bugsmi0

I've used the NMS version of formmail.pl (cgi) in the past with VERY good results and it is a very good script. However, the formmail.php (boaddrink) is, in my opinion, just as "Secure" as any: And a Heck of a lot easier to set up.

Keep in mind: NO SERVER SIDE SCRIPT IS 100% SECURE!!

The same safety practices should be used no matter which scripting language you decide to use. There no substitute for good form validation. Again, in my opinion, form validation WITHOUT JAVASCRIPT is much easier using PHP.

Where to put you formmail.php script is entirely up to you. I'd suggest a sub-directory of root and RENAME the script. All you have to do is make sure your form's "action" can "Find" formmail.php.

so far I've found the formmail.pl version to be more simpler to use and setup

example,

if anything is not set up according to formmail.php instructions there will be an error msg when you try to send the form

where as the .pl verrsion it doesn't require any special instructions

ie only a receipent: eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%79%40%65%6d%61%69%6c%2e%63%6f%6d%22%3e%6d%79%40%65%6d%61%69%6c%2e%63%6f%6d%3c%2f%61%3e%27%29%3b'))

the .php version requires you to use only the first part before the @

its just more trouble than its worth if you want a custom form.

when i tried to use a JS validator it was always in conflict with formmail.php's setup instructions a pain in the ass

I went back to using the .pl version, it just works with no conflicts.