About sending form-data to an email address

Why is sending form-data (via a typical html form) to an email address insecure, or less secure; and conversely, why is sending form-data online (to a database held on the host server) more secure?
Is this simply down to SSL, or is it more than this? Also, is it possible to send form-data to an email address securely?

 

The content of the forms is not encrypted and as such can be "seen" by anyone who is "listening" to transmissions from your webserver.

SSL can help solve this problem so long as your form is under the SSL, like:https://blah.com/form.asp

If you are sending to an address that you want to "Hide" so to speak, you can call the email from within the code (server side) and no one will be the wiser. However, if your form allows you to put in a sender address AND a reciever address, then unless you forum is SSL , it's contents can be "seen" as described above.

 

Many thanks - appologies for not replying before now.
How do you actually call an email address within the code server side? This would be good to know.
Is this code that you would put in the forms 'action field' specifying a script on the server, or is it (php/asp) code that you can put directly into the html form page - I'm still slightly confused here...

 

lets say your form posts to SendEmail.asp. The script in the SendEmail.asp can use any number of email components to actually send the e-mail. One of the variables required is an address to send to. This is simply a variable to which you can assign a value of your preferred email address. Since the script cannot be read directly from the internet, that is to say that I can't DOWNLOAD the page and actually see the CODE in the script, then that email (the variable) is completely transparent to everyone.

 

So it's a 'simple' matter of including scriptname.asp (server side) in the form's action field, and specifying the receiving email address in the script file itself (to keep the fact that the form data would be sent to an email address, annonymous).
Many thanks for helping me out...

 

So, like this:

form.htm

Code:

<form action="submit.thing" method="post">
<input type="text" name="from" />
<textarea name="body"></textarea>
</form>

submit.thing

Code:

From = POSTDATA["from"]
Body = POSTDATA["body"]
to = "mycoolemail@someplace.com"
sendemail(from, to, body)

That's by far the easiest way to do it. No need to faff around with SSL that way, especially if the data doesn't need to be encrypted.

 

Great - many thanks to all.

 

Mmmm - a few other things. This is going to seem really dense, but that's me...

For form.htm:
I take it that "submit.thing" is the path/file name for the script file? Don't know exactly what the syntax is?
Also what exactly would I substitute for '"from" />'?

For submit.thing:
What do I substitute for '["from"]', and for '["body"]'; and finally '(from, to, body)'?

regards.

 

okay i'm a noob teaching myself/learning php and this is what i used to hide the email address which the form was sent to.

this is part of the initial page which was shown when someone went to the comment page, after reading more i now realize i can do this on the same page without having it go to a second page and will probably redo this in the future

Code:

<form action="comment.php" method=POST>
Send message to:<br>
<input type=radio name="contact" value="0">Cathy<br />
<input type=radio name="contact" value="1">Webmaster<br />


Your email address:<br />
<input type="text" name="email"><br />
Comments / Questions:<br />
<input type="text" name="comment" style="width: 450px; height: 200px; overflow:auto" /><br />
<input type="submit" value="Send">
<input type="reset" value="Clear Fields"> 
</form>

this is the comment.php file i have on my server:

Code:

<?php
		$email = $_POST['email'];
		$comment = $_POST['comment'];
		$contact = $_POST['contact'];
		$email0 = "EMAIL ADDRESS TO SEND TO";
		$email1 = "ANOTHER EMAIL ADDRESS TO SEND TO";
?>
	<?php
		/* email selector */ 
		if($contact == 0) {
			$to = $email0;
			} else {
			$to = $email1;
			}

		/* subject */
		$subject = "comment / Contact form";

		/* message */
		$message = "
			<html>
			<head>
			<title>Comment / Contact form</title>
			</head>
			<body>
				Customer's email address:<BR />
				$email<br><br>
				Message from customer:<br>
				$comment<br>	
			</body>
			</html>
		";

		/* headers are required for html mail */
		$headers  = "MIME-Version: 1.0\r\n";
		$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
	
		mail($to, $subject, $message, $headers);
	?>
        /* confirmation is displayed on the page to viewer */
	Thank you!<br>
	The following information has been submitted:<br>
	<?php
		echo"Your Email address:<br>$email <br>";
		echo"Your Message:<br>$comment <br>";
	?>
	You should recieve a return message within the next 48 hours.

that will send an html email to one of the email addresses specified, i put a cool little check in there to send to one or the other email address, comments on this would be appreciated as i am always learning but i think this would do what you want you requested using php