<form method="POST" enctype="text/plain">
That’s all I need there?
Is this enough for the body:
$body = validate($_POST['body']);
$body = stripslashes(trim($_POST['body']));
I’m sure I’ll recognize anything in the incoming email that isn’t a comment 
This is what I have now. Running it, I get a http 500 error.
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$to = "my@email.com";
$subject= "Feedback";
$q1 = validate($_POST['q1']);
$q2 = validate($_POST['q2']);
$body = "Message: %0d%0a" . $q1 . "%0d%0a %0d%0a" . $q2;
if(mail($to, $subject, $body)){
echo "Thank you - Your feedback was sent to me. I can't wait to read it!";
}else{
echo "Sorry, something went wrong with sending your comments.";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Feedback for Book</title>
</head>
<body>
<div id="wrapper">
<form class="form" method="POST" enctype="text/plain">
<h1>Feedback Form</h1>
<p>For your security, please do not include your email or other private info. If you want to email us, please use the email on the website.</p>
<p><em>Comments can only contain letters, numbers, commas, periods, and white spaces.</em></p>
<p>Question 1?</p>
<textarea name="q1"></textarea>
<p>Quedtion 2?</p>
<textarea name="q2"></textarea>
<button type="submit" name="submit">Submit</button>
</form>
</div>
</body>
Where is that validate function defined? I don’t see it anywhere in your code and you also don’t seem to include or require another PHP file that might hold it.
It certainly isn’t a PHP builtin function, so it must be defined somewhere else.
OK, I thought validate was a builtin function. I’ll remove it.
Without any kind of validation the form isn’t secure.
It would already help if instead of where you now call the (non-existent) validate function, if you call htmlentities there instead.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.