Page 1 of 1

How to redirect to thanks page

Posted: Tue Dec 16, 2008 3:37 pm
by Tassadduq
i have a comments page in my site and i want if any user fill the form and submit it than after submitting the form it redirects the user to thanks page.
my form code is here

Code: Select all

<?php if( isset($submit)    ) {
 
$subject = "Message From Your Website";
 
$htmlmessage = "
 
<div style=\"border:1px solid #cccccc; width:80%; padding:10px;\">
 
Name: $name<br />
 
Email: $email<br />
 
Message:
 
$message
 
</div>
 
";
 
$headers = "From: Sur Milap Contact <webmaster@gmail.com>\r\n";
 
$headers .= "Content-Type: text/html;\r\n charset=\"iso-8859-1\"\r\n";
 
$headers .= "Reply-To: $email\r\n";
 
mail("tassadduqhussain@gmail.com", $subject, $htmlmessage, $headers);
 
echo "<p> THANKS! Your Message Has Been Sent Successfully.</p>";
 
 
 
}  else {
 
?>
                                </p>
                              <div style="width:400px; margin:auto; text-align:left;">
                                <form method="post" action="<?php $_SERVER['file:///C|/DOCUME~1/Capricon/LOCALS~1/Temp/Rar$DI00.875/PHP_SELF'];?>">
                                  <p align="left">Name
                                    <input name="name" type="text" id="name" />
                                  </p>
                                  <p align="left">Email
                                    <input name="email" type="text" id="email"  />
                                  </p>
                                  <p align="left">Message</p>
                                  <p align="left">
                                    <textarea name="message" cols="50" rows="10" id="message" ></textarea>
                                  </p>
                                  <p>
                                  <label>
                                  <div align="left">
                                  <input type="reset" name="Reset" id="button" value="Reset" />
                                  <input name="submit" type="submit" onclick="MM_validateForm('name','','R','email','','RisEmail','message','','R');return document.MM_returnValue" value="Send" />
                                  </label>
                                  <div align="left"></div>
                                </form>
                          <?php 
 
}
 
?>
please give me suggestion.

Re: How to redirect to thanks page

Posted: Tue Dec 16, 2008 10:08 pm
by John Cartwright
Boy oh boy, that code is awful!

Firstly, your script relies on register global (bad!).

Secondly, I noticed this in your script,

Code: Select all

<form method="post" action="<?php $_SERVER['file:///C|/DOCUME~1/Capricon/LOCALS~1/Temp/Rar$DI00.875/PHP_SELF'];?>">
Thirdly, there is no server side validation. What is the user has javascript disabled?

Fourthly, you are not escaping your html output, allowing for XSS injection

To issue a redirect, simple can do

Code: Select all

 
header('Location: http://domain.com/somepage');
exit();
However, this must be before any output whatsoever.