Is there a workable script out there for formmail for php 5?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • dreamcatcher
    New Member
    • Nov 2006
    • 16
    #1

    Is there a workable script out there for formmail for php 5?

    Hi everyone,

    I'm a frontend designer starting to learn about getting forms to work. What I'm after is a script that I can learn from and get working on a site relatively quickly. Something that has the 'how to' details with the script, explaining stuff. A simple feedback form, that displays something similar to what I'm showing below. I need this script to generate an e-mail that is sent back to the visitor saying, thank you etc for your query. Would the same script work for creating a join e-mail database form ? Am I right in saying that?

    Can anyone recommend a thorough tutorial with actual working scripts for php 5? My server supports php 5.

    Much Appreciation. S

    [HTML]<form action="" method="" name="" target="" id="" onsubmit="" >
    <p><label for="name">Full Name</label>
    <input name="fullname" type="text" class="text" id="fullname" />
    </p>
    <p><label for="email">E-Mail</label>
    <input name="email" type="text" class="text" id="email" />
    </p>
    <p><label for="phone">Pho ne No.</label>
    <input name="phone_no" type="text" class="text" id="phone_no" />
    </p>
    <p>
    <label for="subject">S elect subject</label>
    <select name="subject" class="text" id="subject">
    <option selected="selec ted">Select subject</option>
    <option value="design"> Design</option>
    <option value="developm ent">Developmen t</option>
    <option value="identity ">Brand Identity</option>
    <option value="marketin g">Online Marketing</option>
    <option value="question ">General Question</option>
    </select></p>
    <p><label for="question"> Your Question.</label>
    <textarea name="question" cols="30" rows="10" id="question" class="text"></textarea>
    </p>
    <p><input name="Submit" class="submit" type="submit" value="submit" /><input name="reset" type="reset" value="reset" />
    </p></form>[/HTML]
    Tags: None
    • ronverdonk
      Recognized Expert Specialist
      • Jul 2006
      • 4259
      #2
      Have a look at the tutorial at Send Email from a PHP Script
      and another one at Geekz http://lampgeekz.netgeekz.net/forum/...opic,38.0.html

      Ronald :cool:

        Comment

        • TheMadMidget
          New Member
          • Oct 2006
          • 98
          #3
          Important info if you want to have the from address user inputed!

          Copied from W3Schools:
          Code:
          <html>
<body>

<?php
if (isset($_REQUEST['email']))
//if "email" is filled out, send email
  {
  //send email
  $email = $_REQUEST['email'] ; 
  $subject = $_REQUEST['subject'] ;
  $message = $_REQUEST['message'] ;
  mail("someone@example.com", "Subject: $subject",
  $message, "From: $email" );
  echo "Thank you for using our mail form";
  }
else
//if "email" is not filled out, display the form
  {
  echo "<form method='post' action='mailform.php'>
  Email: <input name='email' type='text' /><br />
  Subject: <input name='subject' type='text' /><br />
  Message:<br />
  <textarea name='message' rows='15' cols='40'>
  </textarea><br />
  <input type='submit' />
  </form>";
  }
?>

</body>
</html>
          The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.

          What happens if the user adds the following text to the email input field in the form?
          Code:
          someone@example.com%0ACc:person2@example.com
%0ABcc:person3@example.com,person3@example.com,
anotherperson4@example.com,person5@example.com
%0ABTo:person6@example.com
          The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!

          The best way to stop e-mail injections is to validate the input.

          Now we have added an input validator that checks the email field in the form:
          Code:
          <html>
<body>

<?php
function spamcheck($field)
  {
//eregi() performs a case insensitive regular expression match
  if(eregi("to:",$field) || eregi("cc:",$field)) 
    {
    return TRUE;
    }
  else
    {
    return FALSE;
    }
  }

//if "email" is filled out, send email
if (isset($_REQUEST['email']))
  {
  //check if the email address is invalid
  $mailcheck = spamcheck($_REQUEST['email']);
  if ($mailcheck==TRUE)
    {
    echo "Invalid input";
    }
  else
    { 
    //send email
    $email = $_REQUEST['email'] ; 
    $subject = $_REQUEST['subject'] ;
    $message = $_REQUEST['message'] ;
    mail("someone@example.com", "Subject: $subject",
    $message, "From: $email" );
    echo "Thank you for using our mail form";
    }
  }
else
//if "email" is not filled out, display the form
  {
  echo "<form method='post' action='mailform.php'>
  Email: <input name='email' type='text' /><br />
  Subject: <input name='subject' type='text' /><br />
  Message:<br />
  <textarea name='message' rows='15' cols='40'>
  </textarea><br />
  <input type='submit' />
  </form>";
  }
?>

</body>
</html>

            Comment

            • dreamcatcher
              New Member
              • Nov 2006
              • 16
              #4
              Originally posted by ronverdonk
              Have a look at the tutorial at Send Email from a PHP Script
              and another one at Geekz http://lampgeekz.netgeekz.net/forum/...opic,38.0.html

              Ronald :cool:
              Thanks for those suggestions Ronald, I checked out the tutorials on about.com and set up the php, seems to be working fine. I've put it to work on www.zofocreativ e.com/zofo_creative_e nquiry_form.htm . Yea, I found the about tutorials managable, as I'm not a php programmer, so I'm delighted with the result and to be able to do it myself without getting my programmers to to it. Cheers, nice one.

                Comment

                • ronverdonk
                  Recognized Expert Specialist
                  • Jul 2006
                  • 4259
                  #5
                  And do not forget to sanitize ALL fields. The sample that themadmidget supplied is a good example of spam prevention.

                  But you must also verify the 'correctness' of the email address[php]function valid_email ($str) {
                  return (ereg ('(^[0-9a-zA-Z_\.-]{1,}@([0-9a-zA-Z_\-]{1,}\.)+[0-9a-zA-Z_\-]{2,}$)', $str));
                  }[/php]
                  and minimally cleanse the subject and message fields, like this:[php]
                  $subject = strip_tags($_RE QUEST['subject'] );
                  $message = strip_tags($_RE QUEST['message'] );[/php]
                  Ronald :cool:

                    Comment

                    Previous template Next
                    Working...