Databases
StackOverflow2013
Postsdbo
POPhp Contact Form
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPhp Contact Form
    text
    copied!<p>This is my second attempt at a php contact form using Jquery and php to validate. I am pretty happy with the jquery but am unsure if I did the php right. I looked online and combined a few tutorials. Is this the best way to go about validating the fields and making sure the sendmail function is not improperly used? Is this a good way of going about this? Is there a better? Thanks in advance. <pre><code>if(isset($_POST['submit'])) { //Check to make sure that the name field is not empty if(trim($_POST['emailTo']) == '') { $hasError = true; } else { $name = trim($_POST['emailTo']); } //Check to make sure that the subject field is not empty if(trim($_POST['subject']) == '') { $hasError = true; } else { $subject = trim($_POST['subject']); } //Check to make sure sure that a valid email address is submitted if(trim($_POST['emailFrom']) == '') { $hasError = true; } else if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['emailFrom']))) { $hasError = true; } else { $email = trim($_POST['emailFrom']); } //Check to make sure comments were entered if(trim($_POST['message']) == '') { $hasError = true; } else { if(function_exists('stripslashes')) { $comments = stripslashes(trim($_POST['message'])); } else { $comments = trim($_POST['message']); } } $dodgy_strings = array( "content-type:" ,"mime-version:" ,"multipart/mixed" ,"bcc:" ); function is_valid_email($email) { return preg_match('#^[a-z0-9.!\#$%&amp;\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email); } function contains_bad_str($str_to_test) { $bad_strings = array( "content-type:" ,"mime-version:" ,"multipart/mixed" ,"Content-Transfer-Encoding:" ,"bcc:" ,"cc:" ,"to:" ); foreach($bad_strings as $bad_string) { if(eregi($bad_string, strtolower($str_to_test))) { echo "$bad_string found. Suspected injection attempt - mail not being sent."; exit; } } } function contains_newlines($str_to_test) { if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) { echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent."; exit; } } if($_SERVER['REQUEST_METHOD'] != "POST"){ echo("Unauthorized attempt to access page."); exit; } if (!is_valid_email($email)) { echo 'Invalid email submitted - mail not being sent.'; exit; } contains_bad_str($email); contains_bad_str($subject); contains_bad_str(body); contains_newlines($email); contains_newlines($subject); //If there is no error, send the email if(!isset($hasError)) { $emailTo = 'My@Email.com'; $body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nComments:\n $comments"; $headers = 'From: My Site &lt;'.$emailTo.'&gt;' . "\r\n" . 'Reply-To: ' . $email; mail($emailTo, $subject, $body, $headers); $emailSent = true; } } ?&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload