N8n seems to have a pretty fine gui for configuring little pipelines, sort of alike node-red. If the author wanted to embellish & enhance what they have there's a variety of other connectors & processors they could easily snap into place. It's easy to glance at a pipeline and see what the general shape is. This high level world feels much more normative & clear than scratching together "simple" php scripts.
Ditto for sending data into nocodb. An Airtable spreadsheet/database like system, with a good gui, with form submissions being fed into a spreadsheet: it's again nicely high level. It integrates with other documents or reports, if you want. It's easy to access from the web. It's a very slick very user friendly solution that still brings a ton of power. Another huge win for a high level system.
I too had an initial WTF reaction, are you serious reaction. But it wasn't that hard to find some empathy when I tried. I didn't have to work that hard to appreciate what the post is going for, to envision what the actual usage/configuration looked like, and to see there is a pretty neat high level set of guis here that are used to program a very flexible small little pipeline. And I can see how each piece is extremely malleable by end users. That freedom to rework & reshape this system freely is really neat.
There may be good tailor made solutions that we can agree to dub as "simpler" for form handling, but the composability & flexibility of this end-user driven solution is super neat & super compelling to me. These tools are extremely generic & could be used for all manners of tasks, and that is enormously compelling, to good general systems that we can use to tackle all manners of tasks. This is a cool pick of tools to bring together.
And the authors thoughts about why are well spelt out. Not to mention that this seems infinitely more flexible than what some other people are recommending.
Like theirs an entire thread of people somehow acting like dumping forms to a mailto: handler that the client then has to send via a hopefully configured mail client is somehow a realistic and reliable option
Aside from having to have something to parse out the submission as the response isn’t that human readable, I think the biggest problem is that users need a mail client and requires them to hit send. This disorients people so even if they have a mail client, you end up with people not hitting submit.
There’s also the bigger issue your directly exposing an email address to web scrapers like it’s not the 90s using mailto forms is a shocking take as acceptable
This isn’t really a concern for me. I’ve had my gmail exposed to web scrapers for decades without making me regret it.
For this purpose though it’s a non-issue as I also have a contact email published on my site so people can email me. And I would create a separate mailbox just for the form.
I’m not sure why people are concerned about their email being scraped as it’s comical that any email address isn’t already on a million spam lists.
You can. It is actually relatively hard to do though unless you are extremely motivated.
Where you have to find a setting in mac / windows as well as configure your browser (chrome) for it, by using an obscure icon in the address bar etc.. and then you can have some apps fighting for you to change the setting. And then it depends on which browser profile is currently active. It is pretty messy to say the least
1. For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software.
2. It doesn't actually replace a USB drive. Most people I know e-mail files to themselves or host them somewhere online to be able to perform presentations, but they still carry a USB drive in case there are connectivity problems. This does not solve the connectivity issue.
3. It does not seem very "viral" or income-generating. I know this is premature at this point, but without charging users for the service, is it reasonable to expect to make money off of this?
I don't understand why people don't understand why making users do this weird shit (and yes, mailto: is weird although not as weird as SVN/CVS vs Dropbox) isn't going to work.
I would guess that mailto will be great for deliverability. Since the user has already emailed you before your emails are more likely to go through to them and not get filtered as spam or promotion.
I think if my mom was trying to submit a form, and it opened her email client with a body consisting of URL encoded data she’d probably just close the email client thinking that something went wrong. Then she’d try again and the same thing would happen again. Then she might call me, and I’d probably tell her to just forget about it and try to call them on the phone instead or give up and try another company instead.
The e-mail client decodes the URL encoded data. So you actually see plain text. The encoding is only done for the purpose of passing the data from the browser to the e-mail client.
I created a form with a dropdown and a some other inputs.
The result when using enctype=application/x-www-form-urlencoded and method=post in the form html is that the body that is shown in my email client is URL encoded.
They have a different enc type that you could use to specifically make it plain text. That one is not recommended because then you're gonna have a bad time parsing out the fields that were submitted from the form.
One variant that seemed interesting was method=get with enctype=application/x-www-form-urlencoded
In this case the values from the form get added as headers in the email so they are not directly visible to the user
I thought that I could still add user-visible subject and body by adding ?subject=foo&body=bar to the mailto: url
For example I could then have the subject say "Web form submission", and have the body of the mail contain a description that tells the user to send the email and that the data they filled into the form will be sent along with the email.
Even that is not great UX imo, but could still be interesting.
However from my testing with Brave web browser and Apple Mail, the subject and body are not filled in for the user in this case.
You see that in the "email" forms of for example most "contact" sites.
Like, for example, here on HN, in the right end of the site's footer (on desktop), by clicking "Contact" (but this isn't a form, just a "mailto:..." link).
Sadly the best way to use this stopped working years ago. I vaguely recall in some browsers (maybe IE6 or earlier?) it actually send the submission to email directly without opening the user's email program at all.
Having to send an email with the fields prepopulated feels rather archaic by comparison, and leaves me using form scripts as a rule now.
> An Impressum is a statement of ownership and authorship for online and print media. An Impressum helps combat spam and disinformation by holding creators responsible for their content. An Impressum is legally required for commercial sites operating in Germany, Austria, and Switzerland.
If I hit "submit" on a form and I saw it start to open a new Gmail tab in my browser, I'm going to close the new Gmail tab before it even has time to finish loading. (Or same if I saw it opening Mail.app.)
I'd just assume the site was trying to trigger some kind of spam e-mail or something.
The idea that I'd fill out a form on a site, then submitting it would open my mail program, and I'd then have to hit send there, and then close my mail tab/window (not to mention exposing my e-mail address to the site when maybe I wouldn't want to), is some of the worst UX I've ever heard of.
I have a Pavlovian annoyance response to noticing that I have inadvertently clicked a mailto link, because back in ~2005 firefox would try to start Evolution. I usually only noticed the click because of the sound of my spinning disk thrashing to try to lift into memory hundreds of MB of dependencies from their rust platter slumber. Evolution generally didn't even load enough to so much as show its splash screen before I found a terminal and killed the process tree.
I believe the last time I've sent an e-mail was in July 2017, when I was finishing my Master degree thesis, and I was glad I'd probably never have to do it again. Please don't ruin my dream?
that email from 2017 will still be in that sent folder, waiting for you, readable and accessible on all possible platforms and form factors, when all the latest owners of the slacks, teams, whatsapps and telegrams of the world ratshit onto their users into oblivion. Ask the ex-twitterati.
Genuinely curious: what is so bad about writing an email? Do you really prefer/expect that every interaction with someone online is better to be had via an app or automated form?
Easily yes. Especially when you interact with companies the email is just a shitty gateway to their actual CRM/Ticketing Software.
Ignoring the general shittyness of email itself being plaintext or bastardized html that's destroyed the moment someone replies -- Different reply and quoting styles, emails |||||||| of every previous email in the thread. A haphazard mix of fonts, font sizes depending on the client, obnoxious signatures on every message. No one understands threads where threads in chat are immediately groked.
Ignoring all that. Unsolicited communication mediums can go die in the hell from whence they came. All communication that allows someone to message me without asking, where new identities can be minted like candy so they're impossible to block permanently. Awful. My inbox is just for password resets and spam now. Same with SMS, it's the messaging of last resort.
Being able to close your DMs to just actual humans you want to talk to is goated. Email, SMS, and my mailbox are just junk drawers ever since the marketing people got ahold of them.
While a good rant is always appreciated, I don't see how forcing people to install an app or having an online form (which will very probably ask for your email anyway) is any better. And to avoid abuse, email masking services work quite well.
It's just funny that with Communick I have a whole Discourse site setup because I was anticipating people weary of giving out email addresses, but in the end the majority of my customers just prefer to solve issues by email.
One could dream of a world where XMPP is relevant and that most clients support its HTML submission capabilities, but this is also not the timeline we're in.
And for others who use the static hosts' free tiers for hobby projects, Cloudflare provides form submissions to your static pages, netliffy forms is quite generous too https://www.netlify.com/platform/core/forms/
That static form plugin sends submissions to Cloudflare KV Storage, I only recently started experimenting with Cloudflare offerings so haven't tried KV yet but does it get populated in the Cloudflare dashboard? If not, then that would be another thing to build.
And about Netlify. If you are getting more than 100 submissions/month on your hobby project, I think it might be time to consider some better serious solutions ;)
> that was secure and wouldn’t give me a headache, so number 3 was off as well.
Is having a backend controller that securely writes to a DB when a url is posted to that difficult in PHP, that this 'sane' way is preferred? Isn't it the most basic of CRUD setups?
I can understand doing this because n8n has a quick way to send emails (at least that's what I assume based on this article), but I really don't understand how this over engineered solution is supposed to be the sane way.
Many crud apps which separate the frontend and backend have form validation and sanitization on the frontend and backend (partly by virtue of converting raw input into escaped json strings), but IIRC isn’t as straightforward in php.
Im not sure what’s so hard about doing it in PHP. Can I not just get all the data from the GET/POST-Data-Assocarray, get the form fields I want, and put them into a prepared statement to save them to the DB? What’s the vulnerability here? Maybe add an CSRF Token for extra security and I think you’re done, or am I missing something?
You are not. Its same security any other stack would do.
This “PHP security is terrible” is mostly because people remember stories from 20 year ago (when none of the cool stacks didnt even exist) and things like Worpdress the most targeted cms/framework in the world.
I have suspicion that if Vercel/next powered 60% of web than its security reputation wouldnt be great either.
PHP is flawed but so are all the other stacks. PHP is old but that doesnt mean its not being updated or up to date. If anything its boring.
But probably not as fast as a "quick and loose" approach if you don't know Symfony yet, but extendible and secure (if you do know Symfony, it might be faster than the vanilla php approach, because you can avoid much of the "generic" code, the validators, the error handling, avoid SQL and XSS injection).
I write PHP forms for fun but there's a very valid point the default of this is extremely manual for every form you want to build. I really like the idea of at minimum using a database that creates tables and columns as needed for a form sent at it.
At the office we have less proficient users who want to make web forms, but self-hosting the data is important to us.
Why? If you need more than five forms, invent a small DSL that consumes something like a five column CSV (form element type, label, id, something, something) and craps out some PHP and SQL for you. Maybe make the layout boilerplate configurable through a bit of simple templating.
I mean one a db.. you’d want that regardless and the others the processor.. and ones the form… you’d need those 3 in some variety anyway and technically you could drop the db if you just want it dumped to email id imagine
This is literally a blog recommending to use n8n as your processor… that’s basically it lol he’s just adding ways that can be extended too like noco and metrics
Maybe the article should be titled "Self-hosting forms, the n8n way" then, because if I was working with a dev who did this I would definitely question their sanity.
But as an article about a cool way to utilize n8n, this is fair, and perhaps even elegant.
How does validation work with the approach that the author advocates for?
Is this something "n8n" does? I've gone to learn more about it, and it describes itself as an "AI-native
workflow automation" tool. What the f** is that meant to actually mean?
It seems like an extremely convoluted way to receive what will pretty much exclusively be automated spam submissions since I’m not seeing any protection methods mentioned.
Attacks on any form on the open web have gotten absurdly bad in recent years — hope the author is using something like Cloudflare + captcha.
For those that actually want a SaaS type tool for this and don’t want to use Jotform, which is utterly horrible, I recommend Fillout, which has been a joy to use and is seamlessly integrated with a bunch of services like AirTable and Dropbox and so on.
Even if you do want to eventually build your own it’s ridiculously fast as a prototyping tool, can pre-fetch data and use conditional logic and accept URL parameters and all that out of the box.
A fully self hosted solution that for me is good enough and more easy is a WordPress site with the plugin WPforms (free version). No third party services used.
Update: not sure if the WPforms free version supports file uploads as the OP needs.
This is imho wrong approach. Wordpress gives you extremely flexible possibilities but its hard to maintain. Like you really need to keep it updated or you will get hacked (every wp security hole gets hyper targeted). That means trust plugin authors they will keep up to date. WP is suited for smaller/mid businesses that keep it maintained but its not hands off.
Coding php/symfony form by hand (if you can do it) might be security through obscurity but realistically it will probably just work for a decade without issues or maintenance.
N8n seems to have a pretty fine gui for configuring little pipelines, sort of alike node-red. If the author wanted to embellish & enhance what they have there's a variety of other connectors & processors they could easily snap into place. It's easy to glance at a pipeline and see what the general shape is. This high level world feels much more normative & clear than scratching together "simple" php scripts.
Ditto for sending data into nocodb. An Airtable spreadsheet/database like system, with a good gui, with form submissions being fed into a spreadsheet: it's again nicely high level. It integrates with other documents or reports, if you want. It's easy to access from the web. It's a very slick very user friendly solution that still brings a ton of power. Another huge win for a high level system.
I too had an initial WTF reaction, are you serious reaction. But it wasn't that hard to find some empathy when I tried. I didn't have to work that hard to appreciate what the post is going for, to envision what the actual usage/configuration looked like, and to see there is a pretty neat high level set of guis here that are used to program a very flexible small little pipeline. And I can see how each piece is extremely malleable by end users. That freedom to rework & reshape this system freely is really neat.
There may be good tailor made solutions that we can agree to dub as "simpler" for form handling, but the composability & flexibility of this end-user driven solution is super neat & super compelling to me. These tools are extremely generic & could be used for all manners of tasks, and that is enormously compelling, to good general systems that we can use to tackle all manners of tasks. This is a cool pick of tools to bring together.