"Eric Butera" <eric.butera@xxxxxxxxx> wrote in message news:6a8639eb0901261509s1008e1b1j89c2a8f63669e668@xxxxxxxxxxxxxxxxx > On Mon, Jan 26, 2009 at 4:47 PM, Daniel Brown <danbrown@xxxxxxx> wrote: >> On Mon, Jan 26, 2009 at 16:34, Tom <obelix16@xxxxxxxxxxx> wrote: >>> >>> Shawn, >>> So would that look something like this: >>> <? >>> if ($_SERVER['REQUEST_METHOD'] == "POST") { >>> >>> // Just to be safe, I strip out HTML tags >>> $realname = strip_tags($realname); >>> $email = strip_tags($email); >>> $feedback = strip_tags($feedback); >>> >>> // set the variables >>> // replace $me@xxxxxxxxxx with your email >>> $sendto = "$me@xxxxxxxxxx"; >>> $subject = "Sending Email Feedback From My Website"; >>> $message = "$realname, $email\n\n$feedback"; >>> >>> // send the email >>> mail($sendto, $subject, $message); >>> >>> } >>> ?> >> >> For processing once it reaches the server, yes - almost exactly. >> A few recommended changes though: >> >> * Change <? to <?php for compatibility across servers with >> different PHP configurations. >> * Change your if() to if($_POST['realname']) >> * DO NOT rely on register_globals - it's insecure and will >> soon be phased-out of PHP. Instead, using your code: >> $realname = strip_tags($_POST['realname']); >> * Use explicit headers with mail(). For example: >> $headers = "From: you@xxxxxxxxxxx\r\n"; >> $headers .= "X-Mailer: PHP/".phpversion()."\r\n"; >> mail($sendto,$subject,$message,$headers); >> * Do something (exit, header("Location: otherpage.html") >> redirect, etc.) so that the form doesn't reappear. >> >> Then, either include that code at the top of the file in which >> your HTML resides, or place it in it's own file (for example: >> formproc.php) and change your form tag to: >> <form method="POST" action="formproc.php" name="formName" >> id="formName"> >> >> >> NB: My original responses that this wasn't PHP-related was based >> on your original message, saying that your "submit button" wasn't >> working, and then including HTML and JavaScript code only. It didn't >> appear as though it had anything to do with PHP. Getting a good >> answer is best-achieved by asking a well-formed question. >> >> -- >> </Daniel P. Brown> >> daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx >> http://www.parasane.net/ || http://www.pilotpig.net/ >> Unadvertised dedicated server deals, too low to print - email me to find >> out! >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > Also make sure there aren't line returns or any nonsense like that in > the to & subjects. Look up email header injection. Your script might > become quite popular at advertising p3n1s pills otherwise. :) Thanks I'll check it out. I tried including the above code but I still can't seem to get it to work. Must be missing something. Thanks, T -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
