Blank PHP Emails
There\'s a lot of blank php email posts on here but none of them have solved this for me.
I tweaked this simple php code I found to simply email a specified email addres
-
Why is your form action
MAILTO:?<form name="feedback" class="form-horizontal" role="form" action="MAILTO:send_form_email.php" method="post">It should just be a clean call to the PHP page like this:
<form name="feedback" class="form-horizontal" role="form" action="send_form_email.php" method="post">The only time you would use
MAILTO:is when constructing an<a href="mailto:someguy@someplace.somedomain">. For an HTML form using PHP like this the goal is to submit the form, and the the$_POSTdata gets parsed by the PHP which then acts on it to send an e-mail.Additionally, you are not setting
namevalues in any of theinputfields & the names you have foridvalues dont even match what the PHP is attempting to do. So try this for the HTML:<form name="feedback" class="form-horizontal" role="form" action="send_form_email.php" method="post"> <div class="form-group"> <label for="inputName" class="col-sm-3 control-label">Name</label> <div class="col-sm-9"> <input type="text" class="form-control" id="inputName" placeholder="Name" name="inputName"><br /> </div></div> <div class="form-group"> <label for="inputEmail" class="col-sm-3 control-label">Email</label> <div class="col-sm-9"> <input name="email" type="email" class="form-control" id="inputEmail" placeholder="Email" name="inputEmail"><br /> </div></div> <div class="form-group"> <label for="inputMessage" class="col-sm-3 control-label">Message</label> <div class="col-sm-9"> <textarea type="text" class="form-control" id="inputMessage" placeholder="Message" name="inputMessage"></textarea><br /> </div></div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <input class="btn btn-default" type="submit" value="Submit"> </div></div> </form>Also here is the reworked PHP code.
The first thing I did was take all of your
$_POSTchecks into a structure that uses one main array ($post_array) and then rolls through that array to process the values & assign them to similarly named variables. You had absolutely no input validation before. This is technically not even really great “validation” sinceisset()just checks to see if the$_POSTvalue even exists. But this is step up.Also I reworked your error checking logic at the end since it all happened after headers were sent. Meaning none of that the whole
"We've recived your information"would never work. This is the best I can do with the info you’re providing, but I am doing this to convey the basic concepts:<?php if ($_SERVER['REQUEST_METHOD'] == "POST"){ // Set the post values array. $post_array = array('inputName','inputEmail','inputMessage'); // Roll through the post values array. foreach($post_array as $post_key => $post_value) { $$post_key = isset($_POST[$post_key] ? $_POST[$post_key] : null; } // From $header="from: $name <$mail_from>"; // Enter your email address $to ='test@gmail.com'; $send_contact=mail($to,$name,$message,$header); // Check, if message sent to your email // display message "We've recived your information" if($send_contact){ header("Location: http://wetzelscontracting.com/postcontact.html"); } else { echo "ERROR"; } } ?>讨论(0) -
As none of the other answers have covered the issue of validation apart from the one accepted, but if your going to do that you might as well just use the extract() function, (it also won’t protect from header injection or email validation).
It’s very important to validate user input and a layer of simple CSRF protection, else bots or spammers can directly POST to your PHP and it will send you a bombardment of emails, you won’t see the forest for the trees (legit emails), or worse inject headers into your
inputEmailfield and send their own emails using your server which is obviously something you don't want to happen.Also I’ve added an easy way that you can pass errors from your PHP script that sends the user back to the form for you to echo out.
So for the send_form_email.php file.
<?php session_start(); if($_SERVER['REQUEST_METHOD'] == "POST" && isset($_SESSION['csrf'])){ //set error array to fill $errors = array(); // Validate Contact subject if(!empty($_POST['inputName'])){ $name = $_POST['inputName']; }else{ $error['inputName'] = 'Required!'; } // Validate Details if(!empty($_POST['inputMessage'])){ $message = $_POST['inputMessage']; }else{ $error['inputMessage'] = 'Required!'; } // Validate Mail of sender if(!empty($_POST['inputEmail'])){ if(filter_var($_POST['inputEmail'], FILTER_VALIDATE_EMAIL)){ $mail_from = $_POST['inputEmail']; }else{ $error['inputEmail'] = 'Invalid Email!'; } }else{ $error['inputEmail'] = 'Required!'; } if(!isset($_POST['csrf']) || $_SESSION['csrf'] != $_POST['csrf']){ $_SESSION['email_status'] = 'Invalid csrf token!'; $error = true; } //stop multiple attempts - just remove csrf token unset($_SESSION['csrf']); //no errors send mail if(empty($error)){ $headers ='MIME-Version: 1.0'."\r\n"; $headers.='Content-type: text/html; charset=utf8'."\r\n"; $headers.='From:<'.$mail_from.'>'."\r\n"; $headers.="X-Mailer: PHP"."\r\n"; if(mail('test@gmail.com', 'Website email form: '.$name, $message, $headers)){ $_SESSION['email_status'] = "We've received your contact information"; //send to success page exit(header("Location: http://wetzelscontracting.com/postcontact.html")); }else { $_SESSION['email_status'] = 'There was an error sending the mail'; //backup to file file_put_contents('mail.log.txt',print_r($_POST, true).PHP_EOL, FILE_APPEND); } }else{ //assuming its this url exit(header("Location: http://wetzelscontracting.com/contact.php")); $_SESSION['email_error'] = $error; } }else{ //stop multiple attempts unset($_SESSION['csrf']); //dont allow GET request/direct access exit(header("Location: http://wetzelscontracting.com/contact.php")); } ?>Then in your page with the form, start a session to read from the
$_SESSIONarray, and then echo out your errors if any.<?php session_start(); //make a session key that we will check against in send_form_email.php $_SESSION['csrf'] = sha1(uniqid(true)); ?> <?php echo isset($_SESSION['email_status']) ? $_SESSION['email_status'] : null ?> <form name="feedback" class="form-horizontal" role="form" action="send_form_email.php" method="post"> <input type="hidden" name="csrf" value="<?php echo $_SESSION['csrf'];?>"/> <div class="form-group"> <label for="inputName" class="col-sm-3 control-label">Name <?php echo isset($_SESSION['email_error']['inputName']) ? $_SESSION['email_error']['inputName'] : null?></label> <div class="col-sm-9"> <input type="text" class="form-control" id="inputName" placeholder="Name" name="inputName"><br /> </div> </div> <div class="form-group"> <label for="inputEmail" class="col-sm-3 control-label">Email <?php echo isset($_SESSION['email_error']['inputEmail']) ? $_SESSION['email_error']['inputEmail'] : null?></label> <div class="col-sm-9"> <input type="email" class="form-control" id="inputEmail" placeholder="Email" name="inputEmail"><br /> </div> </div> <div class="form-group"> <label for="inputMessage" class="col-sm-3 control-label">Message <?php echo isset($_SESSION['email_error']['inputMessage']) ? $_SESSION['email_error']['inputMessage'] : null?></label> <div class="col-sm-9"> <textarea type="text" class="form-control" id="inputMessage" placeholder="Message" name="inputMessage"></textarea><br /> </div> </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <input class="btn btn-default" type="submit" value="Submit"> </div> </div> </form> <?php //unset the errors so there only shown once unset($_SESSION['email_status']); unset($_SESSION['email_error']); ?>讨论(0)
加载中...
- 热议问题