Code: Select all
$email_message .= "<tr><td> Email: /td td" . $email . "</td></tr>";Code: Select all
//Start session
session_start();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
$headers = array(
"/to\:/i",
"/from\:/i",
"/bcc\:/i",
"/cc\:/i",
"/Content\-Transfer\-Encoding\:/i",
"/Content\-Type\:/i",
"/Mime\-Version\:/i"
);
$str = preg_replace($headers, '', $str);
return strip_tags($str);
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$name = clean($_POST['name']);
$company = clean($_POST['company']);
$email = clean($_POST['email']);
$phone = clean($_POST['phone']);
$type = clean($_POST['type']);
$size = clean($_POST['size']);
$message = clean($_POST['message']);
//Input Validations
if($name == '') {
$errflag = true;
}
elseif($email == '') {
$errflag = true;
}
elseif (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
$errflag = true;
}
$errmsg = 'ERROR: Enter your name and a valid email';
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERR_NAME'] = $name;
$_SESSION['ERR_COMPANY'] = $company;
$_SESSION['ERR_EMAIL'] = $email;
$_SESSION['ERR_PHONE'] = $phone;
$_SESSION['ERR_TYPE'] = $type;
$_SESSION['ERR_SIZE'] = $size;
$_SESSION['ERR_MESSAGE'] = $message;
$_SESSION['ERRMSG'] = $errmsg;
session_write_close();
header("location: index.php");
exit();
}
// If there are not input validations, process email
else {
$send_email = "whatever@mydomain.com";
$email_subject = "SUBJECT";
$email_message = '<html><body>';
$email_message .= "<p>You have received a new contact.</p>";
$email_message .= '<table>';
$email_message .= "<tr><td>Name: </td><td>" . $name . "</td></tr>";
$email_message .= "<tr><td>Company: </td><td>" . $company . "</td></tr>";
$email_message .= "<tr><td>Email: </td><td>" . $email . "</td></tr>";
$email_message .= "<tr><td>Phone: </td><td>" . $phone . "</td></tr>";
$email_message .= "<tr><td>Type: </td><td>" . $type . "</td></tr>";
$email_message .= "<tr><td>Size: </td><td>" . $size . "</td></tr>";
$email_message .= "<tr><td>Message: </td><td>" . $message . "</td></tr>";
$email_message .= "</table>";
$email_message .= "</body></html>";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
mail($send_email, $email_subject, $email_message, $headers);
$errmsg = 'Your message has been sent. Thank you!';
$_SESSION['ERRMSG'] = $errmsg;
header("location: index.php");
exit();
}