Best way to include my SaaS form on 3rd party sites?

I have a SaaS app I've been working on (forever) and am looking for a 'best practice' to include a form on my users sites. The forms are slightly different (they allow someone to subscribe to their own email list etc)

I've considered having the site owners simply pull it into an iframe - may be the easiest but not particularly pretty. I have a modal issue then with the form and its kind of kludgy

Another idea is simply give them the code to stick in. But its much harder to make any changes or update at all if I need to.

The idea I'm leaning toward is since the sites all run php, perhaps I could have them include a file on their site which executes a cURL request and pulls in the form from my site. ie:

They put the require where they want the form to appear:
<?php require_once("getform.php"); ?>

getform.php looks like:

	function get_data($url) {
	$ch = curl_init();
	$timeout = 5;
	$data = curl_exec($ch);
	return $data;

$form = get_data('');
echo $form;

Open in new window

It seems to work not bad, returns the form based on the user variable so it pertains to the correct list. And still resides on my site. The form submits via jsonp so it is very seamless and works cross domain.

So... is using a cURL request a good way to go as long as the servers have php? Any gotcha's waiting to destroy me publicly? I'm not particularly experienced so any issues or improvements in my cURL request sticking out?
Who is Participating?
Slick812Connect With a Mentor Commented:
greetings  tjyoung,  You seem to be on the right tract, if you need to have information (data, html display)  on several other PHP sites that are not your domain name, However there may be some things you might consider for this.
You say = "But its much harder to make any changes or update at all if I need to"
I guess you mean that you could update or change the -
form.php script, to do different or updated things. And yes, this would allow you to distribute the getform.php to many other PHP site developers to get your display on their page.

Some of my thoughts (opinions) are -
You really should have an authentication with any "User" info requested, such as -
$form = get_data('');
where the "acb4d2ef3cf10dacca4defa8f1d6bc01" is a Unique value that you generate and store, so that if  user=123456  data is requested, the correct access (authentication) string must exactly match your stored aut string.

You may not need the cURL , I think that the cURL is for more complicated URL like a POST, Also I would think that this would do your data fetch -
$form = file_get_contents('');
if ((strlen($form) < 5) || ($form == 'ERROR') {
    echo '<h2>ERROR for Form setup</h2>';
    } else echo $form;

Also you may should check the return string "$form" for a correct beginning like get a sub-string and check for "<form", because, if it returns a "404, page not here" status error, then you should not echo out the $form.
- - - - - - - - -
You may want to allow some customization, such as colour -
<?php $uZ765v_colour = "light blue"; // Use Special Prefix Variables to avoid overwrite of site's variables
require_once("getform.php"); ?>

in the getform, maybe -
if (isset($uZ765v_colour)) {
    $form = file_get_contents(''.$uZ765v_colour);
    } else
    $form = file_get_contents('');

But thinking about this is not the same as getting results from using it, testing and trying to do common errors like programmers mis typing or or mis placement of your code in their code, like putting your -
<?php require_once("getform.php"); ?>
at the beginning of there PHP code before the  session_start();   or other things.

I hope I have  given u some that will help, but there may be other factors, depending on the developers using your -
<?php require_once("getform.php"); ?>
Ray PaseurCommented:
I think the way Google Analytics does this sort of thing is via JavaScript.  Pretty sure that FB does it that way, too.  They make AJAX requests to load forms (and other things) into the appropriate DIVs of the document.

You might put some thought into client authentication.  Example:  Let's say I am user #123456, but I'm curious about what user #123457 is doing.  It would appear easy for me to manipulate this code and sample other users' information.  You may or may not want to allow that.
tjyoungAuthor Commented:
Hi, yes the user id is actually a much longer/random string. I just used 123456 as example. Its actually 12 random characters including alpha and numerical.
Never thought of file_get_contents.

Trying it and tried creating an error. That works but I noticed I get the warning php error as well as whatever I want to send back as an error message. Can I suppress this or is this something that is happening on that server's end and I can't suppress?

Warning: file_get_contents( [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/biggest/public_html/test/index.php on line 19
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Ray PaseurConnect With a Mentor Commented:
You can suppress any PHP error message by prepending the @ to the function call.

if (!$str = @file_get_contents('path/to/file')) { /* file-get-contents() Failed */ }

But that said, I still think I would try to do this with JavaScript / AJAX.  I have a "hello world" example in this article.  It could just as easily send a complete HTML form.
something else I thought of, I guess that your html echo inserted form, will have an action that goes to your domain with the POST inputs, so whoever submits the form, will leave the domain of the containing page, , not sure, but I could test it, but I seem to remember that there may be restrictions about some browsers using a different domain in the form action. And after you get the POST data in your -
you will have to redirect the page back to the original domain where the form was inserted. Maybe I do not understand all of the functionality and data transfers for your idea of a web hosted SaaS app, but I do not feel now, from what I have read here or considered, that your easy to use insert with -
<?php require_once("getform.php"); ?>
can be set up with ease. You might want to have a web hosted SaaS app, that uses a published web API, with a web REST System (stateless transfer of info), and then have GET http requests like -
return some string or XML or JSON that has the data (html form in this case) to the PHP code that another developer is doing and show how to do PHP code with file_get_contents( ) or cURL (API) for those developers to use your web hosted SaaS app. You will no doubt have to have a SaaS that is worth bothering with and time spent, ,  and has useful services for data returns that would require more API than -
<?php require_once("getform.php"); ?>

You really need to have two independent Domains, that you can test this with, one as the SaaS and the other as the user of that SaaS, your test in the Same domain may be meaningless, except to see if the PHP code will run.

@ Ray, I do not think that you can not do cross domain calls in Ajax, at least as far as I know of.
Ray PaseurCommented:
TLDR.  I'll leave it to you guys to sort it out.  Best of luck and best regards, ~Ray
tjyoungAuthor Commented:
I use jsonp with a callback to circumvent that exact issue. That I've tried and have been using two servers and different domains.  I can return simple json but using json with padding and specifying a callback in the URL I can accomplish cross domain without problems. The saas is biz to biz so fortunately won't rely on typical consumers but companies with IT available. Regardless I appreciate your help and plan to implement your suggestions
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.