...

View Full Version : Php forms for beginners - tutorial



yangmanrui
01-15-2008, 11:43 PM
Hi, I would like to have a feedback form on my website, but I do not know about the Php language. Basically, just an email and a message that I would actually receive in my email. That's it. Could anybody suggest an easy tutorial?

Man Rui

Digicoder
01-15-2008, 11:54 PM
You can find all you'll ever need to know about php here:
http://www.php.net

But what your asking is super simple.


<?php

$name = $_POST['name'];
$email = $_POST['email'];
$msg = $_POST['message'];

$to = "Youremail@yourhost.com";
$subject = "Feedback";
$headers = "From: $email";
mail($to,$subject,$msg,$headers);

?>


You'll want to validate and do a few other things to that first though

yangmanrui
01-16-2008, 12:47 AM
Thanks,

so, I would just put it anywhere in the body of my html?
Man Rui

nobackseat88
01-16-2008, 01:01 AM
For example a form to refer a site to a friend. It would look like this:



// Put this at the very top of your page, before the head
<?php
if(isset($_REQUEST['email']))
{
$name = $_REQUEST['name'];
$email = $_REQUEST['email'];

$message = "$name wants you to take a look at My Site(http://www.mysite.net/)!\n\n\http://www.mysite.net\n\n";



mail($femail, "Subject: My Site",
$message, "From: $email" );
echo "Thank you for referring our site to your friends.";

}
else {

echo "<form action='".$_SERVER['PHP_SELF']."' method=\"post\">";

echo "Name: <input type=\"text\" name=\"name\"><br>";
echo "Your email: <input type=\"text\" name=\"email\"><br>";
echo "Friends email: <input type=\"text\" name=\"femail\"><br>";
echo "<input type=\"submit\" value=\"Tell my friend!\">";

}

?>


But of course change My Site to your site name and http://www.mysite.net/ to your site if you want the script to work for your site. This is a great example of $_SERVER['PHP_SELF'], passing and getting variables, and mailing in PHP.

Digicoder
01-16-2008, 01:11 AM
Yeah but you may want to use a different one, that was just an example i made up, You'll want to use this one instead:



<form name="form1" method="post" action="">
<table width="100%" border="0" cellspacing="0" cellpadding="2">
<tr>
<td width="10%">Email Address: </td>
<td width="90%"><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td>Name:</td>
<td><input name="name" type="text" id="name">
(optional) </td>
</tr>
<tr>
<td>Message:</td>
<td><textarea name="message" cols="40" rows="6"></textarea></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>

</form>

<?php

if(isset($_POST['email']) && isset($_POST['message']))
{

$name = $_POST['name'];
$email = $_POST['email'];
$msg = $_POST['message'];

// You'll want to validate the email and make sure that no one is trying to send this feedback to some one else as well.
if(eregi("to:",$email) || eregi("cc:",$email) || eregi('bcc:',$email))
echo'Sorry, we couldn\'t send your message, please try again.';

if(!ereg('^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$', $email))
echo'Sorry, you entered an invalid email address!';

/*
* You may also want to run a strip_tags on the message so you don't get radnom html/JS in your emails
*/
$msg = strip_tags($msg);

/*
* Please be away that this can still be attacked by spam bots and they may use this to send you junk emails.
*/

$to = "Youremail@yourhost.com";
$subject = "Feedback";
$headers = "From: $name <$email>";

mail($to,$subject,$msg,$headers);

}

?>

nobackseat88
01-16-2008, 01:44 AM
And that example from Digi Coder will show the form whether or not submitted, and has extra security, if that's what you want.

yangmanrui
01-16-2008, 02:17 AM
thank you guys very much,
I will try it.

Man rui

StupidRalph
01-16-2008, 07:23 AM
Does anyone use the filter functions opposed to eregi? I was just wondering how good it worked in comparison.


filter_var($email, FILTER_VALIDATE_EMAIL) //validate as an email

yangmanrui
01-24-2008, 12:25 AM
thanks,

Here is what i did. I have a website where people learn languages for free .(human not computer www.languagelearninglinks.org ) My friend, who hosts my site told me that he has only Ruby on Rail, but his friend can host for me ( he says that he has Php...)
Long story short. I copied your post and put it in my page. It is tentatively at www.jiriskalsky.com. I have substituted the email address with my email studentmatters@yahoo.com, but somehow it doesn't work. Could you give me some advice?

Man rui

Digicoder
01-24-2008, 01:31 AM
GoDaddy requires the use of their own email script, not yours.

Read the information provided by GoDaddy about processing forms.

See this:
http://codingforums.com/archive/index.php?t-49998.html

Sorry, godaddy is gay, I host there too.

hammer65
01-24-2008, 08:11 PM
There is no need to look for every possible mail header in the content to determine if someone is trying header injection. You simply need to look for newline "\n" characters. Header injection can't be done if they can't separate the headers with newlines.

That still won't provide complete protection. The body of the message isn't a header, but an attacker can insert alternate messages and attachments. You would need to do a case insensitive match for "boundary" and "content-type" for any input intended for the message body.

That will take care of injection, but not automated submissions. What people don't seem to understand is that spammers actively look for "contact us" or "feedback" forms. If they find one, they will hit it, either personally, or using a bot. It's just not as simple as using the mail function anymore.

There is no point to adding such widely used code in a procedural manner, when it could be done in a re-usable class, or better yet use proven code such as PHPMailer or PEAR::mail and be done with it.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum