|
|
Posted by Alexander Schestag on 07/02/07 23:39
Alexander Schestag wrote:
> Hi,
>
> Brendan Gillatt wrote:
>> On Mon, 2 Jul 2007 14:47:42 +0100, "Geoff" <someone@home.uk> wrote:
>>
>>> I want to create an on-line form & into one of the text boxes the
>>> visitor will enter his email address. So far so good. However,
>>> when that form is emailed to me, I want that email address to appear
>>> in the "From" field of the email. I know this cannot be done in
>>> HTML because the variable cannot be transferred across pages, but can
>>> it be done in PHP? Or is there another way of achieving it?
>>>
>>> Any advice much appreciated and if there are any sample scripts
>>> anywhere, even more appreciated.
>
>> $from = $_POST['emailaddress'];
>>
>> $to = 'someemail@aol.com';
>>
>> $subject = $_POST['subject'];
>>
>> mail($to, $subject, $msg, "From: $from\n");
>
> Never, never, never ever do it this way without any proper input
> validation! Using $_POST is not enough to validate the values coming
> from a form. You should never trust them!
>
> For example, $name should at least be validated this way:
$subject of course.
Alex
[Back to original message]
|