Re: Coding for email response forms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Eric Butera" <eric.butera@xxxxxxxxx> wrote in message 
news:6a8639eb0901261509s1008e1b1j89c2a8f63669e668@xxxxxxxxxxxxxxxxx
> On Mon, Jan 26, 2009 at 4:47 PM, Daniel Brown <danbrown@xxxxxxx> wrote:
>> On Mon, Jan 26, 2009 at 16:34, Tom <obelix16@xxxxxxxxxxx> wrote:
>>>
>>> Shawn,
>>> So would that look something like this:
>>> <?
>>> if ($_SERVER['REQUEST_METHOD'] == "POST") {
>>>
>>> // Just to be safe, I strip out HTML tags
>>> $realname = strip_tags($realname);
>>> $email = strip_tags($email);
>>> $feedback = strip_tags($feedback);
>>>
>>> // set the variables
>>> // replace $me@xxxxxxxxxx with your email
>>> $sendto = "$me@xxxxxxxxxx";
>>> $subject = "Sending Email Feedback From My Website";
>>> $message = "$realname, $email\n\n$feedback";
>>>
>>> // send the email
>>> mail($sendto, $subject, $message);
>>>
>>> }
>>> ?>
>>
>>    For processing once it reaches the server, yes - almost exactly.
>> A few recommended changes though:
>>
>>        * Change <? to <?php for compatibility across servers with
>> different PHP configurations.
>>        * Change your if() to if($_POST['realname'])
>>        * DO NOT rely on register_globals - it's insecure and will
>> soon be phased-out of PHP.  Instead, using your code:
>>            $realname = strip_tags($_POST['realname']);
>>        * Use explicit headers with mail().  For example:
>>            $headers  = "From: you@xxxxxxxxxxx\r\n";
>>            $headers .= "X-Mailer: PHP/".phpversion()."\r\n";
>>            mail($sendto,$subject,$message,$headers);
>>        * Do something (exit, header("Location: otherpage.html")
>> redirect, etc.) so that the form doesn't reappear.
>>
>>    Then, either include that code at the top of the file in which
>> your HTML resides, or place it in it's own file (for example:
>> formproc.php) and change your form tag to:
>>            <form method="POST" action="formproc.php" name="formName"
>> id="formName">
>>
>>
>>    NB: My original responses that this wasn't PHP-related was based
>> on your original message, saying that your "submit button" wasn't
>> working, and then including HTML and JavaScript code only.  It didn't
>> appear as though it had anything to do with PHP.  Getting a good
>> answer is best-achieved by asking a well-formed question.
>>
>> --
>> </Daniel P. Brown>
>> daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx
>> http://www.parasane.net/ || http://www.pilotpig.net/
>> Unadvertised dedicated server deals, too low to print - email me to find 
>> out!
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
> Also make sure there aren't line returns or any nonsense like that in
> the to & subjects.  Look up email header injection.  Your script might
> become quite popular at advertising p3n1s pills otherwise. :)

Thanks I'll check it out. I tried including the above code but I still can't 
seem to get it to work. Must be missing something.

Thanks,
T 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux