I am new to PHP not an expert by any means. Anyhow, I am building a PHP and HTML contact form and I am getting mixed up on the way to validate field input (trim, strip, htmlspecchars..). Anyways, here is my code, please go easy on me, I am a noob at this.
<?php
// define variables and set to empty values
$name = $email = $web = $telephone = $pages = $completion_date = $update_option = $hosting_option = $domain_option = $text = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$web = test_input($_POST["web"]);
$telephone = test_input($_POST["telephone"]);
$pages = test_input($_POST["pages"]);
$completion_date = test_input($_POST["completion_date"]);
$update_option = test_input($_POST["update_option"]);
$hosting_option = test_input($_POST["hosting_option"]);
$domain_option = test_input($_POST["domain_option"]);
$text = test_input($_POST["text"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$msg = $name . "\n";
$msg = $email . "\n";
$msg = $web . "\n";
$msg = $telephone . "\n";
$msg = $pages . "\n";
$msg = $completion_date . "\n";
$msg = $update_option . "\n";
$msg = $hosting_option . "\n";
$msg = $domain_option . "\n";
$msg = $text . "\n";
$recipient = "myemail#mydomain.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders = "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$mailheaders = "From: <myemail#mydomain.com>, Reply-To: <myemail#mydomain.com>" . "\r\n";
$mailheaders = "Cc: <$email>" . "\r\n";
mail($recipient, $subject, $msg, $mailheaders);
?>
It looks okay until the definition of $msg, you keep overwriting it.
Prepend the equals (=) signs after the first with a dot (.)
$msg = $name . "\n";
$msg .= $email . "\n";
$msg .= $web . "\n";
... etc
stripslashes and htmlspecialchars are unnecessary in this context. After all, you are not outputting any HTML that contain the POSTed values.
The problem with your form validation is that I could write anything in the email field, for example, and it would still validate. You should make a case-by-case validation for all the fields so, for example with the email field
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
// The email is valid
$email = $_POST['email'];
}
And so on. If you don't need them to be what they say the are, you can omit this. Other than that it looks okay.
Related
This question already has answers here:
PHP mail: Multiple recipients?
(5 answers)
Closed 1 year ago.
I need to send my forms to multiple recipients, but I can't figure it out which line I need to edit. Please see below. I appreciate your help.
I already tried adding more values to the emailto, but I can't get it to work.
I need to send my forms to multiple recipients, but I can't figure it out which line I need to edit. Please see below. I appreciate your help.
I already tried adding more values to the emailto, but I can't get it to work.
Hello there,
I need to send my forms to multiple recipients, but I can't figure it out which line I need to edit. Please see below. I appreciate your help.
<?php
// Configure your Subject Prefix and Recipient here
$errors = array(); // array to hold validation errors
$data = array(); // array to pass back data
if($_SERVER['REQUEST_METHOD'] === 'POST') {
$subjectPrefix = $_POST['subject'];
$privacyPolicy = $_POST['privacy-policy'];
$emailTo = stripslashes(trim($_POST['email-to']));
$name = stripslashes(trim($_POST['name']));
$email = stripslashes(trim($_POST['email']));
$phone = stripslashes(trim($_POST['phone']));
$message = stripslashes(trim($_POST['message']));
$spam = $_POST['textfield'];
$confirmMsg = $_POST['confirm'];
$captcha = $_POST['captcha'];
if (empty($name)) {
$errors['name'] = 'Please fill in all required fields.';
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors['email'] = 'Please fill in all required fields.';
}
if (empty($message)) {
$errors['message'] = 'Please fill in all required fields.';
}
if (empty($captcha)) {
$errors['captcha'] = 'TEST CAPTCHA';
}
if (empty($privacyPolicy)) {
$errors['privacy_policy'] = 'Please fill in all required fields.';
}
// if there are any errors in our errors array, return a success boolean or false
if (!empty($errors)) {
$data['success'] = false;
$data['errors'] = $errors;
} else {
$subject = "Message from $subjectPrefix";
$body = '
<strong>Name: </strong>'.$name.'<br />
<strong>Email: </strong>'.$email.'<br />
<strong>Phone: </strong>'.$phone.'<br />
<strong>Message: </strong>'.nl2br($message).'<br />
';
$headers = "MIME-Version: 1.1" . PHP_EOL;
$headers .= "Content-type: text/html; charset=utf-8" . PHP_EOL;
$headers .= "Content-Transfer-Encoding: 8bit" . PHP_EOL;
$headers .= "Date: " . date('r', $_SERVER['REQUEST_TIME']) . PHP_EOL;
$headers .= "Message-ID: <" . $_SERVER['REQUEST_TIME'] . md5($_SERVER['REQUEST_TIME']) . '#' . $_SERVER['SERVER_NAME'] . '>' . PHP_EOL;
$headers .= "From: " . "=?UTF-8?B?".base64_encode($name)."?=" . " <$email> " . PHP_EOL;
$headers .= "Return-Path: $emailTo" . PHP_EOL;
$headers .= "Reply-To: $email" . PHP_EOL;
$headers .= "X-Mailer: PHP/". phpversion() . PHP_EOL;
$headers .= "X-Originating-IP: " . $_SERVER['SERVER_ADDR'] . PHP_EOL;
if (empty($spam)) {
mail($emailTo, "=?utf-8?B?" . base64_encode($subject) . "?=", $body, $headers);
}
$data['success'] = true;
$data['confirmation'] = $confirmMsg;
}
// return all our data to an AJAX call
echo json_encode($data);
}
You can separate receivers by comma like
$to = "somebody#example.com, somebodyelse#example.com";
As indicated in the mail() documentation you can use this:
$emailTo = $mail1 . ', ' . $mail2;
I have a contact form that on submit displays a thank you message, takes the users entries and emails them to an address but should also take four fields and place it into a CSV. Unfortunately I can't get the last part to work no matter what I try.
The thank you message works, an email is sent, but the part I've added at $output (before the if/else) doesn't.
Here's the code I'm using, thanks in advance to anyone who can help with this.
<?php
$subject = 'Submission received';
$mailto = '';
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$telephone = $_POST['telephone'];
$company = $_POST['companyName'];
$country = $_POST['country'];
$about = $_POST['hearAbout'];
$enquiry = $_POST['enquiry'];
$body = "
<br>
<p>The following information was submitted through the contact form on your website:</p>
<p><b>Name</b>: $firstName $lastName<br>
<b>Email</b>: $email<br>
<b>Phone number</b>: $telephone</br>
<b>Company name</b>: $company<br>
<b>Country</b>: $country<br>
<b>Heard about company via</b>: $about<br>
<b>Enquiry</b>: $enquiry<br></p>
";
// Success Message - PAD THIS OUT
$success = "
<div class=\"\">
<div class=\"\">
<h3>Submission successful</h3>
<p>Thank you.</p>
</div>
</div>
";
$headers = "From: $firstName $lastName <$email> \r\n";
$headers .= "Reply-To: $email \r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$message = "<html><body>$body</body></html>";
$output = $firstName . "t";
$output .= $lastName . "t";
$output .= $email . "t";
$output .= $telephone . "n";
$fp = fopen("data/enquiry.csv", "a");
fwrite($fp, $output);
fclose($fp);
if (mail($mailto, $subject, $message, $headers)) {
echo "$success"; // success
} else {
echo 'Form submission failed. Please try again...'; // failure
}
?>
Maybe this will help:
$fp = fopen("data/enquiry.csv", "a");
fwrite($fp,"," . $firstName . "," . $lastName . "," . $email . "," . $telephone . "\n");
fclose($fp);
I am using the following code to email the results of a form submission. Since I'm running without a database I'd like some sort of other record.
<?php
$to = "me#me.com";
$from = $_REQUEST['email'];
$name = $_REQUEST['name'];
$headers = "From: $from";
$subject = "New Message";
$fields = array();
$fields{"first_name"} = "first_name";
$fields{"last_name"} = "last_name";
$fields{"email"} = "email";
$fields{"phone"} = "phone";
$fields{"hospital"} = "hospital";
$fields{"title"} = "title";
$body = "Here is what was sent:\n\n";
foreach($fields as $a => $b){
$body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]);
}
$send = mail($to, $subject, $body, $headers);
?>
How do I save the results to a text file in addition to email? I've seen examples on how to do text but not in addition to email.
you should check the file functions :
http://php.net/manual/en/function.fread.php
http://php.net/manual/en/function.fopen.php
http://php.net/manual/en/function.fwrite.php
http://php.net/manual/en/function.file-get-contents.php
http://php.net/manual/en/function.file-put-contents.php
An example of what you could do :
$filePath = 'records.txt';
file_put_contents($filePath, "\nYour text here...", FILE_APPEND);
Should be something like this:
//Email code here...
if(!$file = fopen('records.txt', 'a+')) {
echo 'Could not write to file.';
exit;
}
$content = "Email sent on: " . time() . PHP_EOL . "***" . PHP_EOL . $body . PHP_EOL . "***" . PHP_EOL;
if(fwrite($file, $content) === false) {
echo 'Could not write to file.';
exit;
}
fclose($file);
For more see examples at: http://php.net/fwrite
I created a php script (for a contact form) to send emails to my Gmail account.
If I use the sender email in the header ($headers = "From: " . $email;), Gmail reports the received message as spam.
If I don't use the email in the header (e.g. the sender name $headers = "From: " . $name;) the message is not reported as spam.
Do you have any suggestion to let me use the email in the header?
Thanks!
<?php
/* Check if the url field is empty (antispam) */
if ($_POST['leaveblank'] != '' or $_POST['dontchange'] != 'http://') {
$name = $_POST['name'];
$faillink = "xxx.php";
header("Location: $faillink");
} else {
$name = $_POST['name'];
$email = $_POST['email'];
$subject_prefix = "[ContactForm]: ";
$subject = $subject_prefix . $_POST['subject'];
$message = $_POST['message'];
$to = "myemail#gmail.com";
$body = "From: " . $name . "\n";
$body .= "Email: " . $email . "\n";
$body .= "Message: " . $message . "\n";
$headers = "From: " . $email;
$oklink = "yyy.php";
$faillink = "xxx.php";
if ( preg_match( "/[\r\n]/", $name ) || preg_match( "/[\r\n]/", $email ) ) {
header("Location: $faillink");
}
$retmail = mail($to, $subject, $body, $headers);
if ($retmail) {
header("Location: $oklink");
} else {
header("Location: $faillink");
}
}
?>
I solved the issue as Iain suggested so I replaced the mail headers as follows:
$headers = "From: " . "noreplay#mydomain.com" . "\r\n";
$headres .= "Reply-To: " . $email . "\r\n";
what i want to do is when i click on submit it goes to the index page and dont stay on the php page
this is my code
$name = $_POST[\'name\'];
$email = $_POST[\'email\'];
$phone = $_POST[\'phone\'];
$reason = $_POST[\'reason\'];
$header = \'From: \' . $email . \" \\r\\n\";
$msg = \"Sent from: \" . $name . \"\\r\\n\";
$msg .= \"Email: \" . $email . \" \\r\\n\";
$msg .= \"Phone: \" . $phone . \" \\r\\n\";
$msg .= \"Contact reason:\" . $reason . \" \\r\\n\";
$msg .= \"Message: \" . $_POST[\'message\'] . \" \\r\\n\";
$msg .= \"Date and time \" . date(\'d/m/Y\', time());
$to = \'emailhere#something.com\';
$subject = \'contact page\';
mail($to, $subject, utf8_decode($msg), $header);
echo \'The Message is sent\';
i wonder if somebody can help me? i think isnt too hard right?
header("Location: http://www.example.com/");
see http://php.net/manual/de/function.header.php for more info
You can use header("Location: http://www.yoursite.com/index.php") to redirect to
the index.php of your website.
The header() method must be called before any issue like the echo \'The Message is sent\';
Why do you escape all those quotes?
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$reason = $_POST['reason'];
$header = 'From: ' . $email . "\r\n";
$msg = "Sent from: " . $name . "\r\n";
$msg .= "Email: " . $email . "\r\n";
$msg .= "Phone: " . $phone . "\r\n";
$msg .= "Contact reason:" . $reason . "\r\n";
$msg .= "Message: " . $_POST['message'] . "\r\n";
$msg .= "Date and time " . date(\'d/m/Y\', time());
$to = 'emailhere#something.com';
$subject = 'contact page';
mail($to, $subject, utf8_decode($msg), $header);
// redirect to page
$url = 'http://example.com';
header('Location: '.$url); // must be used before any output to the browser
die; // prevent execution of other code
You only need to escape quotes you want to display in string.
e.g.:
$test = "This is a \"test\".";
Will display:
This is a "test"
Or you can do:
$test = 'This is a "test"';