Posted by shimmyshack on 04/22/07 10:49

On Apr 22, 12:23 am, j...@lycos.com wrote:
> Is there any tutorials online for sending email through forms? I can
> send an email as well as write to my MySQL database from home with the
> following code but not at work. I think there might be something I'm
> missing header-wise that keeps me from making this work on my work
> system. I'm using Apache 1.3, PHP 4.1 (best the IT guys could do
> though I'm using 5.x at home), and MySQL as the database. Thanks VERY
> much for any help or pointers to a good tutorial. I'm trying to
> provide an input form that writes to the database as well as emails
> the recipient letting them know there's been activity. Thanks, John
>
> My form PHP code is as follows:
>
> Input form 1:
> <html>
> <body>
> <form method="post" action="messaging2.php">
> <input type="hidden" name="id" value="NULL">
> <center>
> <table border="8">
> <tr>
> <td>Date:</td>
> <td align="left"><input type="text" name="date" size="14"
> maxlength="16" value="<? print strftime("%m/%d/%Y %H:%M"); ?>"></
> td>
> </tr>
> <tr>
> <td>Your Name:<font color=red>*</font></td><td align="left"><input
> type="text" name="name" size="14" maxlength="20" value=""></td>
> </tr>
> <tr>
> <td>Subject:<font color=red>*</font></td><td align="left"><input
> type="text" name="subject" size="14" maxlength="20" value=""></td>
> </tr>
> <tr>
> <td>Message For:<font color=red>*</font></td>
> <td><select name="to" style='width: 110px;'>
> <option value = ""></option>
> <option value ="j...@lycos.com">Joe</option>
> <option value ="r...@gmail.com">Randy</option>
> </td>
> </tr>
> <tr>
> <td nowrap>
> Message:<font color=red>*</font></div>
> </td>
> <td>
> <textarea type="text" name="text" cols="35" rows="5"></textarea>
> </tr>
> </td>
> <tr>
> <td colspan="2" align="center"><input type="submit" value="Enter"></
> td>
> </tr>
> </table>
> </form>
> </center><p>
> </body>
> </html>
>
> Input form 2:
> <html>
> <font color="#990099" size="+1"><span
> style="font-size:18"><p>
> <TABLE cellSpacing=0 cellPadding=10 width="95%"
> align=center border=8">
> <TBODY><TR><TD vAlign=top align=left><P><FONT
> face=arial color=bright white><b>
> <?php
> require_once('generic_connect.php');
> $DBName = "messages";
> $table = "messages_tbl";
>
> $id = $_POST['id'];
> $date = $_POST['date'];
> $name = $_POST['name'];
> $subject = $_POST['subject'];
> $to = $_POST['to'];
> $text = $_POST['text'];
>
> mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect
> to database"); // make connection to database
> mysql_select_db($DBName) or die("Unable to select database
> $DBName"); // select database
> $sqlquery = "INSERT INTO $table VALUES('$id', '$date', '$name',
> '$subject', '$to', '$text')";
> if ($results = mysql_query($sqlquery)) {
>
> $to = stripslashes($to)."\r\n";
> $subject = stripslashes($subject);
> $text = stripslashes($text);
> mail($to, $subject, $text, "From: a...@work.com");
>
> }
>
> mysql_close();
> print "<center><table border=\"0\" width=\"500\"><tr><td>";
> print "<p><font face=\"verdana\" size=\"+0\">
> <center>You Just Entered This Information into the
> Database<p><blockquote>";
> print "Date: $date<p>Your Name: $name<p>Message For:$to<p>Subject:
> $subject<p>Message:$text</blockquote></td></tr></table>
> </CENTER>
> </html>";
> ?>
>
> </FONT></CENTER></b>
> </H3></TD></TR></TBODY></TABLE>
> </html><p>
>
> portion of php.ini file that deals with mail configuration:
>
> [mail function]
> ; For Win32 only.
> SMTP = mail.work.com
> smtp_port = 25

as you do not need to send the email addresses from the browser to the
server in order for the server to use the value - which sent the
emails to the browser in the first place - why not have an array in
your logic, $arrEmailAddresses = array( 'joe'=>'joe@server.com',
'bob'=>'bob@server.com' ); and simply have values joe and bob... in
your webpage and use the posted value - provided it exists in the
array obtianed by array_keys($arrEmailAddresses) as the index you then
uuse to obtain the email.

use mysql_real_escape_string and if you cant - cos your it people dont
value the aggregated learning thats gone into php5 over the attraction
of back compatibility, then use the nearest equivalent, to stop sql
injection, when querying your db, or else suffer the consequences.
Dont just print back the name subject etc.. back to the webpage, first
filter them with htmlentities or suchlike, or you have just made your
whole website insecure, and potentially allowed users access to each
others data in the database, even over SSL etc... etc... google for
cross site scripting.
dont allow email header injection, which means validate the variables
for to subject etc... or you will still be sending email to all and
sundry despite the steps above.

my advice, stay away from using mail(), use an authenticated
connection to an smtp server, using an account for the purpose of
sending email from this form, and use a decent library like phpmailer
to handle sending the mail, as it will be more secure.

use a captcha or once you have been idnetified, spammers will be on
you sending and sending. This doesnt allow mail sending unless the
captcha is solved, its not foolproof by any means, but it makes things
harder for the scripts out there. Big name spammers will find it easy
to circumvent the captchas, but youve at least made the effort.

as to why it doesnt work on your work system, -f flag is sometimes
seen as a problem, if you authanticate to an smtp server the vaguaries
of setups at home vs work will be moot.

• Next in forum: Re: Printing Avery Labels from a web site
• Prev in forum: Re: Printing Avery Labels from a web site
• Thread view: Re: Using SendMail in Forms w/PHP HTML

[Reply to this message]