I need some help!!!!!!
I have always used Matts formmail to set up forms on my web site (I know I know)
I have now changed to php for processing. I am using the following code but I don't know enough to know if it is secure. I am new to php
Code: Select all
<?php
$recipient = "my email here";
$error = "";
$name = $_POST['name'];
$email = $_POST['email'];
$subject = "Enquiry";
$phone = $_POST['phone'];
$country = $_POST['country'];
$adults = $_POST['adults'];
$children = $_POST['children'];
$age = $_POST['age'];
$arrival_day = $_POST['arrival_day'];
$arrival_month = $_POST['arrival_month'];
$arrival_year = $_POST['arrival_year'];
$departure_day = $_POST['departure_day'];
$departure_month = $_POST['departure_month'];
$departure_year = $_POST['departure_year'];
$comments = $_POST['comments'];
$verification = $_POST['verification'];
$message =
"Name: " . $name . "\n E-mail: " . $email . "\n Telephone: " . $phone . "\n Country: " . $country . "\n\n Number of Adults: " . $adults . "\n Number of Children: " . $children . "\n Age of Children: " . $age . "\n\n Date of Arrival: " . $arrival_day . "," . $arrival_month . "," . $arrival_year . "\n Date of Departure: " . $departure_day . "," . $departure_month . "," . $departure_year . "\n\n Comments: " . $comments . "\n";
$emailPattern = '/^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$/';
if(!preg_match($emailPattern, $email))
{
$error = "Incorrect Email. ";
}
if(md5($verification) != $_COOKIE['tpverify'])
{
$error .= "Verification code is incorrect. ";
}
if($error === "" && mail($recipient, $subject, $message, "FROM: $email", "-f$email"))
{
header("Location: thankyou.html");
} else {
echo "$error";
}
exit();
?>Any help is appreciated
rogie