; use a separate address for formmail traffic to allow you to keep it separate from other email and easy to close the address in the event of abuse
@referers = qw(www.yourdomain.co.uk); set this to your domain only
@allow_mail_to = qw(prefix@yourdomain.co.uk); choose one address to receive formmail enquiries
@recipients = (); leave this blank
%recipient_alias = ();leave this blank
@valid_ENV = qw(REMOTE_HOST REMOTE_ADDR REMOTE_USER HTTP_USER_AGENT);
$locale = '';
$charset = 'iso-8859-1';
$date_fmt = '%A, %B %d, %Y at %H:%M:%S';
$style = '0';
$no_content = 0;
$double_spacing = 1;
$wrap_text = 0;
$wrap_style = 1;
$send_confirmation_mail = 0;set to zero means you don't send a thank you email - thus disclosing your email address, people will see an html page saying thankyou etc
$confirmation_text = <<'END_OF_CONFIRMATION';



I hope this is as secure as this script can become..if I've missed something please let me know.

If you use the above settings:

1 You will allow people who fill in the form to send you information, whilst not disclosing your email address (to them and/or harversters).
2 You do not send an email back to them (containing your address) to say thanks for submitting your info, you display a screen which says thanks (so they know the mail has been sent)
3 You will not be allowing spammers to use your script to spam from
4 By using a separate email address for the form you can keep track of activity on the form and it won'y have any impact on the other email addresses to use for your business.