Jump to content

contact form issue

gardencat

By gardencat
in PHP Coding Help

 Share
Go to solution Solved by cyberRobot,

Recommended Posts

gardencat Newbie

gardencat

Posted
Posted

I've made a web site (for a client) that has a contact form. The form works fine, but the email that arrives shows a long weird address, which I assume is the hosting server name: Visitor@p3nlhgxxxxxxxxxsecureserver.net.  These emails look scary to my website client, and she's afraid to open them. 
 
Is there some code I can add to the php file that will change who the email appears to be from in my client's inbox?
 
This is part of what's in the php file: 

$EmailFrom = "Visitor";
$EmailTo = "MyClient@HerAddress.com";
$Subject = "Message from BusinessName website";
$Name = Trim(stripslashes($_POST['Name'])); 
$Email = Trim(stripslashes($_POST['Email'])); 
$Message = Trim(stripslashes($_POST['Message']));

Disclaimer . . . I know nothing about writing PHP.

 

TIA - gardencat

 

Link to comment
https://forums.phpfreaks.com/topic/283847-contact-form-issue/
Share on other sites
gardencat Newbie

gardencat

Posted
  • Author
Posted

I do have a Name field in the form, but can't figure out how to get that to show up in the $EmailFrom area either.  Here's everything in the PHP file:

 

<?php


$EmailFrom = "Website visitor";
$EmailTo = "MyClient@HerAddress.com";
$Subject = "Message from BusinessName website";
$Name = Trim(stripslashes($_POST['Name'])); 
$Email = Trim(stripslashes($_POST['Email'])); 
$Message = Trim(stripslashes($_POST['Message'])); 


// validation
$validationOK=true;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
  exit;
}


// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";


// send email 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");


// redirect to success page 
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=contactthanks.php\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>
Link to comment
https://forums.phpfreaks.com/topic/283847-contact-form-issue/#findComment-1458021
Share on other sites
  • Solution
cyberRobot Prolific Member

cyberRobot

Posted
  • Solution
Posted

Well these guys class can check if the domain from which the email address is online.

It can provide some advanced email validation if he decides to take the visitor email, anyway never mind.

 

To be honest, I was thinking your comment was spam. Perhaps my sensors are set too high. :)

 

Based on the code posted, the email address which comes from the user ($_POST['Email']) is only used in the message body. The problem is caused by the hard-coded value used for $EmailFrom. The headers argument for "From:" requires an email address. Since one wasn't provided, it uses an address defined by the server.

Link to comment
https://forums.phpfreaks.com/topic/283847-contact-form-issue/#findComment-1458096
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted

Thank you, cyberRobot . . . . using ($_POST['Email']) fixed the problem.  Thanks for the validation info, too.   

 

Just keep in mind that this could open your script up to email injection attacks:

https://www.google.com/search?q=php+email+injection+attack

 

Information from the user, such is what you get from forms, should not be trusted. If you're not doing so already, the email address should be validated using something like the following:

http://php.net/manual/en/filter.examples.validation.php

 

Personally, I prefer to use a standard email as the from address such as the webmaster email for the website. It helps distinguish that the information came from an online form. Plus, it's easier to set up rules in an email client for filtering incoming mail.

Link to comment
https://forums.phpfreaks.com/topic/283847-contact-form-issue/#findComment-1458156
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.