mothershipconnection Posted May 13, 2009 Share Posted May 13, 2009 Every page on our site has a field for visitors to enter their email address with the intent to send them a link to the page they are currently viewing. Some emails sent by the code below show the users email address but over half of the emails that are copied to me have a blank email address. If anything seems likely to be an issue in the code below, please advise. <?php $email = $_REQUEST['Email'] ; $currentpage = $_SERVER['HTTP_REFERER']; $to = "$email, me@oursite.com"; $subject = "Your Link | For $_POST[Email]"; $message = " Thank you for visiting us. URL Requested: $currentpage Email Submitted: $email "; $from = "us@oursite.com"; $headers = "From: $from"; $header .= "Reply-To: $_POST[Email]"; mail($to,$subject,$message,$headers); echo "A Link To This Page: <a href='$currentpage'>$currentpage</a> <br>Sent To: <b>$email</b>"; ?> This is what is on every html page: <form style="margin:1px" method='post' action='emailthispage.php' name="ContactForm" onsubmit="return ValidateContactForm();"> Email This Page: <input name='Email' type='text' size="30" /> <input value="Send" type='submit' /> </form> And this is the ValidateContactForm() script: function ValidateContactForm() { var email = document.ContactForm.Email; if (email.value == "") { window.alert("Please enter a valid e-mail address."); email.focus(); return false; } if (email.value.indexOf("@", 0) < 0) { window.alert("Please enter a valid e-mail address."); email.focus(); return false; } if (email.value.indexOf(".", 0) < 0) { window.alert("Please enter a valid e-mail address."); email.focus(); return false; } return true; } </script> Respectfully, Kevin Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 13, 2009 Share Posted May 13, 2009 Your form processing code sends an email any time the URL of your form processing code is requested. It can be requested by search engine spiders, spam bot scripts... Your form processing code must at least check that the form's submit button isset before doing anything. Using javascript to validate data in the browser is nice for the legitimate user and users that have javascript enabled, but search engine spiders and spam bot scripts don't even care if you have javascript on your page. Your form processing code must validate all the external data once it reaches the server. If required fields are empty, don't send the email. Quote Link to comment Share on other sites More sharing options...
mothershipconnection Posted May 13, 2009 Author Share Posted May 13, 2009 Of course. Ok, i added if (empty($email)){ print "No email address was entered."; die; } right before mail() I will keep a eye on the emails to see if this resolves it completely. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.