Can someone offer guidance with a simple form

[SS]

Helo - Total newbie here, so please keep that in mind.  I'd really appreciate some wisdom from someone here as to how you would improve this form:

 

<?php

$email = $_POST['email'];

$message = $_REQUEST['message'];

$message = $_POST['date'];

$message .= $_POST['location'];

$message .= $_POST

['comments'];

 

mail( "[email protected], [email protected]", "General Inquiry",

$message, "From: $email" );

header( "Location: thankyou.html" );

?>

 

 

*******************************html******************************

<HEAD><title>Hi</title<HEAD><BODY BGCOLOR="lightgray"><br><br><center><br><br><form method="post" action="sendmail2.php"><table cellspacing="5" cellpadding="5" border="0">

<tr>

<td valign="top"><font face="arial">

<strong>Contact email:</strong><br>

</td>

<td valign="top"><font face="arial">

<input type="text" name="email" size="50" value="" />

 

</td>

</tr><tr><td valign="top"><font face="arial">

<strong>Date:</strong>

</td>

<td valign="top"><font face="arial">

<input type="text" name="date"  size="50" value="" />

 

</td>

 

</tr> <tr><td valign="top"><font face="arial">

<strong>location:</strong><br>

</td>

<td valign="top">

<input type="text" name="location" size="50" value="" />

 

</td>

 

</tr>

<tr>

<td valign="top"><font face="arial">

<strong>Comments:</strong><br><font color="black">

</td>

<td valign="top">

<textarea name="comments" rows="6" cols="40"></textarea>

 

</td>

</tr>

 

 

<tr>

<td colspan="2" align="center">

<input type="submit" value=" Submit Form " />

</td>

</tr>

</table>

</form></center></body>

[mikesta707]

Improve it in what way exactly? You should provide more details on HOW exactly you want to improve something before asking for advice. Not only does it get you thinking about your code, but it is easier for others to help you as well.

 

A few things I noticed, you don't check if the form was actually sent on your form action page. You can do this by checking of the submit button has a value. Your submit button currently has no name, so you should change ur submit button to something like

<input type="submit" value=" Submit Form " name="mySubmitButton" />

 

and then on your action page, check if it is set, using isset()

 

if (isset($_POST['mySubmitButton'])){
$email = $_POST['email'];
$message = $_REQUEST['message'];
$message = $_POST['date'];
$message .= $_POST['location'];
$message .= $_POST['comments'];

mail( "[email protected], [email protected]", "General Inquiry",
$message, "From: $email" );
header( "Location: thankyou.html" );
}

 

otherwise, someone could navigate to this page, and keep refreshing it, which would send a bunch of empty emails.

 

You never sanitize or validate any of your $_POST variables either, which could lead to being sent unexpected data in your emails, or even spam. There are some more advanced topics I could cover, but this should get you started

 

[SS]

First, thank you for the reply.  I really appreciate it.

 

Improve it in what way exactly? You should provide more details on HOW exactly you want to improve something before asking for advice. Not only does it get you thinking about your code, but it is easier for others to help you as well.

 

Being a complete novice, it seemed I was basically pulling this code out of my ass - so perhaps an expert could look at it and see glaring problems with it (security, functionality, whatever) and tell me.  Because I wouldn't necessarily know otherwise.

 

A few things I noticed, you don't check if the form was actually sent on your form action page. You can do this by checking of the submit button has a value. Your submit button currently has no name, so you should change ur submit button to something like

<input type="submit" value=" Submit Form " name="mySubmitButton" />

 

and then on your action page, check if it is set, using isset()

 

if (isset($_POST['mySubmitButton'])){
$email = $_POST['email'];
$message = $_REQUEST['message'];
$message = $_POST['date'];
$message .= $_POST['location'];
$message .= $_POST['comments'];

mail( "[email protected], [email protected]", "General Inquiry",
$message, "From: $email" );
header( "Location: thankyou.html" );
}

 

otherwise, someone could navigate to this page, and keep refreshing it, which would send a bunch of empty emails.

 

Ok.  I will do this right now.

 

You never sanitize or validate any of your $_POST variables either, which could lead to being sent unexpected data in your emails, or even spam. There are some more advanced topics I could cover, but this should get you started

 

I will do this as well.  Thank you again.  People who give wayward strangers good advice on message boards are the new saints.  I want to really thank you for taking the time.

[SS]

It seems this form takes quite some time to leave the form page to the thankyou page after clicking submit.  The form page just sits there for a while, possibly making a person wonder whether their click actually worked.

 

Can anyone say whether this is due 100% to a crappy mail server, or is there something I could do to speed it up?

[SS]

In the time since this thread was active, I've found several solutions regarding my last post.  In the interest of future searches, thought I'd invite anyone to PM me and I'll be happy to help.

 

(By the way, the other advice given to me on this thread caused the form to stop working, and for that reason I'd advise against using it.)

[Pikachu2000]

Please, do elaborate. In what way did it cause your script to stop working?