Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2

Thread: Mail form

  1. #1
    New Coder
    Join Date
    Mar 2010
    Posts
    48
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Mail form

    Okay so I copied the code from W3 schools because for the website I'm building it won't need much PHP and I'd prefer not to learn it just for a couple things that are already posted around. But I tried using it.. and it doesn't work? It says it's supposed to refresh and check if the email field is filled out, and if it is it sends the email. I filled it out.. with a valid email and all but nothing refreshes it just stays the same. Here is the code, if anyone can help out I'd really appreciate it.

    PHP Code:
    <html>
    <body>

    <?php
    if (isset($_REQUEST['email']))
    //if "email" is filled out, send email
      
    {
      
    //send email
      
    $email $_REQUEST['email'] ;
      
    $subject $_REQUEST['subject'] ;
      
    $message $_REQUEST['message'] ;
      
    mail"test@example.com""Subject: $subject",
      
    $message"From: $email" );
      echo 
    "Thank you for using our mail form";
      }
    else
    //if "email" is not filled out, display the form
      
    {
      echo 
    "<form method='post' action='mailform.php'>
      Email: <input name='email' type='text' /><br />
      Subject: <input name='subject' type='text' /><br />
      Message:<br />
      <textarea name='message' rows='15' cols='40'>
      </textarea><br />
      <input type='submit' />
      </form>"
    ;
      }
    ?>

    </body>
    </html>
    On mine the email it sends to is edited to mine. I have this all in a html page titled mailform

  • #2
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    1) When this form is submitted isset($_REQUEST['email']) would always return true. It does not check that the e-mail field has been filled in. This condition only checks that the form has been submitted.

    2) I would really strongly advise you to Google on Mail injection attacks before you use anything like this. This form is very vulnerable for Mail injection attacks. Spammers would be able to use it to send thousands e-mails abusing at least 2 fields of your form: 'email' and 'subject'. Unfortunately I do not have enough time now to describe this in detail. But I am sure many articles should exist on this subject.

    Also please notice that using PHP code without learning PHP could be dangerous in general. Also plus to validation procedures you would most probably need a CAPTCHA for your mail form. I doubt all this could be installed and checked for security problems without learning PHP ... I am sorry for saying this ...


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •