• This script uses a hand-rolled CGI parameter parsing routine which, while not as poorly written as that in some scripts, is still vunerable to exploitation - For a further discussion of this, see the excellent discussion piece use CGI or die; by Ovid.
• This script allows the email address of the receipient to be specified from a form field, allowing the script to be hijacked for the purposes of harassing email or unsolicited commercial email.
• This script relies upon the HTTP_REFERER environment variable to validate the submitting web site domain - This can be faked such that in combination with the point about, provide little security from hijacking of the script for maligned means.

Instead, I would recommend the FormMail script from the NMS Archive - This collection of scripts have been written with security and interoperability at the foremost of concerns and undergo a great deal of peer review.

perl -e 'print+unpack("N",pack("B32","00000000000000000000000111000100")),"\n"'

Ah, yes - I guess I should a little bit more research before replying :)

Although I probably would code this myself, I'm going to suggest using Form Mail (mainly because I've used it in the past).

Thanks for your replies! I particularly appreciated the points on security, which I would have definitely overlooked in rolling my own.

FormMail does look good, but I do need a script that can be configured to output to either email or data files or both. (I guess I could've made that more clear in my original question.)

Again, any thoughts?

Thanks,

David

What about making the modifications to FormMail that are needed to make it work according to your needs? If you run into any problems we'd be glad to help!