email practice

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
the_cheat
Forum Newbie
Posts: 5
Joined: Tue Oct 12, 2010 4:09 pm

email practice

Post by the_cheat »

Hi everyone, Right now I am trying to perfect creating a contact form and emailing the message. The two problems I am having right now is using preg_match()
for email address validation, and reporting user errors back to the user.

here is the current script I am using for the form's action

Code: Select all

<?php
    define(EMAIL, "rmccaffe1@gmail.com");
    
    if (!$_POST[txt_name]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txt_email_address]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txt_email_address]) {
        header("Location: email_practice.php");
    }
    if (!$_POST[txta_email_message]) {
        header("Location: email_practice.php");
    }
    
    $sender_name = $_POST[txt_name];
    $sender_address = $_POST[txt_email_address];
    $email_subject = $_POST[txt_email_message];
    $email_message = $_POST[txta_email_message];
    $headers[address] = $sender_address;
    
    $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
    
    if ($result) {
        echo "Message sent successfully";
    } else {
        echo "Message send was unsuccessful";
    }    
    
?>
when I try to place the mail() function inside of an if statement as such

Code: Select all

if (preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$^", $sender_address) {
        $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
        if ($result) {
            echo "Message sent successfully";
        } else {
            echo "Message send was unsuccessful";
        }    
    } else {
        echo "Address not valid";
    }
    
a blank page loads with the correct URL after pressing the submit button, and I am having trouble figuring out why.

I am also having trouble figuring out how to display to the user that they entered an invalid value in any of the form controls.
If anyone can tell me what to do, without really telling me how to do it, or telling me of any resources that will help with the problems I am having
I would really appreciate it. Thanks
MichaelR
Forum Contributor
Posts: 148
Joined: Sat Jan 03, 2009 3:27 pm

Re: email practice

Post by MichaelR »

Put this at the top of your code:

Code: Select all

ini_set('display_errors', 1);
You'll probably see an error. I'm guessing this will fix it (there was a missing closing parenthesis on the preg_match line):

Code: Select all

if (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$/", $sender_address)) {
        $result = mail(EMAIL, $email_subject, $email_message, $headers[address]);
        if ($result) {
            echo "Message sent successfully";
        } else {
            echo "Message send was unsuccessful";
        }    
    } else {
        echo "Address not valid";
    }
Last edited by MichaelR on Tue Oct 19, 2010 5:32 pm, edited 1 time in total.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: email practice

Post by VladSun »

You must call exit() after every header('Location:.... you've ever used.
There are 10 types of people in this world, those who understand binary and those who don't
the_cheat
Forum Newbie
Posts: 5
Joined: Tue Oct 12, 2010 4:09 pm

Re: email practice

Post by the_cheat »

Thanks a lot for the help, everything is working fine now, it was just that missing closing parenthesis. Now I am just looking for a tutorial that will help me
relay user error messages back to the user and possibly writing the form and script on the same page.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: email practice

Post by social_experiment »

the_cheat wrote:Now I am just looking for a tutorial that will help me relay user error messages back to the user and possibly writing the form and script on the same page.
As your form action use $_SERVER['PHP_SELF'] to call the page on itself. You then have to check whether the submit button has been clicked so the form can be processed.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: email practice

Post by VladSun »

social_experiment wrote:
the_cheat wrote:Now I am just looking for a tutorial that will help me relay user error messages back to the user and possibly writing the form and script on the same page.
As your form action use $_SERVER['PHP_SELF'] to call the page on itself. You then have to check whether the submit button has been clicked so the form can be processed.
Don't use $_SERVER['PHP_SELF'], but rather leave the action param empty.
Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities:

Code: Select all

http://example.com/send.php/<script>alert('XSS');</script>
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: email practice

Post by social_experiment »

Vladsun wrote:Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities
Pretty interesting. Would you then say calling a form on itself is a bad idea and shouldn't be used?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: email practice

Post by VladSun »

social_experiment wrote:
Vladsun wrote:Usage of $_SERVER['PHP_SELF'] (plain) would introduce XSS vulnerabilities
Pretty interesting. Would you then say calling a form on itself is a bad idea and shouldn't be used?
VladSun wrote:... leave the action param empty...
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply