PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<?php
// missing . before the com
$sendTo = "mhaynes@blahblahcom";
$subject = "Website Reply";
// looks ok but maybe only single qoutes around the array ie $_POST['name']
// not sure if that makes a difference
$headers = "From: " . $_POST["name"] ." <" . $_POST["email"] .">\r\n";
$headers .= "Reply-To: " . $_POST["email"] . "\r\n";
// might want to put a line feed "\r\n" after the last header line
$headers .= "Return-path: " . $_POST["email"];
$message = $_POST["message"];
$phone = $_POST["phone"];
// phone must be added to the message, you cannot send mail to a phone number
mail($sendTo, $subject, $message, $phone, $headers);
?>
The mail() function doesn't take 5 arguments as far as I know. You could place the phone in the message.
And as a sidenote: i presume/hope you do some input validation?
The mail() function doesn't take 5 arguments as far as I know. You could place the phone in the message.
And as a sidenote: i presume/hope you do some input validation?
Thanks, I am trying to take it one step at a time.
I personally don't know any flash but my guess is someone/something who wants to try to exploit your form can ignore the flash movie (and validation) and post the values directly to the php code/script. (if the script is accessible, that is) You might want to make sure that cannot happen.
the best way is to know how to validate the information being submitted. Things such as regular expression matchings for email addresses, removing \r and \n characters, limiting how many addresses can be sent to, or limiting access to the script based on time (say requiring 10 or 15 seconds between emails).. each will deter circumvention for "bad" uses in their own ways..
matthijs wrote:I personally don't know any flash but my guess is someone/something who wants to try to exploit your form can ignore the flash movie (and validation) and post the values directly to the php code/script. (if the script is accessible, that is) You might want to make sure that cannot happen.
Good luck.
([edit] what Feyd says)
Sorry to ask so many questions, but is there a way to secure the file?
feyd wrote:the best way is to know how to validate the information being submitted. Things such as regular expression matchings for email addresses, removing \r and \n characters, limiting how many addresses can be sent to, or limiting access to the script based on time (say requiring 10 or 15 seconds between emails).. each will deter circumvention for "bad" uses in their own ways..
feyd wrote:the best way is to know how to validate the information being submitted. Things such as regular expression matchings for email addresses, removing \r and \n characters, limiting how many addresses can be sent to, or limiting access to the script based on time (say requiring 10 or 15 seconds between emails).. each will deter circumvention for "bad" uses in their own ways..
Just want to clarify, I'm pretty sure feyd means removing the \r and \n characters from posted data, NOT the ones that you have used to format the Email in your code. Your script might not work without them if the header is malformed.