Bobendren Posted October 13, 2010 Share Posted October 13, 2010 Hi there, I'm trying to add a feedback form to my website, so that people can send me emails directly from my site. I found this code on another website, which works fine except that when the sender doesn't enter their reply email address it still sends it anyway - which is what this code is supposed to prevent. This is the code: <?php if (isset($_REQUEST['email'])) //if "email" is filled out, send email { //send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail( "myname@mydomain.com", "Subject: $subject", $message, "From: $email" ); echo "Your message has been sent"; } else //if "email" is not filled out, display the form { echo "<form method='post' action='feedback.php'> Your Email Address: <input name='email' type='text' size='50' /><br /><br /> Subject: <input name='subject' type='text' size='50' /><br /><br /> Message:<br /> <textarea name='message' rows='15' cols='56'> </textarea><br /> <input type='submit' name='sendEMail' value='Send Email' /> </form>"; } ?> Am I supposed to redirect the user to another page? I want it to simply say "please enter your email address" next to the email field box if the user forgets to enter it. Please help. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 13, 2010 Share Posted October 13, 2010 One problem with that is there is no validation. As it stands, a single whitespace in the form's email field is just as valid as a complete email address. Quote Link to comment Share on other sites More sharing options...
papillonstudios Posted October 13, 2010 Share Posted October 13, 2010 Here you go. You have to stop email injections. Read over this code so you can understand it. <html> <body> <?php function spamcheck($field) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field=filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if(filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_REQUEST['email'])) {//if "email" is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['email']); if ($mailcheck==FALSE) { echo "Invalid input"; } else {//send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail("someone@example.com", "Subject: $subject", $message, "From: $email" ); echo "Thank you for using our mail form"; } } else {//if "email" is not filled out, display the form echo "<form method='post' action='mailform.php'> Email: <input name='email' type='text' /><br /> Subject: <input name='subject' type='text' /><br /> Message:<br /> <textarea name='message' rows='15' cols='40'> </textarea><br /> <input type='submit' /> </form>"; } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.