Solved

Stop PHP script running from address bar

Posted on 2010-08-30
5
274 Views
Last Modified: 2012-05-10
Hello,

I have a simple php script that takes information from a form on my website and then emails me the information. While testing I noticed that if I input the script path into the address bar it sends me an empty email, is there any way to stop this in order to prevent anyone maliciously trying to send me emails (All of the validation is done on the form before it gets posted.)

PHP script below:

<?php  
 

############### Code

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to="xxxx@yyyy.com";

// Your subject
$subject="Enquiry";

// From
$header="me";

// send email
$sentmail = mail($to,$subject,$header);

// if your email succesfully sent
if($sentmail){
echo "Email Has Been Sent .";
}
else {
echo "Cannot Send Email ";
}

?>
0
Comment
Question by:newbey
5 Comments
 
LVL 11

Expert Comment

by:mattibutt
ID: 33560209
you should use isset get or post pre condition based on what you are using when its empty then dont process email
0
 
LVL 3

Expert Comment

by:gfdos
ID: 33560214
tell it to check subject and or email content.... if blank dont send.
0
 
LVL 3

Expert Comment

by:gfdos
ID: 33560231
check the info that is to be sent from the form... if it doesnt exist or is all null.... dont send (like it would be if you just went to the page from a empty webrowser
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 33560241
The whole "form-to-email" thing has kind of "been done" before.  Here is a little script that is a teaching example.  You can tailor it to your needs quite easily.  Please post back here with any questions.  Best, ~Ray
<?php // RAY_form_to_email.php
error_reporting(E_ALL);

// SEND MAIL FROM A FORM

// A FUNCTION TO CLEAN UP THE DATA - AVOID BECOMING AN OPEN-RELAY FOR SPAM
function clean_string($str)
{
    $str = stripslashes($str);
    $str = trim(preg_replace("/ +/", " ", $str));
    $str = preg_replace('/^ a-zA-Z0-9&+:?_\.\-/', '', $str);
    return $str;
}

// REQUIRED VALUES ARE PREPOPULATED - CHANGE THESE FOR YOUR WORK
$from  = "NoReply@Your.org";
$subj  = "Contact Form";

// THIS IS AN ARRAY OF RECIPIENTS
$to[]  = "You@Your.org";
$to[]  = "Her@Your.org";
$to[]  = "Him@Your.org";

// IF THE DATA HAS BEEN POSTED
if (!empty($_POST['email']))
{
    // CLEAN UP THE POTENTIALLY BAD AND DANGEROUS DATA
    $email      = clean_string($_POST["email"]);
    $name       = clean_string($_POST["name"]);
    $telephone  = clean_string($_POST["telephone"]);

    // CONSTRUCT THE MESSAGE
    $content    = '';
    $content   .= "You have a New Query From $name \n\n";
    $content   .= "Tel No: $telephone\n";
    $content   .= "Email: $email\n";

    // SEND MAIL TO EACH RECIPIENT
    foreach ($to as $recipient)
    {
        if (!mail( $recipient, $subj, $content, "From: $from\r\n"))
        {
            echo "MAIL FAILED FOR $recipient";
        }
        else
        {
            echo "MAIL WORKED FOR $recipient";
        }
    }
} // END OF PHP - PUT UP THE FORM
?>
<form method="post">
<br/>Email: <input name="email" />
<br/>Phone: <input name="telephone" />
<br/>Name:  <input name="name" />
<br/><input type="submit" />
</form>

Open in new window

0
 

Author Closing Comment

by:newbey
ID: 33560483
Thanks for your help
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now