Contact Form

The contact form is functional and was used as the basis for the weblog. It has some minimal validation to deal with blank and multiple submissions. I may eventually put in some delayed redirection logic so that you aren't left sitting on the feedback message indefinitely.

Contact Form

This form implementation is the basis for a number of useful features: guest book, web log, and HTML documentation generator. In addition to sending an e-mail message with the info in the form, it also writes a datetime stamped file that then becomes the raw content for the guest book or web log. I'll put up some examples in the next day or so.

On-line Documentation

If you have ever had to write documentation about HTML in HTML, you know that using all the HTML equivalents is a big headache. To have a tag like <body> display in your documentation, you have to use &lt;body&gt; in the text. Doing a lot of this can become rather tedious. So I started running all my HTML code through a PHP form to have it all converted for me.

Security

Even if you don't have to do any HTML documentation, you should still make sure that you convert any input in a form like this one to "safe" text. Since you will probably be sending the data from the form to an e-mail address or storing it online to view it with a browser, the last thing you need is for someone to enter some malicious code in the form in the hopes that it will execute when you view it. Something as simple as <script language="JavaScript> window.location = myBadURL;</script> could be used to direct your browser to a site that will attempt to exploit a particular vulnerability.

You should also validate and check the submitted data before doing anything with it. Don't depend on client-side validation or controls; they can be defeated fairly easily. This issue was identified as the number 1 security flaw in web applications by the Open Web Application Security Project (OWASP). Check their site for more info. You can download the full report in PDF format.