PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hi, PHP beginner here, trying to use a script (safemail.php, code shown below) with a contact form on this website: http://www.alisonborden.com/k8dollar. It's not working, wondering if someone can tell me what might be wrong? Let me know if you need to see the HTML, CSS, or the Javascript that calls this PHP file. Thanks for your help!
<?php
// Pick up the form data and assign it to variables
$first_name = $_POST['First Name'];
$last_name = $_POST['Last Name'];
$email = $_POST['Email'];
$phone = $_POST['Phone'];
$checkbox1 = $_POST['Residential'];
$checkbox2 = $_POST['Commercial'];
$checkbox3 = $_POST['Landscape'];
$comments = $_POST['Comments'];
// Build the email
$to = 'bordengraphic@yahoo.com';
$subject = "k8dollar.com Contact Form Submission";
$message = "New message from your contact form at k8dollar.com: $first_name $last_name Area of Interest: $checkbox1 $checkbox2 $checkbox3 ... Comments: $comments ... Contact Info: $email $phone";
$headers = "From: $email";
// Send the mail using PHPs mail() function
mail($to, $subject, $message, $headers);
// Redirect
header("Location: pages/formsubmit.htm");
Have you tested the script with another email address? I copied the code and just replaced it with another email addy and it works fine. There are a few things you might want to change.
<?php
$send = mail($to, $subject, $message, $headers);
if ($send) {
// give a confirmation message
}
else {
// do something like redirect the user
}
?>
Hope this helps
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
post the html code of the form that collects the data and sends it to the php processing page.
and the javascript if any. Besides, any more specific regarding "it is not working", what is exactly what happens or doesnt happen?
blueluna86 wrote:Hi, PHP beginner here, trying to use a script (safemail.php, code shown below) with a contact form on this website: http://www.alisonborden.com/k8dollar. It's not working, wondering if someone can tell me what might be wrong? Let me know if you need to see the HTML, CSS, or the Javascript that calls this PHP file. Thanks for your help!
<?php
// Pick up the form data and assign it to variables
$first_name = $_POST['First Name'];
$last_name = $_POST['Last Name'];
$email = $_POST['Email'];
$phone = $_POST['Phone'];
$checkbox1 = $_POST['Residential'];
$checkbox2 = $_POST['Commercial'];
$checkbox3 = $_POST['Landscape'];
$comments = $_POST['Comments'];
// Build the email
$to = 'bordengraphic@yahoo.com';
$subject = "k8dollar.com Contact Form Submission";
$message = "New message from your contact form at k8dollar.com: $first_name $last_name Area of Interest: $checkbox1 $checkbox2 $checkbox3 ... Comments: $comments ... Contact Info: $email $phone";
$headers = "From: $email";
// Send the mail using PHPs mail() function
mail($to, $subject, $message, $headers);
// Redirect
header("Location: pages/formsubmit.htm");
I don't think mail() is vulnerable to XSS (this mostly depends on how it is handled on the receiving end) but your code is open to header injection.
See the post here for how to do some very basic filtering of your user input fields to keep your mail system from getting hijacked. Use the InjectionAttempt functions. They aren't complete but they will help protect you. It isn't complete because there are more unicode and mime phrases you could filter out too.
I have been thinking about making some kind of contact form example with all the filtering for all these new people who keep trying these contact forms. If I get to it, I'll post it in the code review section for you to laugh at too.
More specifically the problem is, when I test the contact form and hit submit, I am not redirected to the page I expect to see (which would have a line of text telling me basically 'Thanks for submitting the form') and I don't receive an email with the form data. The javascript is supposed to switch out "safemail.php" for "no-javascript.php" ... or so I'm told. I'll post the html and javascript:
Thank you so much for your comments. To answer questions:
social_experiment wrote:Have you tested the script with another email address?
No, but that email address is valid - It's my email address. I'm using that for testing this, then I plan to switch it out for another one later.
jackpf wrote:You do have an smtp server installed right?
To be honest, I didn't know about this. So I asked Hostgator, who hosts my site. They informed me that smtp is the outgoing mail server and that it is installed.
Maybe I'm not reaching the script?, but I think all the links should be working. Just to make things easier, I put the files "safemail.php" and "protect.js" in the same directory with the file "contact.htm", the page the contact form is on. Where necessary I changed the links in these 3 files to reflect the move. (Changed after posting the code in previous posts). After uploading, and testing the contact form on the site however, it still does not submit the form. You can enter text in the text fields, but upon clicking the submit button, nothing happens. I am expecting to see a new page load, with text to the effect of "thanks for submitting" and to see an email with the data pop up in my email account - but I get nothing