I've never done that before and simply need a little advice how to do so …
I have a index.php file with a simple contact form.
<form id="contactform" method="post" action="<?php echo $_SERVER["SCRIPT_NAME"] ?>">
The index.php file has the following script on top.
<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<?php
//Vars
$Name = Trim(stripslashes($_POST['author']));
$EmailFrom = Trim(stripslashes($_POST['email']));
$Subject = Trim(stripslashes($_POST['subject']));
$Type = Trim(stripslashes($_POST['type']));
$Comment = Trim(stripslashes($_POST['message']));
$EmailTo = "address#something.com";
//Validation
$valid = true;
if ( $Name == "" ) $valid = false;
if ( isValidEmail( $EmailFrom ) == 0 ) $valid = false;
if ($Subject == "") $valid = false;
if ($Comment == "") $valid = false;
function isValidEmail( $email = null ) {
return preg_match( "/^[\d\w\/+!=#|$?%{^&}*`'~-][\d\w\/\.+!=#|$?%{^&}*`'~-]*#[A-Z0-9][A-Z0-9.-]{1,61}[A-Z0-9]\.[A-Z]{2,6}$/ix", $email );
}
//Body
$Body = $Type;
$Body .= "\n\n";
$Body .= $Comment;
//Headers
$email_header = "From: " . $EmailFrom . "\r\n";
$email_header .= "Content-Type: text/plain; charset=UTF-8\r\n";
$email_header .= "Reply-To: " . $EmailFrom . " \r\n";
//Send
if ($valid)
$success = mail($EmailTo, $Subject, $Body, $email_header);
?>
I have two questions now:
1.)
How exactly can I render/not-render certain stuff when either the validation went wrong or a success or an error comes back when submitting the mail?
e.g. I know that I can do that!
if ( !$valid )
print "Failed to make contact. Enter valid login credentials! <a href='/#contact' title='try again'>try again?</a>";
if ( $success )
print "Successfully made contact.";
else
print "Failed to make contact. <a href='/#contact' title='try again'>try again?</a>"; */
?>
However $valid will always be wrong on page-load when not submitting the form and also the email will always return the error message on the first page load. How can I only render or not render specific stuff when the form is submitted?
E.g. When submitting the form and a success comes back I don't want to render the #contactform anymore. I simply want to print "Successfully made contact" into an h1 or so.
How can I make that happen? It's probably rather simple I just can't find a solution for myself.
2.)
When using $_SERVER["SCRIPT_NAME"] or PHP_SELF as action the url after submitting the form will always change to "mydomain.com/index.php". Can I prevent that from happening? I want to submit the index.php file itself however I just don't like it when /index.php is written into the url. Is it possible to stop that from happening?
Thank you for your help!
Matt,
For the first question as to printing to the screen based on success or failure of the email, your checks seem fine, but you probably aren't going to get an email failure in time to display that to the screen. That said, you just need to wrap your second set of code in an if statement. Something like this:
if( isset($_POST['Submit']) ){ //only attempt to display if form submitted.
//Your code here
}
As for not including the directory in the form action, there are many ways to do this, but here's one:
$scriptString= explode('/',$_SERVER['SCRIPT_NAME']);
$scriptSize = count($scriptString)-1;
$script = $scriptString[$scriptSize];
And then use $script in the form action.
Related
I'm similar to php and don't undestand what is the problem.
Sometimes php function send me empty messages like
Vanema nimi
Lapse nimi:
Linn:
Telefoninumber:
Email:
Sünnikuupäev:
Sõnumi tekst:
But it should be filled with values like this
Vanema nimi test
Lapse nimi: test
Linn: test
Telefoninumber: test
Email: test#test
Sünnikuupäev: 21313
Sõnumi tekst:test
Here is my php code
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Обратная Связь</title>
</head>
<body>
<?php
if (isset($_POST['parent'])) {$parent = $_POST['parent'];}
if (isset($_POST['child'])) {$child = $_POST['child'];}
if (isset($_POST['contacts'])) {$contacts = $_POST['contacts'];}
if (isset($_POST['email'])) {$email = $_POST['email'];}
if (isset($_POST['bbd'])) {$bbd = $_POST['bbd'];}
if (isset($_POST['city'])) {$city = $_POST['city'];}
if (isset($_POST['mess'])) {$mess = $_POST['mess'];}
$to = "info#test.ee"; /*Укажите ваш адрес электоронной почты*/
$headers = "Content-type: text/plain; text/html; charset=utf-8";
$subject = "Kontakti Info";
$message = "Vanema nimi $parent \n Lapse nimi: $child \nLinn:
$city \nTelefoninumber: $contacts \nEmail: $email \nSünnikuupäev: $bbd \nSõnumi tekst: $mess";
$send = mail ($to, $subject, $message, $headers);
if ($send == 'true')
{
echo "<b>Спасибо за отправку вашего сообщения!<p>";
echo "<a href=index.php>Нажмите,</a> чтобы вернуться на главную страницу";
}
else
{
echo "<p><b>Ошибка. Сообщение не отправлено!";
}
?>
</body>
</html>
<?php
header('Location: https://test.ee/aitah.html ');
?>
Please give me advice what is wrong.
If your script is a form processor only, you could e.g. add if(empty($_POST)) { die('No form data!'); } to the top to prevent it from running, except in response to a form submission.
If you require all fields to be filled in, you will have to check each of them before you process your email. You could cram all of those issets into one monster if(isset(...) statement. However, there's a simpler and more readable way to do it. First, let's set up a couple of variables:
// Your required fields:
$fields = ['parent', 'child', 'contacts', 'email', 'bbd', 'city', 'mess'];
// Your data is collected here:
$data = [];
// Any errors are collected here:
$errors = [];
Then, we loop over the fields and if values exist, add to $data, otherwise we add an error note.
// Loop to check your required fields:
foreach($fields as $field) {
// If value exists, add to $data:
if(!empty($_POST[$field])) {
$data[$field] = $_POST[$field];
}
// Else add error:
else {
$errors[] = 'Missing field: ' . $field;
}
}
if(empty($errors)) {
// No errors, send your email
// You can use "Vanema nimi {$data['parent']}...",
// ... otherwise: extract($data) to use $parent etc.
}
else {
// You could report those errors, or redirect back to the form, or whatever.
}
If there are errors (= missing fields), e-mails won't be sent. As a bonus, you now have a reusable piece of code that you can use for other forms with similar functionality simply by modifying the $fields array. (Wrapping it into a function is a good idea if you do need to reuse it; don't copy-paste code. function x($post, $fields) { ... } for a basic helper function.)
Note that here we are using empty in place of isset. If a blank form is submitted, the fields are set (to empty strings ""). Also note that empty returns true for anything that equals false (ie. "", 0, false, null, []). (If "0" is an expected and acceptable value, be aware of its "emptiness"!) On the other hand, isset returns true for anything not null.
P.S. If your code above is the complete code, and your script simply processes the form data and redirects, then you don't really need the HTML wrapper at all. It will never be displayed.
I'm trying to add a PHP form to a website I'm working on. Not real familiar with PHP, but I've put the file in the upload folder in the CMS.
I think I've linked the jQuery and other files correctly and I've edited the PHP file putting in emails etc. This one also calls on another PHP validation file.
Anyway it shows up normally and I can fill it out but it goes to a 404 page and doesn't work.
My question is, what linking convention do I use to link to the php file and is it in the right place? I use cPanel where the CMS is installed.
Instead of putting: action="url([[root_url]]/uploads/scripts/form-to-email.php"
should I just put: action="uploads/scripts/form-to-email.php"?
The page in question is here: www.edelweiss-web-design.com.au/captainkilowatt/
Also, anyone know a good captcha I can integrate with it...? Thanks!
<div class="contact-form">
<h1>Contact Us</h1>
<form id="contact-form" method="POST" action="uploads/scripts/form-to-email.php">
<div class="control-group">
<label>Your Name</label>
<input class="fullname" type="text" name="fullname" />
</div>
<div class="control-group">
<label>Email</label>
<input class="email" type="text" name="email" />
</div>
<div class="control-group">
<label>Phone (optional)</label>
<input class="phone" type="text" name="phone" />
</div>
<div class="control-group">
<label>Message</label>
<textarea class="message" name="message"></textarea>
</div>
<div id="errors"></div>
<div class="control-group no-margin">
<input type="submit" name="submit" value="Submit" id="submit" />
</div>
</form>
<div id='msg_submitting'><h2>Submitting ...</h2></div>
<div id='msg_submitted'><h2>Thank you !<br> The form was submitted Successfully.</h2></div>
</div>
Here is the php:
<?php
/*
Configuration
You are to edit these configuration values. Not all of them need to be edited.
However, the first few obviously need to be edited.
EMAIL_RECIPIENTS - your email address where you want to get the form submission.
*/
$email_recipients = "contact#edelweiss-web-design.com.au";//<<=== enter your email address here
//$email_recipients = "mymanager#gmail.com,his.manager#yahoo.com"; <<=== more than one recipients like this
$visitors_email_field = 'email';//The name of the field where your user enters their email address
//This is handy when you want to reply to your users via email
//The script will set the reply-to header of the email to this email
//Leave blank if there is no email field in your form
$email_subject = "New Form submission";
$enable_auto_response = true;//Make this false if you donot want auto-response.
//Update the following auto-response to the user
$auto_response_subj = "Thanks for contacting us";
$auto_response ="
Hi
Thanks for contacting us. We will get back to you soon!
Regards
Captain Kilowatt
";
/*optional settings. better leave it as is for the first time*/
$email_from = ''; /*From address for the emails*/
$thank_you_url = 'http://www.edelweiss-web-design.com.au/captainkilowatt.html';/*URL to redirect to, after successful form submission*/
/*
This is the PHP back-end script that processes the form submission.
It first validates the input and then emails the form submission.
The variable $_POST contains the form submission data.
*/
if(!isset($_POST['submit']))
{
// note that our submit button's name is 'submit'
// We are checking whether submit button is pressed
// This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!".print_r($_POST,true);
exit;
}
require_once "http://edelweiss-web-design.com.au/captainkilowatt/upload/scripts/formvalidator.php";
//Setup Validations
$validator = new FormValidator();
$validator->addValidation("fullname","req","Please fill in Name");
$validator->addValidation("email","req","Please fill in Email");
//Now, validate the form
if(false == $validator->ValidateForm())
{
echo "<B>Validation Errors:</B>";
$error_hash = $validator->GetErrors();
foreach($error_hash as $inpname => $inp_err)
{
echo "<p>$inpname : $inp_err</p>\n";
}
exit;
}
$visitor_email='';
if(!empty($visitors_email_field))
{
$visitor_email = $_POST[$visitors_email_field];
}
if(empty($email_from))
{
$host = $_SERVER['SERVER_NAME'];
$email_from ="forms#$host";
}
$fieldtable = '';
foreach ($_POST as $field => $value)
{
if($field == 'submit')
{
continue;
}
if(is_array($value))
{
$value = implode(", ", $value);
}
$fieldtable .= "$field: $value\n";
}
$extra_info = "User's IP Address: ".$_SERVER['REMOTE_ADDR']."\n";
$email_body = "You have received a new form submission. Details below:\n$fieldtable\n $extra_info";
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
#mail(/*to*/$email_recipients, $email_subject, $email_body,$headers);
//Now send an auto-response to the user who submitted the form
if($enable_auto_response == true && !empty($visitor_email))
{
$headers = "From: $email_from \r\n";
#mail(/*to*/$visitor_email, $auto_response_subj, $auto_response,$headers);
}
//done.
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])
AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest')
{
//This is an ajax form. So we return success as a signal of succesful processing
echo "success";
}
else
{
//This is not an ajax form. we redirect the user to a Thank you page
header('Location: '.$thank_you_url);
}
?><?php
/*
Configuration
You are to edit these configuration values. Not all of them need to be edited.
However, the first few obviously need to be edited.
EMAIL_RECIPIENTS - your email address where you want to get the form submission.
*/
$email_recipients = "contact#edelweiss-web-design.com.au";//<<=== enter your email address here
//$email_recipients = "mymanager#gmail.com,his.manager#yahoo.com"; <<=== more than one recipients like this
$visitors_email_field = 'email';//The name of the field where your user enters their email address
//This is handy when you want to reply to your users via email
//The script will set the reply-to header of the email to this email
//Leave blank if there is no email field in your form
$email_subject = "New Form submission";
$enable_auto_response = true;//Make this false if you donot want auto-response.
//Update the following auto-response to the user
$auto_response_subj = "Thanks for contacting us";
$auto_response ="
Hi
Thanks for contacting us. We will get back to you soon!
Regards
Captain Kilowatt
";
/*optional settings. better leave it as is for the first time*/
$email_from = ''; /*From address for the emails*/
$thank_you_url = 'http://www.edelweiss-web-design.com.au/captainkilowatt.html';/*URL to redirect to, after successful form submission*/
/*
This is the PHP back-end script that processes the form submission.
It first validates the input and then emails the form submission.
The variable $_POST contains the form submission data.
*/
if(!isset($_POST['submit']))
{
// note that our submit button's name is 'submit'
// We are checking whether submit button is pressed
// This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!".print_r($_POST,true);
exit;
}
require_once "http://www.edelweiss-web-design.com.au/captainkilowatt/upload/scripts/formvalidator.php";
//Setup Validations
$validator = new FormValidator();
$validator->addValidation("fullname","req","Please fill in Name");
$validator->addValidation("email","req","Please fill in Email");
//Now, validate the form
if(false == $validator->ValidateForm())
{
echo "<B>Validation Errors:</B>";
$error_hash = $validator->GetErrors();
foreach($error_hash as $inpname => $inp_err)
{
echo "<p>$inpname : $inp_err</p>\n";
}
exit;
}
$visitor_email='';
if(!empty($visitors_email_field))
{
$visitor_email = $_POST[$visitors_email_field];
}
if(empty($email_from))
{
$host = $_SERVER['SERVER_NAME'];
$email_from ="forms#$host";
}
$fieldtable = '';
foreach ($_POST as $field => $value)
{
if($field == 'submit')
{
continue;
}
if(is_array($value))
{
$value = implode(", ", $value);
}
$fieldtable .= "$field: $value\n";
}
$extra_info = "User's IP Address: ".$_SERVER['REMOTE_ADDR']."\n";
$email_body = "You have received a new form submission. Details below:\n$fieldtable\n $extra_info";
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
#mail(/*to*/$email_recipients, $email_subject, $email_body,$headers);
//Now send an auto-response to the user who submitted the form
if($enable_auto_response == true && !empty($visitor_email))
{
$headers = "From: $email_from \r\n";
#mail(/*to*/$visitor_email, $auto_response_subj, $auto_response,$headers);
}
//done.
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])
AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest')
{
//This is an ajax form. So we return success as a signal of succesful processing
echo "success";
}
else
{
//This is not an ajax form. we redirect the user to a Thank you page
header('Location: '.$thank_you_url);
}
?>
I've added the php file.
So, in the action part, when I submit the form, it no longer gives me a 404 but takes me to a blank page with the 'form-to-email.php' page. However, the script is not working from what I can tell. Again, I know html and css, and little javascipt, but how php is meant to work...?
What am I doing wrong?
I would suggest using one of the modules for CMS instead of trying to build form in PHP from scratch. It is much more safer to use CMS buildin functions and that is the point of using the CMS in the first place. For CMS made simple the formbuilder module is here:
http://dev.cmsmadesimple.org/projects/formbuilder
Thanks for all the comments.
I found another form with a captcha (PHP) and preserved the whole structure by uploading it as is into CMSMS uploads folder.
I then used iframe to embed the form on my page, changed a couple of little details with the CSS and wording, and bob's your uncle, it works just fine.
For anyone interested, I used: www.html-form-guide.com/contact-form/creating-a-contact-form.html
This is free and I am certainly not trying to spam as I am in no way affiliated with this site or any sites associated with it.
Here is the issue. I am trying to troubleshoot an issue in my PHP script that prevents it from emailing the info, our client has inputted.
<?php
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$recaptcha=$_POST['g-recaptcha-response'];
if(!empty($recaptcha))
{
include("getCurlData.php");
$google_url="https://www.google.com/recaptcha/api/siteverify";
$secret='6LegpgYTAAAAABK9Nd45_DfAPu7_gwHro9pj902B';
$ip=$_SERVER['REMOTE_ADDR'];
$url=$google_url."?secret=".$secret."&response=".$recaptcha."&remoteip=".$ip;
$res=getCurlData($url);
$res= json_decode($res, true);
//reCaptcha success check
if($res['success'])
{
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
if(isset($_POST['submit'])) {
$to = "denislav#svishtov.net";
$subject = "New opinion post";
// data the visitor provided
$name_field = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
$phone_field = filter_var($_POST['number']);
$address_field = filter_var($_POST['address'], FILTER_SANITIZE_STRING);
$comment = filter_var($_POST['comment'], FILTER_SANITIZE_STRING);
//constructing the message
$body = "
From: $name_field <br/>
Email Address: $address_field <br/>
Phone number: $phone_field <br/>
Message:<br/> $comment ";
// ...and away we go!
mail($to, $subject, $body, $headers);
// redirect to confirmation
header("Location: confirmation2.html");
}
else {
// handle the error somehow
echo "Error accessing the file";
}
}
else
{
echo "Въвели сте грешен код за потвърждаване (reCAPTCHA)! Натиснете "назад" и опитайте отново";
}
}
else
{
echo "Не сте въвели код за потвърждаване (reCAPTCHA)! Натиснете "назад" и опитайте отново";
}
}
?>
worse thing is , it used to work , then I opened it, edited some stuff and now it doesnt work, tried the back-up copy and it still doesnt work !?
Working in CMS MadeSimple. the URLs are correct , the confirmation2.html is a file, not a page made in CMS and it is in the same folder as the php script and if I try to access it directly (not via the contact from) its there, I have tried ' ' and " " quotes, still no change.
Probably a simple mistake, I did try looking for other solutions in here (stackoverflow.com) but nothing to fix my current issue. I know that I shouldnt have any output before the header but... well I dont have any output so, I'm baffled.
Appreciation in advance to those who want to help!
UPDATE:
Seems like the reCAPTCHA was shitting me, and after I removed it - WORKS.
Gonna leave it defenseless for now. Thanks to all who wanted to help.
Is there a way to make a modal window popup when a input is skipped ?
For example, if someone forgets to put in their email, my current php mail file opens a blank page thats says please enter email, but I want a modal window (preferably with an image), that says the same thing without leaving my page.
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<META HTTP-EQUIV="refresh" content="9;URL=Thankyou.html">
</head>
<?php
$EmailFrom = "mail#live.com";
$EmailTo = "mail#live.com";
$Subject = "REQUEST";
$Name = check_input($_POST['Name']);
$Phone = check_input($_POST['Phone']);
$Email = check_input($_POST['Email'], "Enter a Email");
$Message = check_input($_POST['Message']);
if (! preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $Email))
{
show_error("E-mail address not valid");
}
if ($Email != 'Email')
{
$message = "Name: ".$Name;
$message .= "\n\nEmail: ".$Email;
$message .= "\n\nPhone: ".$Phone;
$message .= "\n\nMessage: ".$Message;
$success = mail($EmailTo, $Subject, $message, "From: <$EmailFrom>");
if ($success)
{
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=Thankyou.html">';
exit;
}
else
{
print ("<b>I'm sorry, there was a technical glitch, please send your email to me#gmysite.com directly.</b>");
}
}
else
{
echo "Please fill the required fields, thankyou";
}
function check_input($data, $problem = '')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($myError)
{
?>
<html>
<body>
<p>Please correct the following error:</p>
<strong><?php echo $myError; ?></strong>
</body>
</html>
<?php
exit();
}
?>
There are a few solutions.
The easiest is to add the html5 required attribute to the form fields that are required. That will not give you any options for a pop-up with images though, just a warning in modern browsers that the user cannot submit the form until the field is filled in.
To add a global pop-up window on the same page, you would need javascript. Just check if any of the required fields is empty when you submit the form and display your global overlay if there is. You'd have to write it yourself though...
The HTML5 standard includes the dialog element with a javascript api to open and close it. However, this is not supported cross-browser yet. You always could use the polyfill tough, which will allow you to use the dialog element before it is supported cross-browser.
I read this post: What is a good invisible captcha? about using a hidden field in a web form to stop basic bots from pelting your website with spam mail via your web sites form mail. I'm currently using a php script to process my form mail. I built the script by following a 'bullet proff web form' tutorial I found. It looks like this:
<?php
// Pick up the form data and assign it to variables
$name = $_POST['name'];
$email = $_POST['email'];
$topic = $_POST['topic'];
$comments = $_POST['comments'];
// Build the email (replace the address in the $to section with your own)
$to = 'hello#cipherbunny.com';
$subject = "New message: $topic";
$message = "$name said: $comments";
$headers = "From: $email";
// Data cleaning function
function clean_data($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = strip_tags($string);
return mysql_real_escape_string($string);
}
// Mail header removal
function remove_headers($string) {
$headers = array(
"/to\:/i",
"/from\:/i",
"/bcc\:/i",
"/cc\:/i",
"/Content\-Transfer\-Encoding\:/i",
"/Content\-Type\:/i",
"/Mime\-Version\:/i"
);
$string = preg_replace($headers, '', $string);
return strip_tags($string);
}
// Pick up the cleaned form data
$name = remove_headers($_POST['name']);
$email = remove_headers($_POST['email']);
$topic = remove_headers($_POST['topic']);
$comments = remove_headers($_POST['comments']);
// Send the mail using PHPs mail() function
mail($to, $subject, $message, $headers);
// Redirect
header("Location: http://foobar/success.html");
I'd like to modify this script so that if a hidden field with the identifier 'other_email' was filled in then the form email wouldn't get sent. I'm guess it's as straight forward as wrapping the above code in an if statement to check if the field is complete. I've tried adding this under the "//Pick up the form data and assign it to variables" code:
$testBot = $_POST['other_email'];
then writing:
if(other_email == "") //If other_email form section is blank then...
{
run all the code above inserted here;
}
else
{
Don't know what I should put here to stop it posting, yet still show the success form so
the spam bot don't know
}
any help much appreciated. I have to say I don't really have a lot of php knowledge, I'm just starting to learn about it and thought form mail would be a good start.
How do I make this work in PhP?
if(other_email == "") //If other_email form section is blank then...
{
run all the code above inserted here;
}
else
{
header("Location: http://foobar/success.html");
}
keeping it very simple, it will work for you..
actually, it will
not submit / mail you anything...so NO SPAM
a simple bot will take it as it did it...
if you can use php on success page, then set a session variable (to make bot think it did its job, something like email_sent=true or success=true) and use that variable in success page, you will do it in else case where bot submitted the form..
Do you mean send message with fields?
Try this:
<?php
// Pick up the form data and assign it to variables
$name = $_REQUEST['name'];
$email = $_REQUEST['email'];
$topic = $_REQUEST['topic'];
$comments = $_REQUEST['comments'];
// Build the email (replace the address in the $to section with your own)
if($name !== null && $email !== null && $topic !== null && $comments !== null){
$to = 'hello#cipherbunny.com';
$subject = "New message: $topic";
$message = "$name said: $comments";
$headers = "From: $email";
// Data cleaning function
function clean_data($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = strip_tags($string);
return mysql_real_escape_string($string);
}
// Mail header removal
function remove_headers($string) {
$headers = array(
"/to\:/i",
"/from\:/i",
"/bcc\:/i",
"/cc\:/i",
"/Content\-Transfer\-Encoding\:/i",
"/Content\-Type\:/i",
"/Mime\-Version\:/i"
);
$string = preg_replace($headers, '', $string);
return strip_tags($string);
}
// Pick up the cleaned form data
$name = remove_headers($_POST['name']);
$email = remove_headers($_POST['email']);
$topic = remove_headers($_POST['topic']);
$comments = remove_headers($_POST['comments']);
// Send the mail using PHPs mail() function
mail($to, $subject, $message, $headers);
// Redirect
header("Location: http://foobar/success.html");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=shift_jis" />
<title>Send</title>
</head>
<body>
<form action="#" method="POST">
Name : <input type="text" name="name" /><br />
Email : <input type="text" name="email" /><br />
Topic : <input type="text" name="topic" /><br />
Comments : <textarea name="comments"></textarea><br />
<input type="submit" value="Send" />
</form>
</body>
</html>