Email Form PHP

JackT06 · Jul 22, 2010

Hello,

On my site, i have a form which people can fill in and it will then email it to my address, this is for a newsletter.
What i would like to do is after, they have clicked submit, it redirects them to another page. The code, i got off the internet, just takes them to a blankpage saying "Thanks for submitting your applicattion".
Could someone point me in the right way please?
Bellow is the code for you to see:
Index.html:

Code:

<form action="mail.php" method="post">
Your Name: <input type="text" name="name"></li>
<li>E-mail: <input type="text" name = "email"><br> </li>
<input type="submit" value="Submit">
</form>

Mail.php:

Code:

<?
$name=$_POST['name'];
$email=$_POST['email'];
$to="JackDanielTracy@gmail.com";
$message="$name just filled in your News letter form.. Their e-mail address was: $email";
if(mail($to,"$name just subscirbed for your newsletter",$message,"From: $email\n")) {
echo "Thanks for your Applacation.";
} else {
echo "There was a problem sending the mail. Please check that you filled in the form correctly.";
}
?>

The web address is:
http://www.HampshireDofEYouthForum.tk
Any feedback much wanted

Good or bad

C00rDiNaT0r · Jul 22, 2010

Just making sure, you know what the code does right?

angelwatt · Jul 22, 2010

Your code is susceptible to email injection ,which could easily turn your web page into a spamming machine, which could get you site removed from the internet.

As for redirection, look at the header function.

JackT06 · Jul 23, 2010

Thank You

angelwatt said:
Your code is susceptible to email injection ,which could easily turn your web page into a spamming machine, which could get you site removed from the internet.

As for redirection, look at the header function.

Oh right, thanks for pointing that out to me. I never noticed that :O

On my contact page, is that form okay? Or would that still be at risk?

thanks

angelwatt · Jul 23, 2010

JackT06 said:
On my contact page, is that form okay? Or would that still be at risk?

The risk lies on the server side, not the HTML side. It doesn't really matter what your form looks like. Though, I'm not a fan of CAPTCHA. It's an accessibility issue and often frustrates legitimate users. I use alternatives that currently keep out 100% of spam attempts (not saying others would have the same luck).

DJBenE · Jul 28, 2010

Users Are NEVER to be trusted!

You best sanitize that data!

PHP:

$name=htmlentities($_POST['name']);
$email=htmlentities($_POST['email']);

or better yet, if you have mysql running...

PHP:

$name=mysql_real_escape_string($_POST['name']);
$email=mysql_real_escape_string($_POST['email']);

Also, would be a good idea to make sure the email address is formatted correctly...

PHP:

function validate_email($email) {
   return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email));
}

$name=htmlentities($_POST['name']);
$email=htmlentities($_POST['email']);
$to='JackDanielTracy@gmail.com';

if(!validate_email($email)){
   echo 'Email address not correct format.';
}else{
   // mail it!
   $message=$name.' just filled in your News letter form.. Their e-mail address was: '.$email;
   if(mail($to,$name.' just subscirbed for your newsletter',$message,'From: '.$email)) {
      echo 'Thanks for your Applacation.';
   }else{
      echo 'There was a problem sending the mail. Please check that you filled in the form correctly.';
   }
}

TIP: By the way, using single quotes instead of double quotes for string display and concatenation is much quicker.

Search

Search

Email Form PHP

JackT06

macrumors 6502

C00rDiNaT0r

macrumors 6502

angelwatt

Moderator emeritus

JackT06

macrumors 6502

angelwatt

Moderator emeritus

DJBenE

macrumors member

Our Staff