Against my recommendations to not do it, I have to set up a form that we can hand off to our affiliates and have them put on their site - I have no control over anything once it leaves me, I am hoping that the expertise in this community can give me an alternative approach to this issue. I need to code an unstyled form with the element controls which the affiliate (hopefully) will not change. The affiliate can then set the form up on their site, style it however they need to and submit it to a PHP script on my site that will A) submit it to our database and B)send some of the info to a third party. Is there something I can do with PHP - not an expert but I can usually figure it out.
The affiliates have varying levels of technical knowledge, most of it to the low end, and there is no common technology being used (we use PHP). Some potential issues
- Implementation if affiliates change (for whatever reason) the input ID's and or Names it won't submit into our database
- No Client Side validation supplied by me due to their skill level/programming language differences
- I cant control ANYTHING on the affiliate sites, I would guess this would leave our database vulnerable?
- mainly the user experience, if they submit a form that is invalid and our server side validation catches it, send them back to the affiliate page or to an error message on our site. Since the skill level/technology issue is there I can't expect the affiliates to set up a curl script and process the error message from the form submission script on their site, so I have to send them to an error page on our site. Then the affiliate would loose the lead.
These were the main issues I came up with, Im sure there are others. So I need to have something I can just hand off to the affiliates, they plug it into a page and have it work. Has anyone else had to do this before? Is there a better way to handle this? Possibly an iFrame? Ive never had much use for them due to cross domain security issues. I appreciate any advice and guidance you all can provide. I apologize if the question isn't thorough enough or viewed as well thought out. I will update it upon request. Thanks!
How about instead of giving the form code to your affiliates, you simply give them javascript--either the code itself or, perhaps even better, a minified javascript file--that will create the form on their site. That way, you could include client-side validation and dictate the layout of the form elements including the ids for the form fields? All the affiliates would need to do would be to add the javascript in the desired location. You could give them some alternatives regarding the javascript; e.g., one for a form to display, one for a pop-up dialog, etc. I don't think this would cause you a cross-site scripting issue if the form's action were your PHP script on your site. Minifying the script would reduce the risk of the affiliates "fixing" it. You could even give them a separate CSS file to style the elements in the form if needed, but that would add complexity for them.