Form Help Again

Re: Form Help Again

In article <s0vr92595u2t52 tncv2h0f822cttr ichhc@4ax.com>,
Hoopster <hoops_nospam44 4@aol.com> wrote:[color=blue]
>Here is my form.
>
>
><form action="http://www.johndoe.com/FormToEmail.php " method="post"
>enctype="multi part/form-data">
><input class="sidebar" value="name" name="user" >
><input class="sidebar" value="email" name="email" > <TEXTAREA
>class=sideba r name=content rows=40 cols=30></TEXTAREA>
><input class="button_s idebar" value="Send" type="submit" >
><input class="button_s idebar" value="Reset" type="reset" >
></form>
>
>
>
>I then have a PHP file called FormToEmail.php
>
>
>It looks like this:
>
>
>$my_email = "johndoe@aol.co m";
>
>
>
>
>And some other garbage at the bottom. For some reason my form goes to
>the FormToEmail.php page, but I never get any emails with the data.[/color]

If you wish to send mail, you have to actually *WRITE CODE* to *SEND
THE MAIL*. Often this is a call to the PHP mail() function, or
invoking classes to send mail. All the above does is set an unused
variable.

Some security tips:

Never let the PHP use user-supplied or form-supplied values (stuff
from $_GET[], $_POST[], etc.) for mail headers (e.g. Subject:, To:,
From:, etc.) without first ensuring that the value does NOT contain
a carriage return or line feed. Never let the user or form specify
the destination of the email.

Gordon L. Burditt

Re: Form Help Again

Carved in mystic runes upon the very living rock, the last words of
Hoopster of comp.lang.php make plain:
[color=blue]
> Can anyone help me with this.[/color]

Yep - try Phorm.

--
Alan Little
Phorm PHP Form Processor