This question already has answers here:
Check form input length via PHP with maxlength tag
(1 answer)
Prevent php web contact form spam
(11 answers)
Closed 1 year ago.
I have a php website that is working well. It's allows customer to make online reservation and email is sent to us. We have message field, number of passenger and others. The message field is set to 30 characters limit and number of passenger limit is 2 characters. Works well. However, some hackers are being overwitten the message field to like 1000 characters and number field to 20 characters. These people are like telemaketers. What and how can I prevent this. Do I need to install some security software? Which one?Please suggest. Thanks in advance.
Here's the code
/// Contact page
# of Passenger:
<textarea maxlength="150" placeholder="Message/Notes" rows="5" COLS="60" name="notes" title="Note/Message" style="height:71px; width:133px; margin-top:-47px;margin-left:175px;"></textarea>
<input type="submit" name="submit" value="Send"> <input type="button" value="Cancel" onClick="window.location='index.php';" name="Cancel" >
/// iProcess page
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$notes = $_POST['notes'];
$notes = htmlentities($notes, ENT_QUOTES, 'UTF-8');
$passenger = $_POST['passenger'];
//// email send here
$to = "info#mytest.com"; // Tracking customer for sometime. would remove my email later
$subject = "Reservation";
$message ="
<html>
<head>
<title>Reservation Email</title>
</head>
<body>
<p>Customer Reservation information </p>
<table>
<tr>
<th>Order Number :</th>
<td>$ordernumber</td>
</tr>
<tr>
<th>Number of Passenger :</th>
<td>$passenger</td>
</tr>
<tr>
<th>Messages/Notes :</th>
<td>$notes</td>
</tr>
</table>
</body>
</html>
";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
////// more headers
//$headers .= 'From: <info#mytest.com' . "\r\n";
//$headers .= 'Cc: <>' . "\r\n";
$success = mail($to,$subject,$message,$headers);
if (!$success) {
$errorMessage = error_get_last()['message'];
}
else
{ echo "Email send successfully"; }
}
else
{
echo "Unable to connect or send your reservation!";
}
}
Related
i have created contact form but i am getting two problems
Reply-To mail is not going.
After Submitting the form page has to redirect to Home page.
For reference please find the attached image and code
Below is the PHP code
<?php
if(isset($_POST['submit']))
{
$name = $_POST['name']; // Get Name value from HTML Form
$email_id = $_POST['email']; // Get Email Value
$mobile_no = $_POST['Mobile']; // Get Mobile No
$msg = $_POST['message']; // Get Message Value
$to = "somasekhar.n#vitalticks.com"; // You can change here your Email
$subject = "'$name' has been sent a mail"; // This is your subject
// HTML Message Starts here
$message ="
<html>
<body>
<table style='width:600px;'>
<tbody>
<tr>
<td style='width:150px'><strong>Name: </strong></td>
<td style='width:400px'>$name</td>
</tr>
<tr>
<td style='width:150px'><strong>Email ID: </strong></td>
<td style='width:400px'>$email_id</td>
</tr>
<tr>
<td style='width:150px'><strong>Mobile No: </strong></td>
<td style='width:400px'>$mobile_no</td>
</tr>
<tr>
<td style='width:150px'><strong>Message: </strong></td>
<td style='width:400px'>$msg</td>
</tr>
</tbody>
</table>
</body>
</html>
";
// HTML Message Ends here
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// More headers
$headers .= "From: New Contact Form <".$_POST["email"].">\r\n"; // Give an email id on which you want get a reply. User will get a mail from this email id
$headers .= 'Cc: somumstr210#gmail.com' . "\r\n"; // If you want add cc
// $headers .= 'Bcc: somasekhar.n#vitalticks.com' . "\r\n"; // If you want add Bcc
$headers .= "Reply-To: ".$_POST["email"]."\r\n";
if(mail($to,$subject,$message,$headers)){
// Message if mail has been sent
echo "<script>
alert('Mail has been sent Successfully.');
</script>";
}
else{
// Message if mail has been not sent
echo "<script>
alert('EMAIL FAILED');
</script>";
}
}
?>
The mail function is deprecated and may not work right! I recommand phpmailer https://github.com/PHPMailer/PHPMailer
How do I make a redirect in PHP?
header("Location: path/to/file");
please check post variables
$variable = $_POST['variable-name'] ?? "default content if $_POST['variable-name'] is undefined";
EDIT: mail() is not deprecated but please use the PHPmailer because it's better
I have some problem in sending the mail, my mail not send to the receiver.. but get back email to me. my code is here please suggest me
<?php
if(isset($_POST["c_submit"]))
{
if(($_POST['captcha']!="") || ($_SESSION['captcha_id'])!="")
{
if($_POST['captcha']==$_SESSION['captcha_id']) {
$to_customer = $_POST["mail"];
$subject = "Thanking you for Contacting US";
$mail_body = "
<html>
<head>
<title>Thanking you for Contacting</title>
</head>
<body>
<font face='Verdana'>
Dear ".$_POST["name"].",</br>
<p>Thank you for visiting our website. We have received your enquiry through our web form. We appreciate you considering</p>
<p>Sincerely,</p>
<b>Penis Plug. Ltd.</b><br />
Website:". $site."<br />
Email:" .$email."<br />
<br />
<br />
</font>
</body>
</html>";
$to = "ashish.sws#gmail.com";
$mail_subject = "Contact Form Mail";
$to_mail_body = "
<htm>
<head>
<title>Customer Details</title>
</head>
<body>
<font face='Verdana'>
<table>
<tr>
<th>Name : </th>
<td>".$_POST["name"]."</td>
</tr>
<tr>
<tr>
<th>Message : </th>
<td>".$_POST["message"]."</td>
</tr>
<tr>
<th>Email </th>
<td>".$_POST["email"]."</td>
</tr>
<tr>
<th>Contact No. : </th>
<td>".$_POST["phone"]."</td>
</tr>
<tr>
<th>Company : </th>
<td>".$_POST["company"]."</td>
</tr>
</table>
</font>
</body>
</html>
";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.'http://www.swatiwebtechnologies.com'.'<'.'ashish.sws#gmail.com'.'> ' . "\r\n";
if(#mail($to_customer,$subject,$mail_body,$headers))
{
echo "Mail send completed.";
}
else
{
echo "Cannot send mail.";
}
#mail($to,$mail_subject,$to_mail_body,$headers);
} else if($_POST['captcha']!=""){
echo '<font color="red"><b>Not Matching, Try Again...</b></font>';
}
}
}
?>
Here i am sending two mail 1 for customer and one for self in customer mail problem arise and self email working fine..plese suggest me
As per the docs, the function returns false on failure to send.
$flgSend = #mail(...);
If this causes your code to show "Mail send completed.", but it still doesn't appear in your inbox, then either it just hasn't arrived yet or a SPAM filter has caught it.
Try this for checking of email sending
if(#mail($to_customer,$subject,$mail_body,$headers))
{
echo "Mail send completed.";
}
else
{
echo "Cannot send mail.";
}
Suggestions:
What is the exact error, if you remove the error suppression operator?
Are you sure the http://www.com in the from: part is valid?
Many spam blocking list providers will block your mail if you don't authenticate encryped. Then, an answer get back to your inbox that your mail was not delivered.
Search here for "mail php", it will bring you dozens of ideas. Like this:
PHP mail() - mail not sending
I have been working on a php script and a html form (both in separate files) that takes data from a form and emails it to me. I am having difficulty getting the form data that the user fills out to come through on the email.
I would like for the email to contain the user's email as the From in the email.
Can anyone help me figure out what is wrong with the files?
HTML Form:
<form id="ContactUs" name="ContactUs" method="post" action="sendform/sendform.php">
<table width="60%" border="0" cellpadding="2px" style="position:relative; left:20%">
<tr>
<td width="25%" align="right">Name:</td>
<td width="75%" align="left"><input name="ContactName" type="text" size="40" maxlength="100" /></td>
</tr>
<tr>
<td align="right">Email Address:</td>
<td align="left"><span id="sprytextfield1">
<input name="EmailAddress" type="text" id="EmailAddress" size="40" maxlength="150" />
<span class="textfieldRequiredMsg">A value is required.</span></span></td>
</tr>
<tr>
<td align="right">Phone Number:</td>
<td align="left"><span id="sprytextfield2">
<label for="PhoneNumber"></label>
<input name="PhoneNumber" type="text" id="PhoneNumber" maxlength="15" />
<span class="textfieldRequiredMsg">A value is required.</span></span></td>
</tr>
<tr>
<td align="right">Practice Name:</td>
<td align="left"><input name="PracticeName" type="text" size="40" maxlength="100" /></td>
</tr>
<tr>
<td align="right">Message:</td>
<td align="left"><textarea name="Message" cols="40" rows="10"> </textarea></td>
</tr>
<tr>
<td align="center" width="25%"></td>
<td align="center" width="75%"><input name="SubmitForm" type="submit" id="SubmitForm" onclick="MM_popupMsg('Are you sure you would like to submit this form?\r');return document.MM_returnValue" value="Submit Form" /><input type="reset" name="ResetForm" id="ResetForm" value="Reset Form" /></td>
</table>
</form>
Separate PHP file named sendform.php
<?php
// Where to redirect after form is processed.
$url = 'ThankYou.php';
// multiple recipients
$to = 'T#domain.com';
// subject
$subject = 'Someone sent you a contact request';
$headers = 'From: '.$EmailAddress.'/r/n';
$headers .= 'MIME-Version: 1.0\r\n';
$headers .= 'Content-Type: text/html; charshet=ISO-8859-1\r\n';
// message
$messagetext = '<html><body>';
$messagetext .= ' <p>Website Form Submit</p>';
$messagetext .= ' <table>';
$messagetext .= ' <tr><td align="right">Name:</td><td>'; $_GET[$ContactName] .'</td></tr>';
$messagetext .= ' <tr><td align="right">Email Address:</td><td align="left">'; $EmailAddress .'</td></tr>';
$messagetext .= ' <tr><td align="right">Phone Number:</td><td align="left">'; $PhoneNumber .'</td></tr>';
$messagetext .= ' <tr><td align="right">Practice Name:</td><td align="left">'; $PracticeName .'</td></tr>';
$messagetext .= ' <tr><td align="right">Message:</td><td align="left">'; $Message .'</textarea></td></tr>';
$messagetext .= ' </table></body></html>';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Mail it
mail($to, $subject, $messagetext, $headers);
//echo $message;
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">'
?>
You're using POST in your form but you are not referencing the post variables. Instead of $_GET[$ContactName], use $_POST[$ContactName]. Do this for all POSTed variables.
One step at a time! Forget the email function altogether for now, do things in order.
Make your form, then make sure it's displaying as you expect in the browser.
Then on the processing page (sendform/sendform.php), echo out all the data which would be sent from the form to make sure they're all there, present and ok.
ie
print_r($_POST);
THEN once you are happy with that stage, you can apply the vars in the email function and test the final result, tweaking where required or fixing bugs etc.
At present, however, you're not doing anything with the POSTed data. In sendform.php, you have this:
$headers = 'From: '.$EmailAddress.'/r/n';
However there is no reference to it in that file to set it, or set that variable to POSTed or GET data. As such, it'll be empty.
You should check your error logs too, as this would have shown you this var is empty and lead you to back track to your issue. error logs are a must whenever coding in PHP, even for the pro's.
You also have this:
$messagetext .= '<tr><td align="right">Name:</td>
<td>'; $_GET[$ContactName] .'</td></tr>
';
Your form is set to POST data, not GET.
So your data is stored in PHP's $_POST array. So using your form names, the email address would be:
$_POST['EmailAddress'];
// You can use this, or set it to a variable, ie
$EmailAddress = $_POST['EmailAddress'];
Important note:
You really want to validate people's inputs before emailing, or you could open yourself up to be a spammers delight. Such as strlen() to match your form maxlengths, is_numeric(), and regex to check their inputted data is not some Javascript or whatever trying to send thousands of emails through your site (it happens!).
Using them all in conjunction with each other where appropriate, you ensure users can only enter data you allow and you stop any bad things coming through.
Send them back to the form with an error message if there is anything wrong, do this until you're happy the data is acceptable to send through your server's mail system and then allow it.
People using your badly written code to spam the world wont just be an annoyance to you having to resolve that. You could end up having your domain name where the form is hosted blacklisted as a spammy site - not good.
Here is a tested version with the From: now showing in the appropriate location of the Email.
Quick note: There was two seperate header bodies which broke up your code.
One under $subject and the other over $messagetext. All are inside one body of headers now.
Plus, you had $headers = 'From: '.$EmailAddress.'/r/n'; which is invalid.
This should have read as $headers = 'From: '.$EmailAddress.'\r\n'; with \ instead of /.
More on the mail() function can be read by visiting PHP.net on mail() - here.
Working code
<?php
$url = 'ThankYou.php';
$ContactName = $_POST['ContactName'];
$EmailAddress = $_POST['EmailAddress'];
$PhoneNumber = $_POST['PhoneNumber'];
$Message = $_POST['Message'];
$PracticeName = $_POST['PracticeName'];
$to = "email#example.com";
$subject = 'Someone sent you a contact request';
// message
$messagetext = '<html><body>';
$messagetext .= ' <p>Website Form Submit</p>';
$messagetext .= ' <table>';
$messagetext .= ' <tr><td align="right">Name:</td><td>'.$ContactName.'</td></tr>';
$messagetext .= ' <tr><td align="right">Email Address:</td><td align="left">'.$EmailAddress.'</td></tr>';
$messagetext .= ' <tr><td align="right">Phone Number:</td><td align="left">'.$PhoneNumber.'</td></tr>';
$messagetext .= ' <tr><td align="right">Practice Name:</td><td align="left">'.$PracticeName.'</td></tr>';
$messagetext .= ' <tr><td align="right">Message:</td><td align="left">'.$Message.'</textarea></td></tr>';
$messagetext .= ' </table></body></html>';
// To send HTML mail, the Content-type header must be set
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\n";
$headers .= "From: $EmailAddress" . "\r\n" .
"Reply-To: $EmailAddress" . "\r\n" .
'X-Mailer: PHP/' . phpversion();
// Mail it
mail($to, $subject, $messagetext, $headers);
//echo $message;
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
//echo "Success"; // my testing method
?>
Additional options:
To make sure someone fills in all the fields and not send mail unless they do, then you can use the following and make sure you remove the in your <textarea name="Message"... because that is considered as input.
if(!empty($_POST['EmailAddress']) && (!empty($_POST['ContactName']))
&& (!empty($_POST['PhoneNumber']))
&& (!empty($_POST['PracticeName']))
&& (!empty($_POST['Message']))
)
{
mail($to, $subject, $messagetext, $headers);
//echo $message;
// echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
echo "Success";
}
else {
echo "Mail failed. All fields must be filled.";
}
There are more improvements that can be done, for instance Email validation such as FILTER_VALIDATE_EMAIL.
Example:
$email = $_POST['EmailAddress'];
if(empty($_POST['EmailAddress']) || !filter_var($EmailAddress, FILTER_VALIDATE_EMAIL)) {
die("Please enter a valid email");
}
More on FILTER_VALIDATE_EMAIL can be found on the PHP.net Website
http://php.net/manual/en/filter.filters.validate.php
I have fixed your code. Enter the email in $to variable whom you want to send the email.
<?php
$ContactName = $_POST['ContactName'];
$EmailAddress = $_POST['EmailAddress'];
$PhoneNumber = $_POST['PhoneNumber'];
$Message = $_POST['Message'];
$PracticeName = $_POST['PracticeName'];
$to = 'ENTER EMAIL ADDRESS ON WHICH YOU WANT TO SEND EMAIL';
$subject = 'Someone sent you a contact request';
$headers = 'From: '.$EmailAddress.'/r/n';
$headers .= 'MIME-Version: 1.0\r\n';
$headers .= 'Content-Type: text/html; charshet=ISO-8859-1\r\n';
// message
$messagetext = '<html><body>';
$messagetext .= ' <p>Website Form Submit</p>';
$messagetext .= ' <table>';
$messagetext .= ' <tr><td align="right">Name:</td><td>'.$ContactName.'</td></tr>';
$messagetext .= ' <tr><td align="right">Email Address:</td><td align="left">'.$EmailAddress.'</td></tr>';
$messagetext .= ' <tr><td align="right">Phone Number:</td><td align="left">'.$PhoneNumber.'</td></tr>';
$messagetext .= ' <tr><td align="right">Practice Name:</td><td align="left">'.$PracticeName.'</td></tr>';
$messagetext .= ' <tr><td align="right">Message:</td><td align="left">'.$Message.'</textarea></td></tr>';
$messagetext .= ' </table></body></html>';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n";
// Mail it
mail($to, $subject, $messagetext, $headers);
//echo $message;
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
I'm having some problems in using php mail function to send a html form's data. The mail function is working fine and I have no problem receiving the email when the form is submitted, but sometimes I got empty arrays in my email.
The code looks like:
<?php
error_reporting(E_ALL & ~E_NOTICE);
$email = $_POST['email'];
//check if value is set:
if (isset($_POST['submit'])){
$everyoneToppingList = substr(implode(', ', $_POST['everyone_platter_topping']), 0);
$everyoneCondimentList = substr(implode(', ', $_POST['everyone_platter_condiment']), 0);
}; //end isset($_POST['submit']
$len = strlen($email);
if ($len > 0)
{
$email_body = "Full Name: $title $fullname\n".
"Topping? - $everyoneToppingList\n".
"Condiment? - $everyoneCondimentList\n\n";
$email_to = "example#gmail.com";
$email_from = $_POST['email']; // required
$URL= "order.php";
header ("Location: $URL");
// create email headers
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $email_from \r\n";
$headers .= "Cc: $email_from \r\n";
$headers .= "X-Mailer: PHP/". phpversion();
mail($email_to, $email_subject, $email_body, $headers);
} ?>
And the html part looks like:
<table style="vertical-align:top;" class="form platter bread" cellspacing="2">
<tr>
<span class="bold">
Choose Your Topping:
</span>
<span id="errorsDiv_everyone_platter_topping[]">
</span>
<td height="7" width="87" align="left" valign="middle">
<input type="checkbox" name="everyone_platter_topping[]" value="Lettuce" id="everyone_lettuce" />
<label for="everyone_lettuce">\
Lettuce
</label>
</td>
<td height="7" width="87" align="left" valign="middle">
<input type="checkbox" name="everyone_platter_topping[]" value="Tomatoes" id="everyone_tomatoes" />
<label for="everyone_tomatoes">
Tomatoes
</label>
</td>
</tr>
</table>
When I receive the email, sometimes it only shows "Topping? - , , , ," .
Really need help on this and any suggestions will be appreciated!!
Thank you!
I am sorry to write it over here, but comment section is not enough to mention the doubts regarding your question.
the elements in the form and the elements used in PHP code does not give clear picture of the question.
Also $URL= "order.php";
header ("Location: $URL"); does not make any sense, it will redirect and mail wont be sent anyways
If I make this subtle changes of
removing header code from the PHP code
adding the email input box and submit submit button in the html form
adding form outside the table with method POST
I simply got this code working by making above changes without any trouble.
I suggest you edit a question and ask again or do the suggested changes (of course with some tweaking from your side) and you will code be in working state.
First initialize your variables before using em.
$everyoneToppingList = null;
$everyoneCondimentList = null;
if (isset($_POST['submit'])){
$everyoneToppingList = substr(implode(', ', $_POST['everyone_platter_topping']), 0);
$everyoneCondimentList = substr(implode(', ', $_POST['everyone_platter_condiment']), 0);
};
$len = strlen($email);
if ($len > 0)
{
if (!is_null($everyoneToppingList) && !is_null($everyoneCondimentList))
{
// Send your mail.
}
}
This is my html form. The user will input the email addresses he/she would like to send the html email to.
<form id="form1" name="form1" method="post" action="">
<table width="400">
<tr>
<td>Please enter your email address:</td>
<td<input type="text" name="email" id="email" /></td>
</tr>
<tr>
<td>Please enter the email addresses you would like to notify below:</td>
<td>
</td>
</tr>
<tr>
<td>Email:</td>
<td>
<input type="text" name="email1" id="email1" />
</td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" name="email2" id="email2" />
</td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" name="email3" id="email3" />
</td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" name="email4" id="email4" />
</td>
</tr>
</table>
</form>
This is somewhat the php code.
<?php
$ToEmail = '["email1"]["email2"]["email3"]["email4"]';
$EmailSubject = 'Check this out guys!';
$mailheader = "From: ".$_POST["email"]."\r\n";
$mailheader .= "Reply-To: "noreply#domain.com"\r\n";
$mailheader .= "Content-type: text/html; charset=iso-8859-1\r\n";
mail(......) or die ("Failure");
?>
<script type="text/javascript">
alert("Success! You have sent the notification to the emails you have entered.");
<!--
window.location = "form.html"
//-->
</script>
How do I:
1. Modify the PHP code so that it will send to the emails inputed by the user?
2. The body message of the notification is a html email. How do I go about adding it to the PHP code?
Your help is highly appreciated. Thanks in advance!
Looks like you need to $_POST the email1, email2 etc. values to a variable then use that as your value for $to in the mail() function - just make sure you add a comma after each:
$to = $_POST['email1'] . ', ';
$to .= $_POST['email2'] . ', ';
$to .= $_POST['email3'];
etc. Leave off the comma for the last email and you should be ready to go.
Regarding the content of your email, you should be able to send html no problem - just store it in a variable for ease of use later, e.g:
$message = '
<html>
<head>
<title>This is the HTML Email</title>
</head>
<body>
<div id="container">
<p>Welcome to the html!</p>
<img src="../img/some_image.jpg" alt="some image"/>
</div>
</body>
</html>
';
then make sure you add the relevant HTML headers:
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
Along with any other headers e.g.:
$headers .= 'From: HTML Email <you#example.com>' . "\r\n";
Then call mail() with your defined variables:
mail($to, $subject, $message, $headers);
Hope that helps.
p.s. its all available on the mail function definition: mail()
Look at the php manual for mail
Example:
$toemails = "user#example.com, anotheruser#example.com";