<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=US-ASCII">
<META content="MSHTML 6.00.6000.16890" name=GENERATOR></HEAD>
<BODY id=role_body style="FONT-SIZE: 10pt; COLOR: #000000; FONT-FAMILY: Arial"
bottomMargin=7 leftMargin=7 topMargin=7 rightMargin=7><FONT id=role_document
face=Arial color=#000000 size=2>
<DIV>Hi</DIV>
<DIV> </DIV>
<DIV>I'm just starting out using PHP and have created the following contact us
to email web form. I am looking for some advice and best practice
please</DIV>
<DIV> </DIV>
<DIV>Does the form processing script look ok and secure?</DIV>
<DIV> </DIV>
<DIV>For example I would like to include server side validation so if a web user
has not completed certain fields then it would display on the form page that
they have not filled in the 'Name' field or entered a correct email address for
example. If so what is the best way of achieving the above with my script
below?</DIV>
<DIV> </DIV>
<DIV>Also I would welcome any other best practice or advice regarding the
form.</DIV>
<DIV> </DIV>
<DIV>Many Thanks,</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><?php</DIV>
<DIV> </DIV>
<DIV>// get posted data into local variables<BR>$EmailFrom = "<A
href="mailto:idvaughan@aol.com">idvaughan@aol.com</A>";<BR>$EmailTo = "<A
href="mailto:idvaughan@aol.com">idvaughan@aol.com</A>";<BR>$Subject =
"Enquiry";<BR>$Name = Trim(stripslashes($_POST['Name'])); <BR>$Tel =
Trim(stripslashes($_POST['Tel'])); <BR>$email =
Trim(stripslashes($_POST['email'])); <BR>$message =
Trim(stripslashes($_POST['message'])); </DIV>
<DIV> </DIV>
<DIV>// validation<BR>//$validationOK=true;<BR>//if (Trim($Name)=="")
$validationOK=false;<BR>//if (Trim($email)=="") $validationOK=false;<BR>//if
(Trim($message)=="") $validationOK=false;<BR>//if (!$validationOK) {<BR>//
print "<meta http-equiv=\"refresh\"
content=\"0;URL=contactus1.html\">";<BR>// exit;<BR>//}</DIV>
<DIV> </DIV>
<DIV>// prepare email body text<BR>$Body = "";<BR>$Body .= "Name: ";<BR>$Body .=
$Name;<BR>$Body .= "\n";<BR>$Body .= "Tel: ";<BR>$Body .= $Tel;<BR>$Body .=
"\n";<BR>$Body .= "email: ";<BR>$Body .= $email;<BR>$Body .= "\n";<BR>$Body .=
"message: ";<BR>$Body .= $message;<BR>$Body .= "\n";</DIV>
<DIV> </DIV>
<DIV>// send email <BR>$success = mail($EmailTo, $Subject, $Body, "From:
<$EmailFrom>");</DIV>
<DIV> </DIV>
<DIV>// redirect to success page <BR>if ($success){<BR> print "<meta
http-equiv=\"refresh\"
content=\"0;URL=emailok.html\">";<BR>}<BR>else{<BR> print "<meta
http-equiv=\"refresh\"
content=\"0;URL=contactus1.html\">";<BR>}<BR>?></DIV>
<DIV> </DIV>
<DIV> </DIV></FONT></BODY></HTML>