chiprivers Posted January 5, 2008 Share Posted January 5, 2008 I am creating my first PHP form to email script and I have the main processing script so far below: <?php // has form been submitted? if (isset($_POST['send'])) { // get values sent $frm_name = $_POST['frm_name']; $frm_co = $_POST['frm_co']; $frm_web = $_POST['frm_web']; $frm_email = $_POST['frm_email']; $offer = $_POST['offer']; $subject = "My Offer for ".$image_alt; $body = "<b>Sender</b>: $frm_name \n<b>Company</b>: $frm_co \n<b>Website<b>: $frm_web \n<b>Email</b>: $frm_email \n \n<b>My offer for your $image_alt</b> \n \n<i>$offer</i>"; // define from email address ini_set("sendmail_from", $frm_email); // send mail $sent = mail("offers@thebigtradeup.com", $subject , $body, "From: $frm_email", "-foffers@thebigtradeup.com" ); if ($sent) { echo "<h4>Mail Sent!</h4>"; } } // end if form submitted ?> This works fine but I want to add any additional code to ensure that submitted values are in the correct format and prevent code injection. Can anybody guide me? Quote Link to comment Share on other sites More sharing options...
phpQuestioner Posted January 6, 2008 Share Posted January 6, 2008 validate your variables with a if/else condition or a switch condition/statement. example of both can be found here: http://us3.php.net/manual/en/language.control-structures.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.