Basic Mailform
Josh-
Royal Oak, MI
Basic Mailform
-- Josh
[php]
<?php
if ($do != "sendmail") {
?>
<form name="sendmail" action="$PHP_SELF" method="post">
<font face="Verdana,Arial" size="2">
<input type="hidden" name="do" value="sendmail">
E-Mail: <input type="text" name="email" size="60">
Subject: <input type="text" name="subject" size="60">
Comments:<textarea name="comments" rows="10" cols="30"></textarea>
<input type="submit" value="submit">
</font>
</form>
<?php
} elseif ($do == "sendmail") {
mail("your@email.com",$subject,$email,$comments) or die("Error: the message could not be sent");
} // endif
?>
[/php]
-- Josh
[php]
<?php
if ($do != "sendmail") {
?>
<form name="sendmail" action="$PHP_SELF" method="post">
<font face="Verdana,Arial" size="2">
<input type="hidden" name="do" value="sendmail">
E-Mail: <input type="text" name="email" size="60">
Subject: <input type="text" name="subject" size="60">
Comments:<textarea name="comments" rows="10" cols="30"></textarea>
<input type="submit" value="submit">
</font>
</form>
<?php
} elseif ($do == "sendmail") {
mail("your@email.com",$subject,$email,$comments) or die("Error: the message could not be sent");
} // endif
?>
[/php]
0
Comments
action="$_SERVER"
$PHP_SELF will work if you have register_globals = on in your php.ini.. but having globals on is BAD for security.
Use them off and use Mr K's suggestion instead
-.-
eg: fake_globals.pm
$PHP_SELF = $_SERVER;
and so on and so forth.
I'm not advocating this be done because I think it encourages poor programming practices and takes extra time to include the file when the script is called, but if you just can't break yourself from using global names, you can at least break yourself from using the global namespace which will increase security.
[PHP]$tmp_str = ""; // Set a temp string
foreach ($_SERVER as $key => $value) {
$tmp_str .= $key ."=". $value ."&"; // Add the values to the string, formatted.
}
trim($tmp_str,"&"); // Trim the extra "&" off the end.
parse_str($tmp_str); // Parse the temp string into variables
unset($tmp_str, $key, $value); // Clean it up[/PHP]
Now everything inside $_SERVER is outside. The global feeling without the security risk and painfully log code . I, myself, hate the globals theory, and have set them myself from day 1. I don't use the above code either, as now you have 29 variables for the use of a couple. Bad programming practice too, I might add.
Enjoy anyway
Will give you all your answers