Form Handling CGI script - forms.cgi

This document describes how you can use our forms handling scripts to handle your form data. It features We describe how you can design your forms, give you some real examples you can copy and enhance. If you are a FrontPage user, dont worry about the technical details of HTML in this document, you can use the FrontPage editor's user interface to hide all the html; and we give a detailed step-by-step example.

The forms handler script is called forms.cgi and can be invoked from your form using an html <FORM> tag and setting action="". mey be changed depending on which server you are on, this will be discussed later. For secure forms you can post to If you are a FrontPage user, you can set your form properties to post to a cgi script and type in the name of this script, more on that later.


Lets start with an example
This form lets you enter your name, and email address, and posts it to the forms.cgi script. This form is configured to send the message "Thank you for using forms.cgi" to the email address you enter. This is just a simple demonstration of using forms.cgi to mailback form results.
Name: Email address:

The HTML code for the above example is as follows <form action="" method="POST"> Name: <input name=myname> Email address: <input name=F_to> <input type=hidden name=msg value="Thank you for using forms.cgi"> <input type=hidden name=yourname value="Your name is"> <input type=hidden name=F_fields value="yourname+myname,msg"> <input type=hidden name=F_subject value="forms.cgi test"> <input type=hidden name=F_from value=" (Form Test - Do not reply)"> <input type=submit value="Send"> </form> Lets discuss each component of the form so you understand it better


ACTION specifies the CGI script your form is posted to. Depending on which server you are on, and whether you want to post the form data securely, the URL can change.
ServerURLSecure URL
It is important you use the script for the server you are on - it will not work otherwise.


The method will always be POST; this is just the world wide web standard for cgi scripting.


This is a user defined field, it is later listed in F_fields to put it into the message thats mailed to you. You should probably list all user defined fields in the F_fields variable.


When you want the form results to be e-mailed, you need to specify system variables F_to, F_from, and F_subject. In this form we let the user type in the F_to variable. Note: all system variables begin with an uppercase F and underscore "F_"; and have special meanings.


Hidden variables are useful to pass user information and system information to the forms.cgi script. There are many system variables that control the forms.cgi script (see the reference section). These are typically passed into the script as hidden variables. You can also pass in user defined hidden variables to be included in your form results.


This is a user defined hidden variable and will be placed in the body of the email. It is listed in F_fields.


This is a user defined hidden variable and will be placed in the body of the email. It is listed in F_fields.


This system variable specifies which variables are to be included in the body of the message. The format of F_fields determines how your message will appear, a "+" is replaced with a space, and a "," is replaced by a new-line. You should always specify a F_fields hidden variable.


This is a system variable for email - specifies the subject line used in the message.


This is a system variable for email - specifies the sender of the message.


Each form must have a submit button, the value will be shown on the button.

FrontPage Forms

If you are a FrontPage user, you can design your forms using the FrontPage editor. As an example we will duplicate creating the above form using FrontPage. We will show you step-by-step what to do to achieve the same results as the above html.

Click HERE for the FrontPage step-by-step, which includes all the screen shots. The page has a lot of screen shots and may take some time to load, be patient.

Click HERE for the "light" version where you can click-thru to each graphic (loads much faster).

Mail Back Forms

The most common use for forms.cgi is to mail the users' input to the webmaster. The mailback example above illustrates its use. As a minimum you should specify a F_to variable. We also recommend setting F_from, F_subject, and F_fields.


FEEDBACK FORM <form action="" method="post"> <input type=hidden name=F_to value=""> <input type=hidden name=F_subject value="Feedback"> Name: <input name=name><br> Email address: <input name=F_from><br> Message: <textarea name="message" ROWS="13" COLS="75"></textarea><br> <input type=hidden name=F_fields value="name,F_from,message"> <input type=hidden name=F_required value="name,F_from,message"> <input type=submit value="Send comments to the Web Master"> </form> FEEDBACK FORM
Email address:

Secure Forms

A popular use of secure forms is for online order forms. Security is needed to make sure sensitive information (like credit card numbers and bank account info) cant be intercepted by third parties.

To set up a secure form, you need to

Access the form using a secure URL

Your web site is normally accessed using and is considered (by industry experts) to be non-secure. A third party with the proper equipment can tap the transit routers and capture the data as it goes across the internet and steal your information. Think of the analogy of someone tapping your phone line or listening in on your cellular phone call.

Your web site can also be accessed using a secure URL using the https protocol, example: When you use https, the information across the internet is encrypted and is nearly impossible for someone capturing the data to decrypt. Your secure URL will depend on which server your web site was assigned to and you can find it on your "welcome" message you received when we opened your account.

Currently the following are the shared secure server URLs:
ServerSecure URL
If you dont know your server - try them all and see which one works.

When you have a form on your web site, you can link to it using the secure URL to the form instead of the regular URL, that will give the users of your form the feeling of security. Example, suppose your form is at and you are on web01, then the secure URL is

Translating a normal URL to a secure URL is key to making portions of your web site secure. We illustrate with 2 examples, one on web01 and one on web04:

Note: FrontPage users, you cannot use any web-bots on your secure forms (example: hit counters), they will not work when you access it using the shared secure server. Design your secure forms without web-bots.

Specify a secure URL for the form ACTION

For the ACTION="URL" field in the <FORM> tag, specify the secure URL of the forms.cgi script. The following table shows the URL to use
ServerSecure URL for form ACTION

Encrypt sensitive fields

For best protection, you can tell forms.cgi to encrypt some fields. If someone intercepts your e-mail, or somehow gets your logfile they would have a very difficult time to decrypt your message. We highly recommend encrypting credit card numbers.

Note: To use encryption you must obtain an encryption key first. Click HERE to get an encryption key.

To encrypt, add "_encrypted" to the variable you want to encrypt in the F_fields list; the encrypted version of the variables will be sent instead of the normal versions. You will also need to add system variable F_key, which is your encryption key as obtained above. You can use your encryption key on your forms, even tell other people, however DO NOT TELL ANYONE YOUR SECRET PASS PHRASE. You will use your secret pass phrase to decrypt your messages.


<INPUT NAME=cc_number> <INPUT TYPE=HIDDEN NAME=F_fields VALUE="cc_number_encrypted"> <INPUT TYPE=HIDDEN NAME=F_key VALUE="nNxgFpguL0A">

When you receive the form results (by email for example), you will notice the cc_number field is encrypted. You need to use the form at to decrypt the credit card number. Note: it is very difficult for someone to guess your decryption phrase, even if they know your encryption key. We recommend bookmarking the decryption page.

Working Example:
This example form lets you enter a credit card number (you dont have to enter a real one) and demonstrates encrypting it. It will email you the encrypted number. When you receive the email, use the Decryption Form to decrypt the number. You can use your own encryption key, or for this demo you can use encrytion key="nNxgFpguL0A" decryption phrase="Mary had a little lamb.".
Credit Card Number: Email address:
Encryption Key: (normally this is hidden)

Example: skip to the section on Secure Order Forms for a real example

OK and Error Pages

After the user submits the form and forms.cgi processes it, it displays a simple page "Your form has been processed, thank you". This is probably not adequate for most applications so forms.cgi allows you to specify your own URL for the thank-you page. Set the URL in the system variable F_ok_url, example: <INPUT TYPE=HIDDEN NAME=F_ok_url VALUE="">

Sometimes an error is detected in forms.cgi; a required field is missing, a email address is not valid, etc... We display the error message and instruct the user to go BACK and correct it and re-submit. You can override this behaviour by specifying your own F_error_url, example:

<INPUT TYPE=HIDDEN NAME=F_error_url VALUE=""> Note: If you specify a cgi script for F_error_url, we will pass the form variable error_message to it. It will contain the error message(s).

Working Example: This example shows F_ok_url and F_error_url being used.

Confirmation Page

A confirmation page is optionally displayed to the users browser after their input has been accepted. If you set the confirmation page variable F_display, then it overrides the F_ok_url and the default thank you message. You have better control over the confirmation page display, and you can include the users input on the page.

Set F_display to the title of the confirmation page. The confirmation page contents will be the same as whats produced by F_fields. You can override F_fields using F_display_fields. If you want to be fancy, you can include HTML tags in F_display_fields to customize the output.


<input type=hidden name=F_display value="Thank you for your input"> <input type=hidden name=F_display_fields value="'Dear <B>'+name+'</B>','Your message dated'+F_date,'has been sent to our webmaster. We will respond as soon as possible.'"> Several other working examples on this page demostrate the use of confirmation pages.

Validating Credit Card Numbers

forms.cgi can validate credit card numbers using an industry standard checksum. Simply set the system variable F_validate_cc to your credit card number variable name. forms.cgi will check the credit card number and detect errors.
Example: <INPUT TYPE=HIDDEN NAME=F_validate_cc VALUE="cc_number"> Working Example: <form action="" method="POST"> Credit Card Number: <input name=credit_card size=20> <input type=hidden name=F_display value="Credit Card Test"> <input type=hidden name=F_validate_cc value="credit_card"> <input type=hidden name=F_fields value="credit_card+'is a good number'"> <input type=submit> </form>
Credit Card Number:
The check will catch most mistyped and randomly typed numbers. Give it a try.

Required fields

forms.cgi can detect missing required fields, simply set the system variable F_required to the list of required fields. If any of the fields are blank then an error message is issued.


<INPUT TYPE=HIDDEN NAME=F_required VALUE="name,address,phone_number"> Working Example: (you must fill in all the fields)
Phone Number:


forms.cgi normally generates an e-mail message. However it can be modified to also generate a log file. In order to generate a logfile you will need to upload your own cgi script to define the name of the log file and the fields that will be recorded. Here is the format of your script #!/usr/bin/perl $logfile='your log file name'; $logfilefields='your log file fields'; require('/usr/local/apache/cgi-bin/forms.cgi'); Example #!/usr/bin/perl $logfile='orders.txt'; $logfilefields='F_date,name,address,city,state,zip,amount'; require('/usr/local/apache/cgi-bin/forms.cgi'); And you need to POST to your own script. You will be able to post your form to either the secure or regular URLs. For example, if you upload the script named orders.cgi into the cgi-bin directory of your account on web01, you can post to <FORM ACTION="" METHOD=POST> or for secure posting <FORM ACTION="" METHOD=POST>

By specifying the variables $logfile and $logfilefields, the script will append the form results to a logfile. You can later download the file and use it for whatever purposes, order tracking, import to database, etc... Set $logfile to the name of the file, it will be put into your home directory; if you are a FrontPage user, the file will be put into your _private directory.

Set $logfilefields to a list of fields to log, you can include special fields (ones beginning with F_), and also you can include encrypted fields (ending with _encrypted). In the above example you may end up with a logfile that looks like this:

"Sun Jul 19 13:24:57 1998","Trisha Ashby","555 Oak Blvd.","Los Angeles","CA","90213","13.95" "Sun Aug 2 19:56:18 1998","Peter Miles","294 State Ave., Apt. 2","New York","NY","10002","75.00" "Tue Aug 18 22:57:35 1998","Joe Sekera","1234 Main St.","Montclair","CA","95332","20.00"

It is safe to encrypt secret fields into your logfile, if someone manages to steal your logfile, they cannot get the secret fields. to decrypt your logfile, download it to your system, and use the decryption page's "UPLOAD" feature to decrypt an entire file all at once.

Note: we assume you already know how to upload scripts into your cgi-bin directory.

Special F_fields Variables

Add these special variables to your F_fields list if you want them in your message.


The time and date is placed in this variable


The URL of the form


The IP address of the user submitting the form


The hostname of the user submitting the form, if available

Testing your form

Instead of forms.cgi, use forms-test.cgi as your <form> action and you can test your form. The test scrript will display all your input, any errors detected, and give you a summary of actions it would have taken. We recommend using forms-test.cgi until everything is OK, then you can change the action to forms.cgi and go live. In case you haven't noticed yet, the working example in the "Mail Back Forms" topic above posts to forms-test.cgi; try it.


<form action="" method="POST"> Tip: if you uploaded your own script (see the discussion of logfile), just name your script forms-test.cgi if you want a test version.

Order Form Features

forms.cgi has special features to handle order forms with multiple lines of items. It can calculate line totals, subtotals, tax, and order total. (It cannot calculate shipping costs, so you would have to make a flat rate estimate).

On your order form line items, you need to send the fields QTY* and PRICE*, where * is a number. For example if you have 3 items, you can set PRICE1, PRICE2, and PRICE3. The corresponding QTY1, QTY2, and QTY3 would be the quantity ordered, and is generally a user entry field on the order form. You can define additional line fields, such as CATALOG_NUMBER*, DESC*, etc... which represent the item on the line.

When an order form is submitted, forms.cgi will calculate line totals (QTY* times PRICE*), and order subtotal (total of all the line totals). If the special variables F_taxrate is set, then we also calculate the tax (order subtotal times taxrate). Another special variable F_totalsum gives a list of fields to sum for the final order total. All of the calculated values (line totals, subtotals, tax, order total) are available to be used in your email, confirmation, or logfile using special variable names.

Here is an example of a simple order form for a hardware store. We explain how each form component works. You can try it out and send yourself some test orders. We also show you how you can make the form secure.

For demo purposes, enter your email address:
For demo purposes, the credit card number "49927398716" will pass the validation check.

ACME Hardware Shop Order Form

Quantity Catalog Number Description Price Each
06-1130 3 lb. Ball Peen Hammer 12.50
09-8756 12" Hacksaw, w. starter blade 24.95
13-8722 4 piece Philips Screwdriver Kit 4.33
06-2220 3/8 inch Crescent Wrench 9.99

Sales Tax:  CA resident (8.25%)        AZ resident (6%)     Other  (no sales tax)

Shipping:   UPS Ground ($10)     UPS Blue ($15)     Fed-Ex ($30)

Credit Card Number Expires /

Ship To

City, State Zip  

<form method="POST" action=""> <input type="hidden" name="CATN1" value="06-1130"> <input type="hidden" name="CATN2" value="09-8756"> <input type="hidden" name="CATN3" value="13-8722"> <input type="hidden" name="CATN4" value="06-2220"> <input type="hidden" name="ITEM1" value="3 lb Ball Peen Hammer"> <input type="hidden" name="ITEM2" value="12 inch Hacksaw, w. Starter Blade"> <input type="hidden" name="ITEM3" value="4 Piece Philips Scredriver Kit"> <input type="hidden" name="ITEM4" value="3/8 inch crescent wrench"> <input type="hidden" name="PRICE1" value="12.50"> <input type="hidden" name="PRICE2" value="24.95"> <input type="hidden" name="PRICE3" value="4.33"> <input type="hidden" name="PRICE4" value="9.99"> For demo purposes, enter your email address: <input name="F_to"><br> For demo purposes, the credit card number "49927398716" will pass the validation check.<br> <input type="hidden" name="F_from" value=" (Forms.cgi test)"> <input type="hidden" name="F_subject" value="ACME Hardware Store Order"> <input type="hidden" name="F_totalsum" value="F_subtotal,F_tax,Shipping"> <input type="hidden" name="F_orderline" value="QTY*,CATN*,PRICE*,F_linetotal,ITEM*"> <input type="hidden" name="F_fields" value="F_date,F_ip_address,F_host,'Phone:'+phone,,'Ship to:',name,address1,address2,,F_orderline*,'Subtotal'+F_subtotal,'Tax'+F_tax,'Shipping'+Shipping,'Order Total'+F_total,,credit_card_number_encrypted+'Expires'+exp1+'/'+exp2"> <input type="hidden" name="F_key" value="nNxgFpguL0A"> <input type="hidden" name="F_cc_validate" value="credit_card_number"> <input type="hidden" name="thanks" value="Thank you for your order, you will receive phone confirmation from our shipping department shortly."> <input type="hidden" name="F_display" value="Order Received"> <input type="hidden" name="F_display_fields" value="'We received the following order on'+F_date,,'Ship to:',name,address1,address2,,'<listing>'+F_orderline*+'</listing>',,'Subtotal'+F_subtotal,'Tax'+F_tax,'Shipping'+Shipping,'Order Total'+F_total,'Phone Number'+phone,,thanks"> <input type="hidden" name="F_required" value="name,address1,address2,phone,credit_card_number"> <center><p><strong>ACME Hardware Shop Order Form</strong></p></center> <table border="1" width="100%"> <tr> <th width="13%">Quantity</th> <th width="47%">Catalog Number</th> <th width="57%">Description</th> <th width="45%">Price Each</th> </tr> <tr> <td width="13%"><input type="text" name="QTY1" size="9" value="0"></td> <td width="47%">06-1130</td> <td width="57%">3 lb. Ball Peen Hammer</td> <td width="45%">12.50</td> </tr> <tr> <td width="13%"><input type="text" name="QTY2" size="9" value="0"></td> <td width="47%">09-8756</td> <td width="57%">12" Hacksaw, w. starter blade</td> <td width="45%">24.95</td> </tr> <tr> <td width="13%"><input type="text" name="QTY3" size="9" value="0"></td> <td width="47%">13-8722</td> <td width="57%">4 piece Philips Screwdriver Kit</td> <td width="45%">4.33</td> </tr> <tr> <td width="13%"><input type="text" name="QTY4" size="9" value="0"></td> <td width="47%">06-2220</td> <td width="57%">3/8 inch Crescent Wrench</td> <td width="45%">9.99</td> </tr> </table> <p>Sales Tax:  <input type="radio" value="8.25" name="F_taxrate">CA resident (8.25%)        <input type="radio" name="F_taxrate" value="6">AZ resident (6%)     <input type="radio" name="F_taxrate" value="0" checked>Other  (no sales tax)</p> <p>Shipping:   <input type="radio" name="Shipping" value="10.00" checked>UPS Ground ($10)     <input type="radio" name="Shipping" value="15.00">UPS Blue ($15)     <input type="radio" name="Shipping" value="30.00">Fed-Ex ($30)</p> <p>Credit Card Number <input type="text" name="credit_card_number" size="20"> Expires <select name="exp1" size="1"> <option value="01">01</option> <option value="02">02</option> <option value="03">03</option> <option value="04">04</option> <option value="05">05</option> <option value="06">06</option> <option value="07">07</option> <option value="08">08</option> <option value="09">09</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> </select>/<select name="exp2" size="1"> <option value="98">98</option> <option value="99">99</option> <option value="00">00</option> <option value="01">01</option> <option value="02">02</option> <option value="03">03</option> <option value="04">04</option> </select></p> <p>Ship To</p> <table border="1" width="454"> <tr> <td align="right" width="162">Name   </td> <td width="288"><input type="text" name="name" size="30"></td> </tr> <tr> <td align="right" width="162">Address   </td> <td width="288"><input type="text" name="address1" size="30"></td> </tr> <tr> <td align="right" width="162">City, State Zip   </td> <td width="288"><input type="text" name="address2" size="30"></td> </tr> <tr> <td align="right" width="162">Phone   </td> <td width="288"><input type="text" name="phone" size="30"></td> </tr> </table> <p><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"></p> </form> Lets discuss the various fields and their meanings

QTY1, QTY2, QTY3, and QTY4

These fields are for user input for # of items ordered. The name must be QTYnnn where nnn is a number.


These hidden fields are the corresponding single unit prices for each line item. The name must be PRICEnnn where nnn is a number corresponding to QTYnnn.

CATN1-4, ITEM1-4

These are additional descriptions for each line item. They are referenced in the variable F_orderline which is used to format the orderline output. You can have more of these XXXnnn variables depending on what your order processing department needs.

F_to, F_from, F_subject

Email fields. This sends the order to the order processing department.


This radio button set inputs the tax rate to the script. The number is in percent. The special variable F_taxrate is used to calculate F_tax using the formula F_subtotal * F_taxrate / 100.


This radio button set inputs the shipping charges. The variable Shipping is used later in F_totalsum to determine the order total.


This is a calculated number, it is all the line totals combined.


This special system variable holds the line total for each line whose quantity is non-zero. It is used in F_orderline for formatting the line output. This is a calculated number and has no meaning outside of F_orderline.


This is the calculated tax based on F_taxrate.


A list of variables to add together to arrive at the order total. F_subtotal and F_tax are calculated. Shipping is a user input. The calculated value can be printed using the variable F_total.


This gives the format of the order line used in the output (F_orderline* in F_fields). Each of the '*' variables are replaced by their corresponding line item values. F_linetotal is a special variable representing the line total.


The format of the body of the message. The special features we use here are F_orderline*, which represents each order line (see F_orderline for its format). Note also the calculated values for F_subtotal, F_tax, and F_total are printed. The credit card number is encrypted.


The key used for encrytion. The key here corresponds to a decryption phrase "Mary had a little lamb.". When you receive the email order you can use the decryption page to decode the credit card number.


We validate the credit card number before processing.


Just a literal used later in F_display_fields.

F_display and F_display_fields

The confirmation page title and format. Note use of F_orderline* surrounded by <listing></listing> so we can get a better format confirmation page.


We require the user enter all those fields

exp1 and exp2

Fancy input to collect the credit card expiration date.


The form action posts to the secure URL. This is because we want to protect the credit card information.

Secure Order Form

We've taken a copy of the above order form and uploaded it to the website. is on web02. We modified the form slightly Otherwise the form is identical.

Note you can invoke the form secure by translating the normal URL to Since you are in charge of the links on your web site, make sure you use the secure link. Thats all there is to converting a normal order form to a secure order form.

FrontPage design of Secure Order Form

Our final FrontPage example gives step-by-step instructions to design the secure order form shown above.

Go HERE for the page with all the graphics. The page has a lot of screen shots and may take some time to load, be patient.

Go HERE for the "light" version where you can click-thru to each graphic (loads much faster).


This section lists all system variables, (those that begin with F_). When naming your own variables, dont name any beginning with "F_". We may add new system variables from time to time, they will always begin with F_.


Specifies the Cc recipient(s) of the email message. See also F_to.


Specify this variable in your F_fields list to get a time/date stamp. Example <INPUT TYPE=HIDDEN NAME=F_fields VALUE="F_date,F_ip_address,F_referer"> will place the time/date, ip_address, and refering URL into your message, such as: Mon Aug 10 22:41:54 PDT 1998


Will display a web page with this title after processing the form. The body of the page is determined by F_display_fields or F_fields. You can use this to display a confirmation to the user that you received their input.


This form sends email and then displays a confirmation.

Please send me a catalog
City: State: Zip:
<form action="" method=post> Please send me a catalog<br> Name: <input name=name><br> Address: <input name=address><br> City:<input name=city> State:<input name=state size=2> Zip:<input name=zip size=5><br> <input type=hidden name=F_to value=""> <input type=hidden name=F_from value=" (Web Form)"> <input type=hidden name=F_subject value="Send a catalog"> <input type=hidden name=F_fields value="'Please send a catalog to',name,address,city+','+state+zip"> <input type=hidden name=F_display value="Confirmation"> <input type=hidden name=F_display_fields value="'Thank you, a catalog will be mailed shortly to<B>',name,address,city+','+state+zip+'</B>'"> <input type=submit value="Send"> </form>


The is the URL which will be redirected to if the forms.cgi script detects an error. If you dont specify one then we simply display the error message. You can specify an html file or a cgi script. If you specify a CGI script, you can process the form variable error_message which we will pass to you.


<INPUT TYPE=HIDDEN NAME=F_error_url VALUE=""> <INPUT TYPE=HIDDEN NAME=F_error_url VALUE=""> Note: in the cgi example, if the error was "Credit Card Number Invalid", then your cgi script will be invoked as, which sends the variable error_message into your script with the value "Credit Card Number Invalid".


This system variable specifies which variables are to be included in the body of the message. All user defined fields should probably be put here. If you dont specify F_fields, then all user variables will be placed in the message, in alphabetical order.

Besides user variables, you can include any system variable in the list as well, expecially F_date, F_ip_address, and F_referer, and F_host. Example

<input type=hidden name=F_fields value="name,address,phonenumber,amount,cc_number_encrypted,expires,F_date"> F_fields can also define the format of your message and include literal strings. Any number of these components can be included in the F_fields list: Components are joined with either a '+' or a ','.


Specifies the from address of the email that is sent. To send email you should specify F_from, F_to, and F_subject, and optionally F_cc. Example <input type=hidden name=F_to value=""> <input type=hidden name=F_subject value="ORDER"> Email address: <input name=F_from>


Specify this variable in your F_fields list to get the Hostname of the user (if possible). Hostname is an attempt to resolve the user's IP address, sometimes it fails because the user's ISP has not configured reverse DNS. See also F_ip_address.


Specify this variable in your F_fields list to get the IP Address of the user. IP address may be used as a clue to which ISP they are using to connect to the internet. For an example see F_date above.

F_key and *_encrypted

F_key specifies an encryption key to use for encrypting fields. Fields to be encrypted are named in the F_fields list with a _encrypted suffix. Use to get a key to use. Use to decrypt your messages. Example: <INPUT NAME=cc_number> <INPUT TYPE=HIDDEN NAME=F_fields VALUE="cc_number_encrypted"> <INPUT TYPE=HIDDEN NAME=F_key VALUE="3d7hVX3g">


It holds the current line total (QTY * PRICE), and is only useful in the F_orderline format. See Order Forms for details.


$logfile can be set to the name of a file to log all results to. You can only set this variable if you upload your own cgi script. See the discussion on Log Files for an example.

The logfile will be either placed in your home directory or in the web directory _private if it exists (Note: FrontPage automatically creates the _private directory). To retrieve the contents of the logfile, you can ftp it from your home directory, make sure you set TEXT or ASCII mode to transfer the file. If it is placed in your _private web directory, you can get it with your browser at You will need to enter your FrontPage userid and password.

Note: non-FrontPage users can also use the _private mechanism, simply create the web directory _private and add appropriate protections with .htaccess.

The variable $logfilefields can be used to specify the format for the logfile body.


List the variables you want logged. The overall format of the logfile entries is comma separated values enclosed in quotes (commonly known as CSV). The logfiles are suitable for importing into spreadsheet and database programs.


$logfilefields = 'name,email,F_date';


Set this variable to 1 is you want variables to be preceded by their names.


<input type=hidden name=F_fields value="name,address,phone">

Normally we dont display names, the body looks like this

Joe Smith 1234 Main St. 555-1212 However if we set F_names: <input type=hidden name=F_names value="1"> <input type=hidden name=F_fields value="name,address,phone">

the body looks like this

name: Joe Smith address: 1234 Main St. phone: 555-1212


This is the URL the users browser is redirected to after successful processing of the form. Example <INPUT TYPE=HIDDEN NAME=F_ok_url VALUE="">

F_orderline and F_orderline*

F_orderline gives the format of the F_orderline* variable used in F_fields. It determines the print format of each line item (whose QTY is nonzero). End variable names with '*' to indicate it is variable per item.

When you use F_orderline* in F_fields, it places the entire block of formatted order lines into the output. You can also use F_orderline* in F_display_fields.


These special names are used for order form processing. See the section on Order Forms for details.


Specify this variable in your F_fields list to get the URL of the form which posted to the script. Note: some browsers do not send referer correctly. For an example see F_date above.


You can specify a list of variables which must have a value. For example if your form requires name, address, and phone number to have an input use <INPUT TYPE=HIDDEN NAME=F_required VALUE="name,address,phone_number"> Suppose the user didnt enter any address, then the forms.cgi will invoke F_error_url with the message "Missing required input: address".


Specifies the Subject: of the email message. See F_from for an example.


This is a calcluated amount, and is the sum of all the line totals. For example QTY1*PRICE1 + QTY2*PRICE2 + ... See Order Forms for details.

F_taxrate and F_tax

If F_taxrate is set, will cause the value of F_tax to be calculated as F_tax = F_taxrate * F_subtotal * 100. (The multiply by 100 is there because the rate is a percentage). The astute programmer will notice that seting this to a negative number will give a discount. See Order Forms for details.


Specifies the recipient(s) of the email message. See F_from for an example.

F_totalsum and F_total

F_totalsum is a list of variables which are added together to calculate F_total. See Order Forms for details.


<input type="hidden" name="F_totalsum" value="F_subtotal,F_tax,Shipping">


Specifies the variable name of a credit card number which will be checked for validity. Note: this only does a industry standard checksum, it does NOT use the banking network to check funds. It is at most useful for guarding against mis-typed numbers. Example: Credit Card Number: <INPUT NAME=cc_number> Expires: <INPUT NAME=expires> <INPUT TYPE=HIDDEN NAME=F_validate_cc VALUE="cc_number"> <INPUT TYPE=HIDDEN NAME=F_required VALUE="cc_number,expires"> <INPUT TYPE=HIDDEN NAME=F_fields VALUE="cc_number_encrypted,expires"> <INPUT TYPE=HIDDEN NAME=F_key VALUE="hjU8E6x">