email PHP help

[scotterson]

hello, I am new here, and this is my first time using PHP, so I think it is probably a simple fix.

I am making a contact form (which is working fine), but would like to add an auto response to the sender. I have found a few other forums with similar help topics, but they have not worked for me. I looked a little on here and didn't find the same topic, but I apologize if this has been asked recently.

Anyways, here is what I have so far.

 

$sendTo = "[email protected]";

$subject = "Scott Cleveland Design Contact Form";

 

$headers = "From: " . $_POST["name"];

$headers .= "<" . $_POST["email"] . ">\r\n";

$headers .= "Reply-To: " . $_POST["email"] . "\r\n";

$headers .= "Return-Path: " . $_POST["email"];

$message = $_POST["message"] . " \r\n \r\nPhone: " . $_POST["phone"] . " \r\n \r\nLocation: " . $_POST["location"];

 

mail($sendTo, $subject, $message, $headers);

 

 

 

thanks so much for any help!

-scott

[xcoderx]

explain properly ???

[haku]

Add:

 

$to = $_POST['email'];

$subject = 'Thank you';
$message = 'Your message has been sent. We will contact you shortly.'
mail($to, $subject, $message);

 

Your mail form is very open to abuse at the moment right now however. You are taking the information that has been put into the browser and sending it as is with no check as to the data that is inside. That is asking for someone to use your form to spam people.

[scotterson]

thank you very much, i will try this tonight. as far as the security issue, how can I fix that?

[haku]

That's too long of a question to answer in one post really. You need to validate inputs to make sure they don't contain any harmful code, and to ensure that they contain the data they are supposed to. Google 'injection attacks', and 'making my php mail form safer' and stuff like that. There is lots of info about it out there on the web.