I just started working for a company as a web programmer.
I was assigned to build a web page, which includes a simple form (visitors name, email, and opinion) for sending an email to the website owner.
I am wondering what is the best way to send this email?
- using just HTML form and MAILTO function, or
- should I do validations with JavaScript as well and sending an email using PHP and maybe AJAX?
Using mail()
mail() is ok, but somewhat unreliable, as it doesn't mean the e-mail has been delivered if mail() returns TRUE.- If you use
mail() ensure you;- Multiple extra headers should be separated with a CRLF (
- The body message lines should be separated with a CRLF (
- The subject line complies with RFC 2047
Favoured methods
There are better favoured methods of sending an e-mail, which are more reliable and "flexible" than the vanilla php mail().
- Use a 3rd party (depending on the type of e-mail)
- Use a library
Validations
- Ensure you validate ALL user input. If you don't, potentially an attacker could use your mail server to send phishing e-mails to loads of people - making you liable.
- Validate on the server side as a priority
- Client-side validation is somewhat optional, as it can be disabled by the client.
- Validate filters
- preg_match()
You should definitly do the validation and use a php script to send the mail.
Problem with mailto forms
If you use mailto forms:
- the user must have installed or set a favorite email application.
- you don't know if the communication between the browser and the email client was successful
In the second case all information entered is lost an the user has to input his opinion again.
http://webdesign.about.com/cs/forms/a/aamailtobroke.htm