[Phpwm] Simple PHP Contact Form

David Goodwin david at codepoets.co.uk
Tue Oct 13 19:13:34 UTC 2009 

Hi Ian,

> // get posted data into local variables
> $EmailFrom = "_idvaughan at aol.com_ (mailto:idvaughan at aol.com) ";
> $EmailTo = "_idvaughan at aol.com_ (mailto:idvaughan at aol.com) ";
> $Subject =  "Enquiry";
> $Name = Trim(stripslashes($_POST['Name'])); 
> $Tel =  Trim(stripslashes($_POST['Tel'])); 
> $email =  Trim(stripslashes($_POST['email'])); 
> $message =  Trim(stripslashes($_POST['message'])); 
>  

The stripslashes and trims are unnecessary. Unless you have
magic_quotes turned on, in which case you might find the generated
email gets filled with \'

You'd be best off performing some sort of regular expression match -
or using the filter extension ...

$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if(!$email) {
        // invalid email address
}
(Requires PHP5, I think my syntax/usage is correct, but I've not
checked it)

> // validation
> //$validationOK=true;
> //if (Trim($Name)=="")  $validationOK=false;
> //if (Trim($email)=="") $validationOK=false;
> //if  (Trim($message)=="") $validationOK=false;
> //if (!$validationOK) {
> //   print "<meta http-equiv=\"refresh\"  
> content=\"0;URL=contactus1.html\">";
> //  exit;
> //}
>  

I prefer :

header('Location: ' . $url); 
exit(0); 

- instead.

> // prepare email body text
> $Body = "";
> $Body .= "Name: ";
> $Body .=  $Name;
> $Body .= "\n";
> $Body .= "Tel: ";
> $Body .= $Tel;
> $Body .=  "\n";
> $Body .= "email: ";
> $Body .= $email;
> $Body .= "\n";
> $Body .=  "message: ";
> $Body .= $message;
> $Body .= "\n";
>  
> // send email 
> $success = mail($EmailTo, $Subject, $Body, "From:  <$EmailFrom>");


If you're using an 'old' version of php this may be vulnerable to mail
header injection, before 5.2.3 (I think)
As a rule try to avoid calling the mail() function directly and
instead use one of hte many higher level APIs - like for instance
PEAR_Mail, Zend_Mail, SwiftMailer etc etc


thanks
David.

-- 
David Goodwin 

[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk       ]

More information about the Phpwm mailing list