Master Form PHP V3

User Manual

General		Control Panel		Form Features
Overview Quick Start Lost Password Updates		The Home Page Create Table Setup Get Setup Info Edit Setup Delete Setup Download Table Data		Confirmation/Thank-you Page Email Placeholders Multi-page Forms Form Tips

Create Table Setup

Creating Master Form .PHP table setups is optional.

Forms may be submitted without specifying a Master Form .PHP table setup. In that case, the default setup will be used. (The default setup only stores the form information in a MySQL table. It does not send any email and does not process upload files.)

The default setup works fine. Form submissions will have their information stored in the default MySQL database table. The default table may contain information from many forms. Which is OK unless you want the data from different forms in separate tables.

For storing certain forms' submitted information in separate tables, create a Master Form .PHP table setup to fit. Each table setup will have its own corresponding MySQL database table.

When a Master Form .PHP table setup is created, certain functionality can be specified that is not available in the default table setup. All fields except the label for the table setup are optional.

General Information

Specifying a label for the table setup. (This is the only required field.) What is typed here will be in the dropdown table setup selection list on the Home page.

The corresponding MySQL database table name. If left blank, a name is automatically assigned.

The level of security to apply to the form content in case it is ever published on a web page (including your confirmation/thank-you page) or other place where HTML or JavaScript may have an effect.

No security.

No changes will be made to the content because of security considerations.
Disable SCRIPT and EMBED tags.

This disables SCRIPT and EMBED tags by changing the tag names into "DISABLED".
```
<script type="text/javascript">
alert("hello!");
</script>
```
becomes
```
<DISABLED type="text/javascript">
alert("hello!");
</DISABLED>
```
Disabling SCRIPT tags will not disable JavaScript in other tags. For example, a mouseover="..." in a span or P (paragraph) tag may still be effective.
Remove SCRIPT and EMBED tags.

SCRIPT tags and EMBED tags are removed, including content between <script...> and </script> tags.

Removing SCRIPT tags will not remove JavaScript in other tags. An onclick="..." in a div or A (link) tag, for example.
Remove all HTML tags, including SCRIPT and EMBED.

Removing all HTML tags will leave no markup code in the content. No paragraph, line break, image, script, or any other HTML tags.
Keep content, but sanitize to prevent cross site scripting.

This turns angle brackets, ampersands, and quotes into HTML entities.
```
<a href="page.php?word=hello">Click here</a>
```
becomes
```
&lt;a href=&quot;page.php?word=hello&quot;&gt;Click here&lt;/a&gt;
```

Choose the level of protection you prefer, if any.

If the content will ever be displayed on a web page or otherwise where HTML and JavaScript are effective, I recommend the best protection the purpose of your content allows. For example, if the content will need to retain its HTML markup, perhaps at least SCRIPT and EMBED tags can be removed.

Disabling or removing SCRIPT tags will not disable or remove JavaScript in other tags. An onload="..." in an image or div tag, for example.

An email address where any MySQL error messages can be sent to.

File Uploads

Uploaded files may be sent as email attachments and/or stored on the server. (This section is required for successful file uploads.)

If uploaded files are to be sent as email attachments, use the Post-submission Email section later of the Create Table Setup or Edit Table Setup page.

If uploaded files are to be stored on the server, specify the directory where they are to be stored. The directory is specified relative to the document root (the location of the domain's main or index web page file). For example, if file uploads are to be stored at http://example.com/uploadedfiles, then the directory to specify here would be /uploadedfiles

Below where the directory for uploaded files is specified, all file upload field names are required to be listed, whether to be stored on the server or sent as email attachment.

The form to list the upload field names looks something like this:

Field: Maximum file size:

List of authorized file name extensions:

Files uploaded with form fields not listed will be ignored.

Type the field name in the Field: text box. Then, if applicable, the maximum upload file size and a list of authorized file name extensions.

The maximum size is specified in bytes, kilobytes, or megabytes. Type a "B", "K", or "M" following the number. If no B, K, or M, then B is assumed. If no size is specified, no maximum file upload size applies other than limitations your installation of PHP might have.

List file name extensions separated with a comma and a space. If none are listed, all file name extensions are authorized.

To delete a file upload field specification, make the Field: text box blank.

Form Field Restrictions

Any form fields in the form being processed for this table setup may be specified as being required and/or as being an email field.

The section to specify a form field as being required or as being an email field looks something like this:

Field: Page: Required Email

Error message (may contain HTML markup):

In the "Field" box, type the form field name. This is case-sensitive.

In the "Page" box, type the form page number if the restriction applies to a multi-page form. Otherwise, leave blank.

Check the "Required" and/or "Email" checkboxes as appropriate.

In the "Error message" text box, type the message to be presented to the form user should the field be blank (if a required field) or contain something not recognized as an email address (if an email field). The error message may contain HTML markup.

To restrict more form field names, click the "[Click to restrict another field]" link.

To delete a restricted field, make the box with the field name blank or uncheck all restriction checkboxes.

Banned

Certain email addresses, IP addresses, and words/phrases may be banned. When a form submission is banned, it is not recorded in the MySQL database and no email is sent.

To ban, type the banned email, IP, word, or phrase in the text box, one banned item per line. These are case-insensitive, "word" and "wORd" are treated the same.

Use * to indicate zero or more of any printable (non-white space) characters.

Examples:

Banned item	Matches	Does not match
word	word, Word, wORd	worded, wording
word*	word, Word, wORd, worded, wording, Wordage	w-o-r-d, ward, world
41.83.104.9	41.83.104.9	41.83.104.205
41.83.104.*	41.83.104.9, 41.83.104.205, 41.83.104.21	99.83.104.205
boyz@hotmail.com	boyz@hotmail.com, Boyz@Hotmail.com, BOYZ@hotmail.com	boyz@hotmail.co.uk
*@hotmail.com	me@hotmail.com, you@hotmail.com, all@hotmail.com	any@hotmail.co.uk
hot stuff	hot stuff, Hot Stuff	hotstuff
hot s*	hot stuff, Hot Stuffing, hot special	hottest slinky
hot* s*	hot stuff, Hot Stuffing, hot special, hottest slinky	hotspecial

When a submission is banned, an error message can be printed or submission can fail silently.

To print an error message, type the message below (use "[[WORD]]" to print the banned match).
To fail silently, leave it blank.

When a submission fails silently, it will appear to the form user as if the submission was successful.

Post-submission Email

One or more emails can be sent after every form submission. Fill in the email form for each email.

If the email form's "To:" email address contains an email address, the email will be sent. Otherwise, the email will not be sent.

All text email form fields can be customized with the submitted form information using placeholders.

Placeholders are form field names between double square brackets (case sensitive). Before the email is sent, placeholders are replaced with the form field information.

See the "Email Placeholders" section of the User Manual for more information about placeholders, including conditional and math placeholders.

A special placeholder [[ALL_VALUES]] can be used in the email body content to list all form field information.

The "To:" email address.

Specify the email address where the email will be sent to. Only one mail address in this field.

Optionally, a form field containing an email address can be used here. Put the form field name between double square brackets (case sensitive). Example: [[email]]

When a form field name placeholder is used, the specified form field value (if available) replaces the placeholder before the email is sent. If no value is found for the specified form field name, the placeholder is removed and no email is sent.

The "From:" name.

This can be any name to publish in the From: header line of the outgoing email.

Optionally, a form field containing a name can be used here. Put the form field name between double square brackets (case sensitive). Example: [[email]]

The "From:" email address.

This can be any email address to publish in the From: header line of the outgoing email.

Optionally, a form field containing an email address can be used here. Put the form field name between double square brackets (case sensitive). Example: [[email]]

"Cc:" email address(es).

This can be one or more email addresses to send a copy of the email to. If more than one email address, separate them with a comma.

Optionally, a form field containing an email address can be used here. Put the form field name between double square brackets (case sensitive). Example: [[email]]

"Bcc:" email address(es).

This can be one or more email addresses to send a blind copy of the email to ("blind" means the recipient's address will not appear in the header lines of anyone else's email). If more than one email address, separate them with a comma.

Optionally, a form field containing an email address can be used here. Put the form field name between double square brackets (case sensitive). Example: [[email]]

Custom "Return-Path:" email address.

It may be possible to customize the "Return-Path:" email address. (The Return-Path email address is for emailing route error messages.)

If a custom Return-Path email address header line is required or desired, type the email address here.

Some servers' email setup allows this, others do not. Some PHP/sendmail configurations do not permit customizing the Return-Path. If you get an error message on the confirmation/thank-you page related to the mail() function, or no email arrives, try making this field blank.

Optionally, a form field containing an email address can be used here. Put the form field name between double square brackets (case sensitive). Example: [[email]]

The email "Subject:" line.

Type the text of the email's subject line.

To use form information, put the field name between double square brackets (case sensitive). Example: [[name]]

The information (if available) will replace that placeholder before the email is sent. Example of use: [[name]], the info you requested!

The email body content.

Into the email body content text box, type what is to be sent in the email when the form is submitted.

To print form information, use a placeholder. A placeholder is the form field name (case sensitive) between double square brackets.

The information (if available) will replace the placeholder before the email is sent. Example of use:

Your email address [[email]] was entered in one of our web site forms.

To insert all form fields and values with one placeholder, use: [[ALL_VALUES]]

If the email body content text box is left blank, Master Form .PHP assumes it contains the placeholder [[ALL_VALUES]].

Attachments.

The email can have one or more attachments. Attachments can be:

Files uploaded with the form.
Files obtained from the server.
Content obtained from the Internet.

Specify the source of each attachment, one per line.

1. Files uploaded with the form.

To attach a file uploaded with the form, use a placeholder like this:

[[UPLOADED fieldname]]

Replace fieldname with the name of the field used to upload the file.

As an example, if this were the form source code for the file upload field:

<input type="file" name="photo">

The attachment would be specified as:

[[UPLOADED photo]]

2. Files obtained from the server.

To attach a file located on the server, specify its location.

The location is the directory path to the file specified relative to where the domain's main or index page is located. That would be the URL of the file without the leading http:// and domain name.

As an example, if this were the URL of the file on your server:

http://example.com/images/product.jpg

The attachment would be specified as:

/images/product.jpg

3. Content obtained from the Internet.

To attach content obtained from the Internet, specify the absolute URL. This can be useful for, as examples, attaching an image from another domain or a web page.

Example:

http://www.willmaster.com/images/wmlogo_icon.gif

Attach a CSV file of submitted form fields.

Check the checkbox to attach a CSV file to the email containing the submitted form fields.

The CSV file will contain two records. The first record contains the form field names. The second line contains the information submitted with the respective fields.

Send as plain text or HTML email?

The email can be sent as plain text or as HTML.

The default is plain text. If the email is to be sent as HTML, then HTML markup may be used to format the content in the email.

That finishes the email form. To add more email forms, click the "[Click for another email form]" link.

[user manual]

[home]

User Manual

Create Table Setup

Index

General Information

File Uploads

Form Field Restrictions

Banned

Post-submission Email