SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    Join Date
    Mar 2010
    0 Post(s)
    0 Thread(s)

    Question Can someone check over my PHP Mail Script please?


    I've put together this simple mail script below and being a PHP newbie I just wondered if someone could check it over and let me know if there's anything I should change or add (including code layout & structure).

    Also i've read a little about:

    1/ 'X-Mailer: PHP/' . phpversion();
    2/ "-f".$_REQUEST[email]); - are these things I should add?

    3/ A while ago someone told me to add in this snippet of code to help increase security and prevent spam; Is this snippet still relevent, does it work, and if not what should I have instead to stop people injecting my form and using it to spam?

    (on testing, adding "/n" and "/r" into the form fields this script doesnt seem to do anything at all to stop or prevent this)

    // Security check
    if (!get_magic_quotes_gpc()) {
    	foreach($_POST as $key => $value) {
    		str_replace(array("\n","\r",":"), "", $_POST[$key]);

    4/ Oh, and hat does this piece do (Check the location/url of my form?), and do I need it? What is its purpose?

    // form location check?
    if (!isset($_POST['email'])) {
    header( "Location: $formurl" );
    exit ;

    Here is my complete script:

    // Form and Destination urls
    $formurl = '' ;
    $errorurl = '' ;
    $thankyouurl = '' ;
    // Field Declarations
    $name = $_POST['name'] ;
    $email = $_POST['email'] ;
    $comments = $_POST['comments'] ;
    $http_referrer = getenv( "HTTP_REFERER" );
    // Security checks and validation
    	// Empty Fields check
    	if (empty($name) || empty($email) || empty($comments)) {
    	   header( "Location: $errorurl" );
    	   exit ;
    	// Valid Email check
    	if (strlen($email) > 0) {
    		$clean_email = filter_var($email, FILTER_VALIDATE_EMAIL);
    		if ($clean_email === FALSE) {
    			header( "Location: $errorurl" );
    			exit ;
    // To (multiple recipients)
    $to  = '' . ', '; // note the comma
    $to .= '';
    // Subject
    $subject = '** New Message';
    // Message
    $message =
    	" \n" .
    	"------------------------ \n\n" .
    	"	Name: $name \n" .
    	"	Email: $email \n\n" .
    	"	Comments: $comments \n\n\n\n\n\n" .
    	"--- \n";
    // To send HTML mail, the Content-type header must be set
    $headers  = 'MIME-Version: 1.0' . "\r\n";
    $headers .= 'Content-type: text/plain; charset=utf-8' . "\r\n"; // Change 'plain' to 'html' for HTML emails
    // Additional headers
    $headers .= 'To: Dude1 <>, Dude2 <>' . "\r\n";
    $headers .= 'From: Website <>' . "\r\n";
    $headers .= 'Cc:' . "\r\n";
    $headers .= 'Bcc:' . "\r\n";
    $headers .= 'Reply-To:' . "\r\n";
    // Refer to thankyou url on sucessful submission
    header( "Location: $thankyouurl" );
    // Mail it
    mail($to, $subject, $message, $headers);

    6/ Finally - what is the difference between defining the recipients with $to midway through the script in that way, and again at the bottom of the script in the headers? It seems a bit pointless defining them twice (albeit in two completely different ways) - is that needed? and if so why?

    Thank you so much for any help and advice!

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    France, deep rural.
    17 Post(s)
    1 Thread(s)
    Q 4. If you added these lines, but you do not understand what they do, then why did you add them?

    PHP Code:
    // form location check? <- No

    // if the email element of the form was filled in
    if (!isset($_POST['email'])) { 

    // send the browser to a new location, that defined in $formurl
    header"Location: $formurl);

    // stop processing the rest of this script
    exit ;

    In effect it is a redirect.

  3. #3
    Join Date
    Mar 2010
    0 Post(s)
    0 Thread(s)
    Hi Cups, thanks for your reply.

    As I said, I was told to add the code to make the form more secure. This was a whlie ago so I cant remember exactly what was said at the time.

    A redirect does seem pretty pointless though, so are you recommending I lose that snippet of code you quoted?

    ...and any word or advice/help on the remaining?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts