Best way to include my SaaS form on 3rd party sites?

Posted on 2013-05-19
Last Modified: 2013-05-20
I have a SaaS app I've been working on (forever) and am looking for a 'best practice' to include a form on my users sites. The forms are slightly different (they allow someone to subscribe to their own email list etc)

I've considered having the site owners simply pull it into an iframe - may be the easiest but not particularly pretty. I have a modal issue then with the form and its kind of kludgy

Another idea is simply give them the code to stick in. But its much harder to make any changes or update at all if I need to.

The idea I'm leaning toward is since the sites all run php, perhaps I could have them include a file on their site which executes a cURL request and pulls in the form from my site. ie:

They put the require where they want the form to appear:
<?php require_once("getform.php"); ?>

getform.php looks like:

	function get_data($url) {
	$ch = curl_init();
	$timeout = 5;
	$data = curl_exec($ch);
	return $data;

$form = get_data('');
echo $form;

Open in new window

It seems to work not bad, returns the form based on the user variable so it pertains to the correct list. And still resides on my site. The form submits via jsonp so it is very seamless and works cross domain.

So... is using a cURL request a good way to go as long as the servers have php? Any gotcha's waiting to destroy me publicly? I'm not particularly experienced so any issues or improvements in my cURL request sticking out?
Question by:tjyoung
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 110

Expert Comment

by:Ray Paseur
ID: 39181075
I think the way Google Analytics does this sort of thing is via JavaScript.  Pretty sure that FB does it that way, too.  They make AJAX requests to load forms (and other things) into the appropriate DIVs of the document.

You might put some thought into client authentication.  Example:  Let's say I am user #123456, but I'm curious about what user #123457 is doing.  It would appear easy for me to manipulate this code and sample other users' information.  You may or may not want to allow that.
LVL 34

Accepted Solution

Slick812 earned 400 total points
ID: 39182074
greetings  tjyoung,  You seem to be on the right tract, if you need to have information (data, html display)  on several other PHP sites that are not your domain name, However there may be some things you might consider for this.
You say = "But its much harder to make any changes or update at all if I need to"
I guess you mean that you could update or change the -
form.php script, to do different or updated things. And yes, this would allow you to distribute the getform.php to many other PHP site developers to get your display on their page.

Some of my thoughts (opinions) are -
You really should have an authentication with any "User" info requested, such as -
$form = get_data('');
where the "acb4d2ef3cf10dacca4defa8f1d6bc01" is a Unique value that you generate and store, so that if  user=123456  data is requested, the correct access (authentication) string must exactly match your stored aut string.

You may not need the cURL , I think that the cURL is for more complicated URL like a POST, Also I would think that this would do your data fetch -
$form = file_get_contents('');
if ((strlen($form) < 5) || ($form == 'ERROR') {
    echo '<h2>ERROR for Form setup</h2>';
    } else echo $form;

Also you may should check the return string "$form" for a correct beginning like get a sub-string and check for "<form", because, if it returns a "404, page not here" status error, then you should not echo out the $form.
- - - - - - - - -
You may want to allow some customization, such as colour -
<?php $uZ765v_colour = "light blue"; // Use Special Prefix Variables to avoid overwrite of site's variables
require_once("getform.php"); ?>

in the getform, maybe -
if (isset($uZ765v_colour)) {
    $form = file_get_contents(''.$uZ765v_colour);
    } else
    $form = file_get_contents('');

But thinking about this is not the same as getting results from using it, testing and trying to do common errors like programmers mis typing or or mis placement of your code in their code, like putting your -
<?php require_once("getform.php"); ?>
at the beginning of there PHP code before the  session_start();   or other things.

I hope I have  given u some that will help, but there may be other factors, depending on the developers using your -
<?php require_once("getform.php"); ?>

Author Comment

ID: 39182572
Hi, yes the user id is actually a much longer/random string. I just used 123456 as example. Its actually 12 random characters including alpha and numerical.
Never thought of file_get_contents.

Trying it and tried creating an error. That works but I noticed I get the warning php error as well as whatever I want to send back as an error message. Can I suppress this or is this something that is happening on that server's end and I can't suppress?

Warning: file_get_contents( [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/biggest/public_html/test/index.php on line 19
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 39182698
You can suppress any PHP error message by prepending the @ to the function call.

if (!$str = @file_get_contents('path/to/file')) { /* file-get-contents() Failed */ }

But that said, I still think I would try to do this with JavaScript / AJAX.  I have a "hello world" example in this article.  It could just as easily send a complete HTML form.
LVL 34

Expert Comment

ID: 39182953
something else I thought of, I guess that your html echo inserted form, will have an action that goes to your domain with the POST inputs, so whoever submits the form, will leave the domain of the containing page, , not sure, but I could test it, but I seem to remember that there may be restrictions about some browsers using a different domain in the form action. And after you get the POST data in your -
you will have to redirect the page back to the original domain where the form was inserted. Maybe I do not understand all of the functionality and data transfers for your idea of a web hosted SaaS app, but I do not feel now, from what I have read here or considered, that your easy to use insert with -
<?php require_once("getform.php"); ?>
can be set up with ease. You might want to have a web hosted SaaS app, that uses a published web API, with a web REST System (stateless transfer of info), and then have GET http requests like -
return some string or XML or JSON that has the data (html form in this case) to the PHP code that another developer is doing and show how to do PHP code with file_get_contents( ) or cURL (API) for those developers to use your web hosted SaaS app. You will no doubt have to have a SaaS that is worth bothering with and time spent, ,  and has useful services for data returns that would require more API than -
<?php require_once("getform.php"); ?>

You really need to have two independent Domains, that you can test this with, one as the SaaS and the other as the user of that SaaS, your test in the Same domain may be meaningless, except to see if the PHP code will run.

@ Ray, I do not think that you can not do cross domain calls in Ajax, at least as far as I know of.
LVL 110

Expert Comment

by:Ray Paseur
ID: 39183002
TLDR.  I'll leave it to you guys to sort it out.  Best of luck and best regards, ~Ray

Author Comment

ID: 39183049
I use jsonp with a callback to circumvent that exact issue. That I've tried and have been using two servers and different domains.  I can return simple json but using json with padding and specifying a callback in the URL I can accomplish cross domain without problems. The saas is biz to biz so fortunately won't rely on typical consumers but companies with IT available. Regardless I appreciate your help and plan to implement your suggestions

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
curl parse data from site 20 44
Set a time limit on Wordpress Cookie function. 3 18
How do I split a variable to newline 2 23
Make Float not to Wrap 15 39
The Confluence of Individual Knowledge and the Collective Intelligence At this writing (summer 2013) the term API ( has made its way into the popular lexicon of the English language.  A few years ago, …
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question