MemphiS Posted February 8, 2008 Share Posted February 8, 2008 Just wanted to run this by the forum users to make sure ive secured everything I was orginally going to just use the mail(); function but decided it would be better to insert it into a db table so i can verify all input before i mail it. Currently i have it set so i check input then insert it. Then using a cron job i check every 12 hours for any new enquirys which then i send the info from the inserted row using the mail(); function. <?php if (isset($_POST['enquiry'])){ $IP = $_SERVER['REMOTE_ADDR']; $contN = addslashes(strip_tags($_POST['contactn'])); $contE = addslashes(strip_tags($_POST['contacte'])); $contM = addslashes(strip_tags($_POST['enquiry'])); $pks = date("Y-m-d"); if ((empty($contN)) || (empty($contE))){ $errorM[] = "Please fill out the contact name and email."; } if (!ctype_alpha(str_replace(" ","", $contN))){ $errorM[] = "Invalid contact name."; } $repld = array("~","!","@","#","$","%","^","&","*","(",")","_","+","{","}",":","<",">","?",",",".","/",";","'","[","]","`"," "); if (!ctype_alnum(str_replace($repld,"", $contM))){ $errorM[] = "Invalid content withing enquiry!.<br />Please use plain text. No non aplhabetical letters. Example: !@#$%^&*()_+-={}[];'"; } require_once("folder/needconect.php"); $nomores = mysql_num_rows(mysql_query("SELECT `sent` FROM `enquiry`")); if ($nomores>10){ $errorM[] = "Currently we have too many letters to reply to before we can take in new enquirys.<br />Please try again in 24 hours.<br />Thanks."; } if (empty($errorM)){ mysql_query("INSERT INTO `table`.`enquiry` ( `bid` , `sent` , `contactn` , `contacte` , `cenquiry` , `datesum` ) VALUES ( NULL, '0', '$contN', '$contE', '$contM', '$pks' )"); echo("<table cellpadding='2' cellspacing='0' border='1' class='succEQ' bordercolor=#000000><tr><td><b>Successful</b>,<blockquote>Thanks for your letter. We will get back to you shortly. Please allow 24 hours.<br /><b>Contact Name</b> $contN<br /><b>Contact Email</b> $contE<br /><b>Enquiry</b> $contM<br />IP Recorded as: $IP</blockquote></td></tr></table>"); }else{ echo("<table cellpadding='2' cellspacing='0' border='1' class='failEQ' bordercolor=#000000><tr><td><b>Errors</b>,<blockquote>"); for ($i = 0; $i < count($errorM); $i++){ echo("- $errorM[$i]<br />"); } echo("<br /><a href='http://www.mysiteurl.com/enquiry.php'>Return</a></blockquote></td></tr></table>"); } }else{ echo(" <blockquote> <table cellpadding=0 cellspacing=0 border=0 width=600 class=enqtxt> <tr><td width=100>Contact Name</td><td width=300><input type=text name=contactn maxlength=100 class=enqsub onkeyup=ajaxFunction();> <span id=contactname></span></td></tr> <tr><td width=100>Contact Email</td><td width=300><input type=text name=contacte maxlength=100 class=enqsub onkeyup=ajaxFunction();> <span id=contactemail></span></td></tr> <tr><td valign=top>Enquiry</td><td><textarea cols=50 rows=8 class=enqsub name=enquiry></textarea></td></tr> <tr><td> </td><td><input type=submit onClick=value='Enquiry Submited..'; name=subenquiry value=Submit Enquiry! class=enqsub></td></tr> </table> </blockquote> "); } ?> Link to comment https://forums.phpfreaks.com/topic/90043-enquiry-page/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.