Help - Search - Members - Calendar
Full Version: PHP email form thing
Forums > Resource Center > Webmasters' Corner > Webmasters' Corner Resolved Topics
wwwww
Aug 15 2009, 02:35 PM
CODE
<?php
if (isset($_REQUEST['email']))
  {
  $email = $_REQUEST['email'];
  $subject = $_REQUEST['subject'];
  $message = $_REQUEST['message'];
  mail( "example@example.com", "Subject: $subject",
  $message, "From: $email" );
  echo "Thank you.";
  }
else
  {
  echo "<form method='post' action='mailform.php'>
  Email: <input name='email' type='text' /><br />
  Subject: <input name='subject' type='text' /><br />
  Message:<br />
  <textarea name='message' rows='10' cols='40'>
  </textarea><br />
  <input type='submit' />
  </form>";
  }
?>


Someone with a brain for PHP, make sure I didn't mess that up anywhere.


The issue is when I load it in IE, all I see is the source code. But when I refresh it, everything renders properly.
jiyong
Aug 15 2009, 04:12 PM
I don't know shrug.gif The coding looks alright, and it works in Firefox.
Maccabee
Aug 15 2009, 06:12 PM
Post mailform.php

So I can check it over, and so I can steal it.
mipadi
Aug 16 2009, 08:18 AM
Can you do multiline strings like that in PHP? I thought you had to use the HERE-doc syntax for multiline strings.
patokelley
Aug 16 2009, 08:20 AM
Are you using it in PHP or in an HTML site to hide your email address?
fixtatik
Aug 16 2009, 12:31 PM
QUOTE(jcp @ Aug 15 2009, 06:12 PM) *
Post mailform.php

So I can check it over, and so I can steal it.

Considering it's an if-else statement, and it's sending the email in the if part of it, I'd say that is mailform.php.

It should work perfectly fine. Dead-simple, so there's really no protection against things you don't want, like people sending only an email address, or the email address being jibberish, or spam, what-have-you. Details aside, the syntax is fine and it will work.
wwwww
Aug 16 2009, 12:38 PM
QUOTE(mipadi @ Aug 16 2009, 08:18 AM) *
Can you do multiline strings like that in PHP? I thought you had to use the HERE-doc syntax for multiline strings.

As far as I know, you can.
QUOTE(patokelley @ Aug 16 2009, 08:20 AM) *
Are you using it in PHP or in an HTML site to hide your email address?

I'm doing a website for a travel agency, and there is a page where you get a quote.
You put your details in the form, and it sends your details to whatever the owner ends up using as the email address. The owner replies to the email with a quote, and good times are had by all.
QUOTE(fixtatik @ Aug 16 2009, 12:31 PM) *
Considering it's an if-else statement, and it's sending the email in the if part of it, I'd say that is mailform.php.

Genius.
QUOTE
It should work perfectly fine. Dead-simple, so there's really no protection against things you don't want, like people sending only an email address, or the email address being jibberish, or spam, what-have-you. Details aside, the syntax is fine and it will work.

Yeah, it's pretty vulnerable as is. I'm going to set up something to prevent PHP injections, because that's all I really can prevent, aside from requiring an @ symbol in the email field.
fixtatik
Aug 16 2009, 12:56 PM
QUOTE(Buttsex @ Aug 16 2009, 12:38 PM) *
Yeah, it's pretty vulnerable as is. I'm going to set up something to prevent PHP injections, because that's all I really can prevent, aside from requiring an @ symbol in the email field.
If you reaaaally want to go all-out with it, you can try email verification with a crap-load of checks. Dev Shed has a nice tutorial on this.

You might also want to change
CODE
if (isset($_REQUEST['email'])) { }
to
CODE
if (isset($_REQUEST['email'] && isset($_REQUEST['subject']) && isset($_REQUEST['message'])) { }
so they aren't getting a bunch of blank emails.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.