PHP email form thing Options

[heyo-captain-jac...]

CODE

<?php
if (isset($_REQUEST['email']))
  {
  $email = $_REQUEST['email'];
  $subject = $_REQUEST['subject'];
  $message = $_REQUEST['message'];
  mail( "example@example.com", "Subject: $subject",
  $message, "From: $email" );
  echo "Thank you.";
  }
else
  {
  echo "<form method='post' action='mailform.php'>
  Email: <input name='email' type='text' /><br />
  Subject: <input name='subject' type='text' /><br />
  Message:<br />
  <textarea name='message' rows='10' cols='40'>
  </textarea><br />
  <input type='submit' />
  </form>";
  }
?>

Someone with a brain for PHP, make sure I didn't mess that up anywhere.


The issue is when I load it in IE, all I see is the source code. But when I refresh it, everything renders properly.

[jiyong]

I don't know The coding looks alright, and it works in Firefox.

[Maccabee]

Post mailform.php

So I can check it over, and so I can steal it.

[mipadi]

Can you do multiline strings like that in PHP? I thought you had to use the HERE-doc syntax for multiline strings.

[patokelley]

Are you using it in PHP or in an HTML site to hide your email address?

[fixtatik]

Post mailform.php

So I can check it over, and so I can steal it.

Considering it's an if-else statement, and it's sending the email in the if part of it, I'd say that is mailform.php.

It should work perfectly fine. Dead-simple, so there's really no protection against things you don't want, like people sending only an email address, or the email address being jibberish, or spam, what-have-you. Details aside, the syntax is fine and it will work.

[heyo-captain-jac...]

Can you do multiline strings like that in PHP? I thought you had to use the HERE-doc syntax for multiline strings.

As far as I know, you can.

Are you using it in PHP or in an HTML site to hide your email address?

I'm doing a website for a travel agency, and there is a page where you get a quote.
You put your details in the form, and it sends your details to whatever the owner ends up using as the email address. The owner replies to the email with a quote, and good times are had by all.

Considering it's an if-else statement, and it's sending the email in the if part of it, I'd say that is mailform.php.

Genius.

It should work perfectly fine. Dead-simple, so there's really no protection against things you don't want, like people sending only an email address, or the email address being jibberish, or spam, what-have-you. Details aside, the syntax is fine and it will work.

Yeah, it's pretty vulnerable as is. I'm going to set up something to prevent PHP injections, because that's all I really can prevent, aside from requiring an @ symbol in the email field.

[fixtatik]

Yeah, it's pretty vulnerable as is. I'm going to set up something to prevent PHP injections, because that's all I really can prevent, aside from requiring an @ symbol in the email field.

If you reaaaally want to go all-out with it, you can try email verification with a crap-load of checks. Dev Shed has a nice tutorial on this.

You might also want to change

CODE

if (isset($_REQUEST['email'])) { }

to

CODE

if (isset($_REQUEST['email'] && isset($_REQUEST['subject']) && isset($_REQUEST['message'])) { }

so they aren't getting a bunch of blank emails.