Help with PHP email script

Dark_Angel

Dark_Angel

Dark_Angel

Soldato
Joined
12 May 2005
Posts
12,631
I have this working, but I trying to alter it so that it won't let someone send it unless they have entered all fields, anyone help ? I am new to PHP :(

Code: 
<?php

// Details
$message="$phone";
// Mail of sender
$mail_from="$customer_mail";
// From
$headers="from: $name1 $name2 <$mail_from>";

// Enter your email address
$to [email protected]';

$send_contact=mail($to,$subject,$message,$headers);

// Check, if message sent to your email
// display message "We've recived your information"
if($send_contact){
("Location: http://domain.tld/page.php");
}
else {
echo "ERROR";
}
?>

*edit* damn wrong section :(

Can someone move it please?
 
Stick in another 'if' loop and cycle through all the variables and only once they return a true value will it send.

Front end wise, search Javascript code sites for a solution for the form itself.
 
I'd say you should do error handling for that before they even reach that code, so that you can print out on the screen after submitting, but if you wanted to to just do it where you have it now then something like:

Code: 
if (!$phone || !$customer_mail || !$mail_from || !$name1 || !$name2 ) {
	echo "error";
} else {
	// email code
}
would only let it pass to the email code if all of the variables were not null. You could also just do it one by one so you can have specific errors, such as:

Code: 
$pass = true;

if ( !$phone ) {
	echo "error - no message set";
	$pass = false;
} elseif ( !$customer_mail ) {
	echo "error - you have not entered your email";
	$pass = false;
}

if ( $pass ) {
	// email code
}

Either are probably a band-aid for your code but will work. Without seeing the full code it's hard to code it to how you've wrote it.
 
This code is highly insecure if you're not sanitizing and checking user input as it would be very easy for a spammer to add additional fields to your e-mail header - if you are reading the 'name2' variable directly from a form and someone types 'BCC: [email protected];[email protected]' etc. in to it, that e-mail will be sent to whatever e-mail addresses are listed.

Have a look at a few of these links, or google 'mail header injection' for information on fixing it, before you make your script live:
http://www.alt-php-faq.org/local/115/
http://www.jellyandcustard.com/2006/02/24/email-header-injection-in-php/
http://nyphp.org/phundamentals/email_header_injection.php
 
You must log in or register to reply here.
Back
Top Bottom