Email Form PHP

Discussion in 'Web Design and Development' started by JackT06, Jul 22, 2010.

  1. JackT06 macrumors 6502

    JackT06

    Joined:
    Jul 24, 2009
    #1
    Hello,

    On my site, i have a form which people can fill in and it will then email it to my address, this is for a newsletter.
    What i would like to do is after, they have clicked submit, it redirects them to another page. The code, i got off the internet, just takes them to a blankpage saying "Thanks for submitting your applicattion".
    Could someone point me in the right way please?
    Bellow is the code for you to see:
    Index.html:
    Code:
    <form action="mail.php" method="post">
    Your Name: <input type="text" name="name"></li>
    <li>E-mail: <input type="text" name = "email"><br> </li>
    <input type="submit" value="Submit">
    </form>
    Mail.php:
    Code:
    <?
    $name=$_POST['name'];
    $email=$_POST['email'];
    $to="JackDanielTracy@gmail.com";
    $message="$name just filled in your News letter form.. Their e-mail address was: $email";
    if(mail($to,"$name just subscirbed for your newsletter",$message,"From: $email\n")) {
    echo "Thanks for your Applacation.";
    } else {
    echo "There was a problem sending the mail. Please check that you filled in the form correctly.";
    }
    ?>

    The web address is:
    www.HampshireDofEYouthForum.tk
    Any feedback much wanted :) Good or bad :)
     
  2. C00rDiNaT0r macrumors regular

    C00rDiNaT0r

    Joined:
    Jan 12, 2006
    Location:
    New York, New York
    #2
    Just making sure, you know what the code does right?
     
  3. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #3
    Your code is susceptible to email injection ,which could easily turn your web page into a spamming machine, which could get you site removed from the internet.

    As for redirection, look at the header function.
     
  4. JackT06 thread starter macrumors 6502

    JackT06

    Joined:
    Jul 24, 2009
    #4
    Thank You

    Oh right, thanks for pointing that out to me. I never noticed that :O

    On my contact page, is that form okay? Or would that still be at risk?

    thanks
     
  5. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #5
    The risk lies on the server side, not the HTML side. It doesn't really matter what your form looks like. Though, I'm not a fan of CAPTCHA. It's an accessibility issue and often frustrates legitimate users. I use alternatives that currently keep out 100% of spam attempts (not saying others would have the same luck).
     
  6. DJBenE macrumors member

    Joined:
    Jul 9, 2010
    Location:
    Rowland Heights, California
    #6
    Users Are NEVER to be trusted!

    You best sanitize that data!

    PHP:
    $name=htmlentities($_POST['name']);
    $email=htmlentities($_POST['email']);
    or better yet, if you have mysql running...

    PHP:
    $name=mysql_real_escape_string($_POST['name']);
    $email=mysql_real_escape_string($_POST['email']);
    Also, would be a good idea to make sure the email address is formatted correctly...

    PHP:
    function validate_email($email) {
       return (
    ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+''@''[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$'$email));
    }

    $name=htmlentities($_POST['name']);
    $email=htmlentities($_POST['email']);
    $to='JackDanielTracy@gmail.com';

    if(!
    validate_email($email)){
       echo 
    'Email address not correct format.';
    }else{
       
    // mail it!
       
    $message=$name.' just filled in your News letter form.. Their e-mail address was: '.$email;
       if(
    mail($to,$name.' just subscirbed for your newsletter',$message,'From: '.$email)) {
          echo 
    'Thanks for your Applacation.';
       }else{
          echo 
    'There was a problem sending the mail. Please check that you filled in the form correctly.';
       }
    }
    TIP: By the way, using single quotes instead of double quotes for string display and concatenation is much quicker.
     

Share This Page