MemphiS Posted February 8, 2008 Share Posted February 8, 2008 Just wanted to run this by the forum users to make sure ive secured everything I was orginally going to just use the mail(); function but decided it would be better to insert it into a db table so i can verify all input before i mail it. Currently i have it set so i check input then insert it. Then using a cron job i check every 12 hours for any new enquirys which then i send the info from the inserted row using the mail(); function. <?php if (isset($_POST['enquiry'])){ $IP = $_SERVER['REMOTE_ADDR']; $contN = addslashes(strip_tags($_POST['contactn'])); $contE = addslashes(strip_tags($_POST['contacte'])); $contM = addslashes(strip_tags($_POST['enquiry'])); $pks = date("Y-m-d"); if ((empty($contN)) || (empty($contE))){ $errorM[] = "Please fill out the contact name and email."; } if (!ctype_alpha(str_replace(" ","", $contN))){ $errorM[] = "Invalid contact name."; } $repld = array("~","!","@","#","$","%","^","&","*","(",")","_","+","{","}",":","<",">","?",",",".","/",";","'","[","]","`"," "); if (!ctype_alnum(str_replace($repld,"", $contM))){ $errorM[] = "Invalid content withing enquiry!.<br />Please use plain text. No non aplhabetical letters. Example: !@#$%^&*()_+-={}[];'"; } require_once("folder/needconect.php"); $nomores = mysql_num_rows(mysql_query("SELECT `sent` FROM `enquiry`")); if ($nomores>10){ $errorM[] = "Currently we have too many letters to reply to before we can take in new enquirys.<br />Please try again in 24 hours.<br />Thanks."; } if (empty($errorM)){ mysql_query("INSERT INTO `table`.`enquiry` ( `bid` , `sent` , `contactn` , `contacte` , `cenquiry` , `datesum` ) VALUES ( NULL, '0', '$contN', '$contE', '$contM', '$pks' )"); echo("<table cellpadding='2' cellspacing='0' border='1' class='succEQ' bordercolor=#000000><tr><td><b>Successful</b>,<blockquote>Thanks for your letter. We will get back to you shortly. Please allow 24 hours.<br /><b>Contact Name</b> $contN<br /><b>Contact Email</b> $contE<br /><b>Enquiry</b> $contM<br />IP Recorded as: $IP</blockquote></td></tr></table>"); }else{ echo("<table cellpadding='2' cellspacing='0' border='1' class='failEQ' bordercolor=#000000><tr><td><b>Errors</b>,<blockquote>"); for ($i = 0; $i < count($errorM); $i++){ echo("- $errorM[$i]<br />"); } echo("<br /><a href='http://www.mysiteurl.com/enquiry.php'>Return</a></blockquote></td></tr></table>"); } }else{ echo(" <blockquote> <table cellpadding=0 cellspacing=0 border=0 width=600 class=enqtxt> <tr><td width=100>Contact Name</td><td width=300><input type=text name=contactn maxlength=100 class=enqsub onkeyup=ajaxFunction();> <span id=contactname></span></td></tr> <tr><td width=100>Contact Email</td><td width=300><input type=text name=contacte maxlength=100 class=enqsub onkeyup=ajaxFunction();> <span id=contactemail></span></td></tr> <tr><td valign=top>Enquiry</td><td><textarea cols=50 rows=8 class=enqsub name=enquiry></textarea></td></tr> <tr><td> </td><td><input type=submit onClick=value='Enquiry Submited..'; name=subenquiry value=Submit Enquiry! class=enqsub></td></tr> </table> </blockquote> "); } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.