|
|
Posted by Ken Robinson on 02/19/07 15:17
"shror" <shahirwm@gmail.com> wrote in news:1171898875.188006.234860
@p10g2000cwp.googlegroups.com:
> dear all,
>
> i have started learning php 2 weeks ago and i have wrote my first
> script for mail sender and the script takes all my data and move to
> the thanks page but the problem is that the mails never comes, so i
> need your help with me, and here is my script:
>
> mail.htm code:
>
> <form method="POST" action="mail.php" onSubmit="">
You don't need the onSubmit attribute if there is nothing to do
> <p>email <input type="text" name="email" size="20"></p>
> <p>subject <input type="text" name="subject"></p>
> <p>message<textarea rows="2" name="message" cols="20"></textarea></
> p>
> <p><input type="submit" value="Submit" name="B1"><input type="reset"
> value="Reset" name="B2"></p>
> </form>
>
>
> mail.php code:
>
> <?php
> $email = $HTTP_POST_VARS['email'];
> $subject = $HTTP_POST_VARS['subject'];
> $msg = $HTTP_POST_VARS['message'];
You want to use the $_POST superglobal array here not the old
$HTTP_POST_VARS array.
$email = $_POST['email'];
$subject = $_POST['subject'];
$msg = $_POST['message'];
> $from = "s7els7.com";
The "From" header needs to be formated correctly:
"From: valid@emai.address.here";
$from = "From: youremailaddres@s7els7.com";
> if (mail($email,$subject,$message,$from)) {
> echo "<h4>Thank you for sending email</h4>";
> } else {
> echo "<h4>Can't send email to $mail</h4>";
> }
> ?>
Leaving your script like this, you are opening yourself up to spammers
finding your form and using it to do all sorts of spamming.
You should read this
<http://www.nyphp.org/phundamentals/email_header_injection.php> article
on preventing Email Header Injection Exploits.
Ken
Navigation:
[Reply to this message]
|