Fmdpa Posted June 11, 2010 Share Posted June 11, 2010 I created an email form and downloaded ArGoSoft Mail Server. I tested it using that, and although I received the email in outlook, everything was blank (no subject, body or name). The form: <form name="form1" method="post" action="send_contact.php" onsubmit="return vForm(document.form1);"><h3>Subject:</h3><input type="text" name="subject" size="50"><h3>Message:</h3><textarea name="detail" cols="50" rows="5"></textarea><h3>Name:</h3><input type=”text” name="name" size="50"><h3>Email:</h3><input type=”text” name="customer_mail" size="50"><input style="cursor:hand” alt="submit" title="Submit e-mail" type="submit" name="Submit" value="Submit"></form> send_contact.php <?php// Contact subject$subject ="$subject"; // Details$message="$detail"; // Mail of sender$mail_from="$customer_mail"; // From $header="from: $name <$mail_from>"; // Enter your email address$to ='me@localhost'; $send_contact=mail($to,$subject,$message,$header);// Check, if message sent to your email // display message "We've recived your information"if($send_contact){echo "We've recived your contact information";}else {echo "ERROR";}?> Link to comment Share on other sites More sharing options...
wirehopper Posted June 11, 2010 Share Posted June 11, 2010 $subject ="$subject"; should be$subject=$_POST['subject'];With the caveat that it should be sanitized prior to sending.Sanitized means that any javascript and harmful content be removed.A simple sanitization would be to allow only letters, numbers and a few punctuation characters, then discard the rest. For example:$subject=preg_replace('/\W\.\,\!\$\*\'\"/','',$_POST['subject']); // This should discard anything that isn't a letter, digit, and not one of the listed punctuation characters.Not tested.http://www.php.net/manual/en/function.preg-replace.phphttp://www.php.net/manual/en/regexp.reference.backslash.php Link to comment Share on other sites More sharing options...
Fmdpa Posted June 11, 2010 Author Share Posted June 11, 2010 Lets go through the sanitization; I'm not sure if I understand all of it. $subject=preg_replace('/\W\.\,\!\$\*\'\"/','',$_POST['subject']); It begins with an apostrophe ' and forward slash...?/*Understood\W (allow letters)\. (allow period)\! (allow exclamation mark)\$(allow $ sign)\*(allow asterisk)\'(allow apostrophe)\"(allow quotes)*//',",...But...this (and the beginning) part is confusing me. Link to comment Share on other sites More sharing options...
Fmdpa Posted June 11, 2010 Author Share Posted June 11, 2010 Here's the modified code. <?php// Contact subject$subject=preg_replace('/\W\.\,\!\$\*\'\"/','',$_POST['subject']);// Details$message=preg_replace('/\W\.\,\!\$\*\'\"/','',$_POST['detail']);// Mail of sender$mail_from=preg_replace('/\W\.\,\!\$\*\'\"/','',$_POST['customer_mail']);// From$header="from: $name <$mail_from>";// Enter your email address$to ='me@localhost';$send_contact=mail($to,$subject,$message,$header);// Check, if message sent to your email// display message "We've recived your information"if($send_contact){echo "We've recived your contact information";}else {echo "ERROR";}?> The email was sent and received smoothly, and all of the text went through. That's the problem. I put a > sign in the body just to test the preg_replace, but it arrived in the inbox unchanged. Link to comment Share on other sites More sharing options...
wirehopper Posted June 11, 2010 Share Posted June 11, 2010 The preg_replace call needs to changed. I don't have time now, I'll check back later.The links on the other post have the information you need. Link to comment Share on other sites More sharing options...
Fmdpa Posted June 11, 2010 Author Share Posted June 11, 2010 The preg_replace tutorial page is hard for me to understand since I am not extremely familiar with PHP yet. But I get the impression I should be doing something like this: <?php// Contact subject$subject=$_POST['subject'];// Details$message=$_POST['detail'];// Mail of sender$mail_from=$_POST['customer_mail'];// From$header="from: $name <$mail_from>";$pattern=('/\W\.\,\!\$\*\'\"/','')preg_replace($pattern,$subject,$message,$mail_from);// Enter your email address$to ='me@localhost';$send_contact=mail($to,$subject,$message,$header);// Check, if message sent to your email// display message "We've recived your information"if($send_contact){echo "We've recived your contact information";}else {echo "ERROR";}?> ??? Link to comment Share on other sites More sharing options...
wirehopper Posted June 11, 2010 Share Posted June 11, 2010 The prior post (#4) was better.Make a simple script that loops through different values to test the preg code until it works the way you want it to.Remember that the email address needs to have an @, or it won't work - you could allow @ characters through.This example may help you: $sTestString='This - is - \x3a <!@#$%^&*(){}\x0e'."\x7e".chr(13).chr(2).chr(0).'***'."\0Blink\0".base64_encode('spaghetti');var_dump($sTestString);echo PHP_EOL;var_dump(strip_chars($sTestString));echo PHP_EOL;function strip_chars($sInput,$sCharRegExp='/[\-=<>+#&%;:]/'){ $aRegExp=array($sCharRegExp,'/[\pCc]/','/[\x7b\x7d\x3c\x3e]/','/\0+/','/(\\\\0)+/','/[\{\}]/'); return preg_replace($aRegExp,'',$sInput);} Link to comment Share on other sites More sharing options...
Fmdpa Posted June 11, 2010 Author Share Posted June 11, 2010 I'll give that a try! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.