[Phpwm] Simple PHP Contact Form
Gavin Kimpson
gkimpson at gmail.com
Tue Oct 13 20:45:33 UTC 2009
Hi Ian,
I don't mind writing a little PHP script if it helps - shall I send to your
aol account? I'll do this in the next day or so and you can ask any
questions that you may have.
On Tue, Oct 13, 2009 at 8:13 PM, David Goodwin <david at codepoets.co.uk>wrote:
> Hi Ian,
>
> > // get posted data into local variables
> > $EmailFrom = "_idvaughan at aol.com_ (mailto:idvaughan at aol.com) ";
> > $EmailTo = "_idvaughan at aol.com_ (mailto:idvaughan at aol.com) ";
> > $Subject = "Enquiry";
> > $Name = Trim(stripslashes($_POST['Name']));
> > $Tel = Trim(stripslashes($_POST['Tel']));
> > $email = Trim(stripslashes($_POST['email']));
> > $message = Trim(stripslashes($_POST['message']));
> >
>
> The stripslashes and trims are unnecessary. Unless you have
> magic_quotes turned on, in which case you might find the generated
> email gets filled with \'
>
> You'd be best off performing some sort of regular expression match -
> or using the filter extension ...
>
> $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
> if(!$email) {
> // invalid email address
> }
> (Requires PHP5, I think my syntax/usage is correct, but I've not
> checked it)
>
> > // validation
> > //$validationOK=true;
> > //if (Trim($Name)=="") $validationOK=false;
> > //if (Trim($email)=="") $validationOK=false;
> > //if (Trim($message)=="") $validationOK=false;
> > //if (!$validationOK) {
> > // print "<meta http-equiv=\"refresh\"
> > content=\"0;URL=contactus1.html\">";
> > // exit;
> > //}
> >
>
> I prefer :
>
> header('Location: ' . $url);
> exit(0);
>
> - instead.
>
> > // prepare email body text
> > $Body = "";
> > $Body .= "Name: ";
> > $Body .= $Name;
> > $Body .= "\n";
> > $Body .= "Tel: ";
> > $Body .= $Tel;
> > $Body .= "\n";
> > $Body .= "email: ";
> > $Body .= $email;
> > $Body .= "\n";
> > $Body .= "message: ";
> > $Body .= $message;
> > $Body .= "\n";
> >
> > // send email
> > $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
>
>
> If you're using an 'old' version of php this may be vulnerable to mail
> header injection, before 5.2.3 (I think)
> As a rule try to avoid calling the mail() function directly and
> instead use one of hte many higher level APIs - like for instance
> PEAR_Mail, Zend_Mail, SwiftMailer etc etc
>
>
> thanks
> David.
>
> --
> David Goodwin
>
> [ david at codepoets dot co dot uk ]
> [ http://www.codepoets.co.uk ]
>
> _______________________________________________
> Phpwm mailing list
> Website : http://www.phpwm.org
> Twitter : http://www.twitter.com/phpwm
> Facebook: http://www.facebook.com/group.php?gid=2361609907
>
> Post to list: Phpwm at mailman.lug.org.uk
> Archive etc : https://mailman.lug.org.uk/mailman/listinfo/phpwm
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/phpwm/attachments/20091013/1965143e/attachment.htm
More information about the Phpwm
mailing list