xonx Posted September 20, 2009 Share Posted September 20, 2009 Hi everybody, I could use a little help with this secure and simple email script i'm trying to write. It's just directing to mailscript.php when you hit submit in the form and it doesn't send any email. <?php // check for injection characters function injection_chars($s) { return (eregi("\r", $s) || eregi("\n", $s) || eregi("%0a", $s) || eregi("%0d", $s)) ? TRUE : FALSE; } // make output safe for the browser function safe($input) { return htmlspecialchars(stripslashes($input)); } // subject and email variables $to = '[email protected]'; $subject = 'Mail sent from contact form'; // gathering data variables $name = injection_chars(safe($_POST['name'])); $email = injection_chars(safe($_POST['email'])); $message = injection_chars(safe($_POST['message'])); $body = <<<END Name: $name Email: $email Message: $message END; $headers = "From: $email\r\n"; $headers .= "Content=type: text/html\r\n"; if (isset($_POST['submit'])) { if (empty($_POST['name'])) { // if sender hasn't entered a name echo"<p>You must enter a name.</p>"; } elseif (empty($_POST['email'])) { // if sender hasn't entered an email echo "<p>You must enter your e-mail.</p>"; } elseif (empty($_POST['message'])) { // if sender hasn't entered a message echo "<p>You must enter a message.</p>"; } } else { // sending the mail mail($to, $subject, $body, $headers); } // directing user to a thank-you page header('Location: thanks.php'); ?> I've looked at it for several hours now, but think I've gone blind on it by now. Link to comment https://forums.phpfreaks.com/topic/174919-help-with-mail-form/ Share on other sites More sharing options...
RussellReal Posted September 20, 2009 Share Posted September 20, 2009 you put the mail function in the ELSE statement.. meaning if !isset($_POST['SUBMIT']) would be what the else translates to in this script.. so if they click the submit button.. the email won't get sent.. move the mail() function into the if not the else Link to comment https://forums.phpfreaks.com/topic/174919-help-with-mail-form/#findComment-921909 Share on other sites More sharing options...
xonx Posted September 21, 2009 Author Share Posted September 21, 2009 Okay, this is what I came up with but it still doesn't work. <?php // check for injection characters function injection_chars($s) { return (eregi("\r", $s) || eregi("\n", $s) || eregi("%0a", $s) || eregi("%0d", $s)) ? TRUE : FALSE; } // make output safe for the browser function safe($input) { return htmlspecialchars(stripslashes($input)); } // subject and email variables $to = '[email protected]'; $subject = 'Mail sent from contact form'; // gathering data variables $name = injection_chars(safe($_POST['name'])); $email = injection_chars(safe($_POST['email'])); $message = injection_chars(safe($_POST['message'])); $body = <<<END Name: $name Email: $email Message: $message END; $headers = "From: $email\r\n"; $headers .= "Content=type: text/html\r\n"; if (isset($_POST['submit'])) { if (empty($_POST['name'])) { // if sender hasn't entered a name echo"<p>You must enter a name.</p>"; } elseif (empty($_POST['email'])) { // if sender hasn't entered an email echo "<p>You must enter your e-mail.</p>"; } elseif (empty($_POST['message'])) { // if sender hasn't entered a message echo "<p>You must enter a message.</p>"; } // sending the mail mail($to, $subject, $body, $headers); // directing user to a thank-you page header('Location: thanks.php'); } else { echo '<p>The email was not sent!</p>'; } ?> Link to comment https://forums.phpfreaks.com/topic/174919-help-with-mail-form/#findComment-922154 Share on other sites More sharing options...
ozestretch Posted September 21, 2009 Share Posted September 21, 2009 Weird, it should send an email regardless if you form fields validate or not, but will print an error. Link to comment https://forums.phpfreaks.com/topic/174919-help-with-mail-form/#findComment-922157 Share on other sites More sharing options...
ozestretch Posted September 21, 2009 Share Posted September 21, 2009 This should halt sending if not validated. <?php // check for injection characters function injection_chars($s) { return (eregi("\r", $s) || eregi("\n", $s) || eregi("%0a", $s) || eregi("%0d", $s)) ? TRUE : FALSE; } // make output safe for the browser function safe($input) { return htmlspecialchars(stripslashes($input)); } // subject and email variables $to = '[email protected]'; $subject = 'Mail sent from contact form'; // gathering data variables $name = injection_chars(safe($_POST['name'])); $email = injection_chars(safe($_POST['email'])); $message = injection_chars(safe($_POST['message'])); $body = <<<END Name: $name Email: $email Message: $message END; $headers = "From: $email\r\n"; $headers .= "Content=type: text/html\r\n"; if (isset($_POST['submit'])) { if (empty($_POST['name'])) { // if sender hasn't entered a name echo"<p>You must enter a name.</p>"; } elseif (empty($_POST['email'])) { // if sender hasn't entered an email echo "<p>You must enter your e-mail.</p>"; } elseif (empty($_POST['message'])) { // if sender hasn't entered a message echo "<p>You must enter a message.</p>"; } else{ // sending the mail mail($to, $subject, $body, $headers); // directing user to a thank-you page header('Location: thanks.php'); } } else { echo '<p>The email was not sent!</p>'; } ?> Link to comment https://forums.phpfreaks.com/topic/174919-help-with-mail-form/#findComment-922159 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.