SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    Technically, a bit dim macdan's Avatar
    Join Date
    Feb 2001
    Location
    London
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Form to email problem

    Hi

    I've been using this script to get form data to email. It works well but the other day I received 3 blank ones all at the same time.

    I can't understand this because I have javascript validation set-up so people can't submit without completing several fields.

    Can anyone help me on how this could happen? Obviously I don't want to be losing enquiries! Thanks in advance.

    <?
    $messageName = $_POST['contact_name'];
    $messageTelephone = $_POST['telephone'];
    $messageEmail = $_POST['email'];
    $messageMessage = $_POST['message'];
    mail(
    "myemail@address.co.uk",
    "Contact Form",
    "Name: $messageName\n\nEmail: $messageEmail\n\nTelephone: $messageTelephone\n\nMessage: $messageMessage\n\n",
    "From: $messageEmail"
    );

    header("Location: thanks.php");

    ?>
    gorillaweb is a small London based digital design agency.

  2. #2
    Captain Internet neil's Avatar
    Join Date
    Jun 2001
    Location
    n.ireland
    Posts
    333
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Looks alright to me, maybe the three times was by the same person, have you logged the IP address to check? This person could have just been filling spaces in the fields or something instead.

    Hopefully someone can chime in and tell you what they think.
    neil - Geocities, the trailer park of the web
    .<.<.<.<.<.<.<.<
    WEB[retype.net] + [guff.org]
    ICQ[273981] AIM[neiim]

  3. #3
    SitePoint Member
    Join Date
    Nov 2005
    Location
    Scotland
    Posts
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The person probably had javascript disabled, you should really add some php validation.

  4. #4
    SitePoint Member picobello's Avatar
    Join Date
    Apr 2005
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    May I suggest that you also scan and remove any CR/LF in the $_POST fields because otherwise you will victim of spammers => they automate the POST putting more CR or and LF inside the name or email fields followed by a SPAM mail body. When passing that to the mail function, it will send the spam and not your own message. I had the problem last month.

  5. #5
    Technically, a bit dim macdan's Avatar
    Join Date
    Feb 2001
    Location
    London
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Picobello

    Yes I've had some spam on this too.

    I'm a newbie with php - is there any chance you could post the code for this?

    Or perhaps there is a good freeware script out there?

    Many thanks (for all responses)
    gorillaweb is a small London based digital design agency.

  6. #6
    SitePoint Member picobello's Avatar
    Join Date
    Apr 2005
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is the way I usually do (just before issuing the mail:

    Code:
    if (preg_match("/[\r\n]/i",$FirstName) || preg_match("/[\r\n]/i",$LastName) || preg_match("/[\r\n]/i",$EmailAddress))
    {
    ...
    <DO NOT SEND THE MAIL>
    ...
    }
    else
    {
    ...
    <OK SEND THE MAIL>
    ...
    }

  7. #7
    SitePoint Evangelist ikeo's Avatar
    Join Date
    Oct 2004
    Location
    Austin Texas
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You have to do form validation on the server side because if the user turns javascript off then they can send malicious data to your server.

    Quote Originally Posted by macdan
    Hi

    I've been using this script to get form data to email. It works well but the other day I received 3 blank ones all at the same time.

    I can't understand this because I have javascript validation set-up so people can't submit without completing several fields.

    Can anyone help me on how this could happen? Obviously I don't want to be losing enquiries! Thanks in advance.

    <?
    $messageName = $_POST['contact_name'];
    $messageTelephone = $_POST['telephone'];
    $messageEmail = $_POST['email'];
    $messageMessage = $_POST['message'];
    mail(
    "myemail@address.co.uk",
    "Contact Form",
    "Name: $messageName\n\nEmail: $messageEmail\n\nTelephone: $messageTelephone\n\nMessage: $messageMessage\n\n",
    "From: $messageEmail"
    );

    header("Location: thanks.php");

    ?>

  8. #8
    Technically, a bit dim macdan's Avatar
    Join Date
    Feb 2001
    Location
    London
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the responses, in the mean time I was advised by another devleoper that the problem was putting a variable in the From field

    "From: $messageEmail"

    Which allowed a route in to the email header. I have now removed this and was also advised to strip out : so now have something like this. Would of course be interested in your opinions!

    <?

    $messageName = str_replace(":",";",$_POST['contact_name']);
    $messageTelephone = str_replace(":",";",$_POST['telephone']);
    $messageEmail = str_replace(":",";",$_POST['email']);
    $messageMessage = str_replace(":",";",$_POST['message']);

    mail(
    "myemail@address.co.uk",
    "Contact Form",
    "Name: $messageName\n\nEmail: $messageEmail\n\nTelephone: $messageTelephone\n\nMessage: $messageMessage\n\n"
    );

    header("Location: thanks.php");
    ?>
    gorillaweb is a small London based digital design agency.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •