Hi,
I have recently seen some attempts at Form Hijaking I sure most are familiar with this as it is pretty rampant at the moment (some info here)
I have a standard form that I use and would like to stop these attempts for obvious reasons - however my PHP skills aren't up to the task. If somebody could look at the code of my form and offer the best solution I would much appreciate this -
Thank YouCode:<?php if ($_POST) { if (get_magic_quotes_gpc()) { foreach ($_POST as $key => $value) { $temp = stripslashes($value); $_POST[$key] = $temp; } } if(($_POST['fullname'] == '') || ($_POST['tel'] == '')) { $error = '<strong>Sorry</strong>, You seem to have missed out some required fields:'; if($_POST['fullname'] == '') { $error_fullname = ' <br /><strong>Full Name</strong> is a required Field'; } if($_POST['tel'] == ''){ $error_tel = ' <br /><strong>Telephone</strong> is a required Field'; } } else{ $to = 'info@mydomian.co.uk'; $subject = 'Website form'; // message goes here $message = "Full Name: " . $_POST['fullname'] . "\n"; $message .= "Telephone: " . $_POST['tel'] . "\n"; $message .= "Email: " . $_POST['email'] . "\n"; $message .= "Message: " . $_POST['message'] . "\n"; // headers go here $headers = "From: " . $_POST['email'] . "\n"; $headers .= "Content-type: text/plain; charset=UTF-8"; $sent = mail($to, $subject, $message, $headers); $autorespond = mail($_POST['email'], "Form Auto Response.", "Thank you for contacting Me, your message has been received and we will contact you shortly.", "From: info@mydomian.co.ukk<info@mydomian.co.ukk>"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <title></title> </head> <body> <?php if (isset($sent)) { echo '<p><span class="thanks"><strong>Thank you</strong> for contacting Tablets of Stone.</span></p>'; } else{ echo '<p class="sorry"><!-- -->'; echo $error; echo $error_fullname; echo $error_tel; echo '</p>'; } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <legend>Feedback Form</legend> <div class="row"> <span class="formLabel"><label for="fullname">Full Name*</label><br /></span> <input class="inputfield" type="text" id="fullname" name="fullname" size="30" /> </div> <div class="row"> <span class="formLabel"><label for="tel">Telephone*</label><br /></span> <input class="inputfield" type="text" id="tel" name="tel" size="30" /> </div> <div class="row"> <span class="formLabel"><label for="email">Email Address</label><br /></span> <input class="inputfield" type="text" id="email" name="email" size="30" /> </div> <div class="row"> <span class="formMessage">Message<br /></span> <textarea class="inputarea" name="message" rows="5" cols="30"></textarea> </div> </fieldset> <p><input type="submit" class="inputsend" name="SUBMIT" value="Send Form" /></p> </form> </body> </html>
Bookmarks