Jump to content

"Email this page" code malfuntioning sometimes.

mothershipconnection
 Share

Recommended Posts

mothershipconnection Newbie

mothershipconnection

Posted
Posted

Every page on our site has a field for visitors to enter their email address with the intent to send them a link to the page they are currently viewing. Some emails sent by the code below show the users email address but over half of the emails that are copied to me have a blank email address. If anything seems likely to be an issue in the code below, please advise.

 

<?php

$email = $_REQUEST['Email'] ;
$currentpage = $_SERVER['HTTP_REFERER'];
$to = "$email, me@oursite.com";
$subject = "Your Link | For $_POST[Email]";
$message = "
Thank you for visiting us. 

URL Requested: $currentpage
Email Submitted: $email
";

$from = "us@oursite.com";
$headers = "From: $from";
$header .= "Reply-To: $_POST[Email]";
mail($to,$subject,$message,$headers);
echo "A Link To This Page: <a href='$currentpage'>$currentpage</a>
<br>Sent To: <b>$email</b>";
?>

 

This is what is on every html page:

 

<form style="margin:1px" method='post' action='emailthispage.php' name="ContactForm" onsubmit="return ValidateContactForm();">
Email This Page: <input name='Email' type='text' size="30" />
<input value="Send" type='submit' />
</form>

 

And this is the ValidateContactForm() script:

 

function ValidateContactForm()
{   
    var email = document.ContactForm.Email;
   
    if (email.value == "")
    {
        window.alert("Please enter a valid e-mail address.");
        email.focus();
        return false;
    }
    if (email.value.indexOf("@", 0) < 0)
    {
        window.alert("Please enter a valid e-mail address.");
        email.focus();
        return false;
    }
    if (email.value.indexOf(".", 0) < 0)
    {
        window.alert("Please enter a valid e-mail address.");
        email.focus();
        return false;
    } 
    return true;
}
</script>

 

Respectfully,

Kevin

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Your form processing code sends an email any time the URL of your form processing code is requested. It can be requested by search engine spiders, spam bot scripts...

 

Your form processing code must at least check that the form's submit button isset before doing anything.

 

Using javascript to validate data in the browser is nice for the legitimate user and users that have javascript enabled, but search engine spiders and spam bot scripts don't even care if you have javascript on your page. Your form processing code must validate all the external data once it reaches the server. If required fields are empty, don't send the email.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.