Generic ASP Form Mailer Post Sample
This is a generic ASP Form Mail sample that can be used to email ALL posted form data to one or more email addresses.
The following is a working sample of how this component
works on EasyASP hosting accounts. There are literally thousands
of other combinations, colors, methods, etc that could be used to
accomplish the same function. Please note that we do not provide
support for this sample. It is only provided as a guide to help
you get started.
All the ASP code is documented. What is not documented is the plain HTML tables which were added for aesthetic purposes.
Please note: When using any ASP Mail COM Objects, you must use the specific internal email IP address assigned to that server and "2525" as the port number. We configure SMTP on a non-routable, internal IP with an odd port number so that people can send email through ASP scripts, without having to deal with SMTP authentication issues. You can find out what IP address you should be using by clicking here.
Keep in mind that this script will require some customization in order to work on any particular site. You may also wish to alter it to suit your needs better, such as by reformatting the output or adding new options.
Setting Up the Form
Just about any new or existing form can use the script by setting its ACTION attribute to the URL where the script resides and making sure its METHOD is set to "POST".
<form action="/scripts/formmail.asp" method="post"> <p> <input name="_recipients" type="hidden" value="email@example.com" /> <input name="_requiredFields" type="hidden" value="Name,Customer ID,Email,Comments" /> Name: <input name="Name" type="text" /><br /> Customer ID: <input name="Customer ID" type="text" /><br /> Email Address: <input name="Email" type="text" /><br /> Comments:<br /> <textarea name="Comments" rows=5 cols=50></textarea> <input type="submit" value="Submit" /> <input type="reset" value="Clear" /> </p> </form>
Like other versions, this one uses specially named form fields as parameters for controlling the processing. These can be added to the form as hidden fields.
Below is a listing of these fields. Note that all begin with an underscore ('_') character to distinguish them from any other form fields. Any field name that begins with an underscore is not displayed in the resulting email.
You should note that FILE input types are not supported by the script as ASP has no built-in methods for easily dealing with files uploaded from forms.
Before the script can be used, some customization is needed. Much of this depends on the script's location and host environment.
Setting Up the Script
In order for the ASP script to work, some configuration variables need to be set. These are defined at the beginning of the code and determine what sites can use the script and how it will set up and send the email.
Here is a view of the code with some typical values. The parameters are described in detail below.
referers = Array("www.example.net","example.net") mailComp = "ASPMail" smtpServer = "mail.example.net" fromAddr = "firstname.lastname@example.org"
Otherwise, anyone from anywhere could set up a form on their own site, point it to your script and start sending email from your host without your consent.
The remaining configuration variables relate to the component used to send email. The script has been designed to work with four of the most common ASP email components available and to provide an easy way to set the parameters they generally require.
If your host does not use one of these, you'll need to modify the script to add support for your particular situation. You should check with your host administrator or technical support personnel to find out what is supported on your site and the correct parameters needed to use it.
For more information on the supported email components, visit the vendor sites: ServerObjects (ASPMail), Microsoft (CDONTS and CDOSYS), and Dimac (JMail).
The script is fairly simple with four basic steps.
Note that the script does not necessarily stop processing when an error occurs. Instead, error messages are stored in a global array and processing continues where possible. Then all the error messages can be displayed on the final step.
The details for each step are discussed below.
Checking for a Valid Form Submission
The script first checks for form data in the request, no data means that
there is nothing to process. Then it checks the referering URL, parsing out the
host name and looking for a match in the
<% 'Check for form data. if Request.ServerVariables("Content_Length") = 0 then call AddErrorMsg("No form data submitted.") end if 'Check if referer is allowed. validReferer = false referer = GetHost(Request.ServerVariables("HTTP_REFERER")) for each host in referers if host = referer then validReferer = true end if next if not validReferer then if referer = "" then call AddErrorMsg("No referer.") else call AddErrorMsg("Invalid referer: '" & referer & "'.") end if end if 'Check for the recipients field. if Request.Form("_recipients") = "" then call AddErrorMsg("Missing email recipient.") end if %>
The script then looks in the
The final check is for the
Parsing Multiple Values
All the email addresses in the
It's useful to note how the script separates individual email addresses of this field, as the same technique is used in other control fields that allow multiple values.
<% 'Check all recipient email addresses. recipients = Split(Request.Form("_recipients"), ",") for each name in recipients name = Trim(name) if not IsValidEmailAddress(name) then call AddErrorMsg("Invalid email address in " _ & "recipient list: " name & ".") end if next recipients = Join(recipients, ",") %>
The built-in VBScript function
Looping through these, it first trims any leading or trailing whitespace from the individual string and then makes the validation check.
Finally, the complimentary
Processing the Optional Control Fields
The script then checks for the optional control fields. For
<% 'Get replyTo email address from specified field, if given, and 'check it. name = Trim(Request.Form("_replyToField")) if name <> "" then replyTo = Request.Form(name) else replyTo = Request.Form("_replyTo") end if if replyTo <> "" then if not IsValidEmailAddress(replyTo) then call AddErrorMsg("Invalid email address in " _ & "reply-to field: " & replyTo & ".") end if end if %gt;
Again, since this is an email address, the
<% 'If required fields are specified, check for them. if Request.Form("_requiredFields") <> "" then required = Split(Request.Form("_requiredFields"), ",") for each name in required name = Trim(name) if Left(name, 1) <> "_" and Request.Form(name) = "" then call AddErrorMsg("Missing value for " & name) end if next end if %gt;
If any of these specified fields has a null string value, an error message is generated.
Building the Email Message
Once these control fields have been processed, and no errors have occured, the script then contructs body of the email note, using HTML formatting.
<% 'Build table of form fields and values. body = "<table border=""0"" cellpadding=""2""" _ & cellspacing=""0"">" & vbCrLf for each name in fieldOrder body = body _ & "<tr valign=""top"">" _ & "<td><b>" & name & ":</b></td>" _ & "<td>" & Request.Form(name) & "</td>" _ & "</tr>" & vbCrLf next body = body & "</table>" & vbCrLf %>
This function corrects a small problem with VBScript. While it's possible to simply loop through all the form fields using a statement like...
<% for each name in Request.Form ... next %>
VBScript doesn't guarantee that the field names will be given in the same order as they appear in the form request sent by the browser.
To ensure that the fields are listed in the order received, the
<% function FormFieldList() dim str, i, name 'Build an array of form field names ordered as they 'were received. str = "" for i = 1 to Request.Form.Count for each name in Request.Form if Left(name, 1) <> "_" and _ Request.Form(name) is Request.Form(i) then if str <> "" then str = str & "," end if str = str & name exit for end if next next FormFieldList = Split(str, ",") end function %>
Note that it also ignores any fields whose name begins with an underscore character, so control fields are not included.
If any environment variables were requests via the
The code is similar to that used to list form fields from the
<% 'Add a table for any requested environmental variables. if Request.Form("_envars") <> "" then body = body _ & "<p> </p>" & vbCrLf _ & "<table border=""0"" cellpadding=""2""" _ & "cellspacing=""0"">" & vbCrLf envars = Split(Request.Form("_envars"), ",") for each name in envars name = Trim(name) body = body _ & "<tr valign=""top"">" _ & "<td><b>" & name & ":</b></td>" _ & "<td>" & Request.ServerVariables(name) & "</td>" _ & "</tr>" & vbCrLf next body = body & "</table>" & vbCrLf end if %>
Sending the Email
As noted before, the script supports four different email components, and
more can be added. The
<% if mailComp = "CDONTS" then set mailObj = Server.CreateObject("CDONTS.NewMail") mailObj.BodyFormat = 0 mailObj.MailFormat = 0 mailObj.From = fromAddr mailObj.Value("Reply-To") = replyTo mailObj.To = recipients mailObj.Subject = subject mailObj.Body = body mailObj.Send set mailObj = Nothing exit function end if %>
The values for the variables
CDONTS doesn't provide any return values or error checking on the send call but other components do. For these the function returns any error message or code provided. For example, this code is used when ASPMail is specified.
<% if mailComp = "ASPMail" then ... if not mailObj.SendMail then SendMail = "Email send failed: " & mailObj.Response & "." end if exit function end if %>
Displaying an Output Page
The last step is to create some form of output page. If any errors occured,
the script prints out all the error messages collected. If a
Otherwise, it displays a simple "Thank you" message along with body of the email sent. Since the email message was formatted in HTML, the same string value can be used in the page display.
Although the script allows for some input validation, many online forms will require much more stringent checks. But it does serve well for generic purposes and the basic processing flow can easily be expanded to accomodate more complex data validation and processing requirements.
|Home | Hosting | Resellers | About Us | Testimonials | Site Map | Contact Us | Data Center | Helm | Support | Announcements | Order|