Solved

Stop PHP script running from address bar

Posted on 2010-08-30
5
275 Views
Last Modified: 2012-05-10
Hello,

I have a simple php script that takes information from a form on my website and then emails me the information. While testing I noticed that if I input the script path into the address bar it sends me an empty email, is there any way to stop this in order to prevent anyone maliciously trying to send me emails (All of the validation is done on the form before it gets posted.)

PHP script below:

<?php  
 

############### Code

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to="xxxx@yyyy.com";

// Your subject
$subject="Enquiry";

// From
$header="me";

// send email
$sentmail = mail($to,$subject,$header);

// if your email succesfully sent
if($sentmail){
echo "Email Has Been Sent .";
}
else {
echo "Cannot Send Email ";
}

?>
0
Comment
Question by:newbey
5 Comments
 
LVL 11

Expert Comment

by:mattibutt
ID: 33560209
you should use isset get or post pre condition based on what you are using when its empty then dont process email
0
 
LVL 3

Expert Comment

by:gfdos
ID: 33560214
tell it to check subject and or email content.... if blank dont send.
0
 
LVL 3

Expert Comment

by:gfdos
ID: 33560231
check the info that is to be sent from the form... if it doesnt exist or is all null.... dont send (like it would be if you just went to the page from a empty webrowser
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 33560241
The whole "form-to-email" thing has kind of "been done" before.  Here is a little script that is a teaching example.  You can tailor it to your needs quite easily.  Please post back here with any questions.  Best, ~Ray
<?php // RAY_form_to_email.php
error_reporting(E_ALL);

// SEND MAIL FROM A FORM

// A FUNCTION TO CLEAN UP THE DATA - AVOID BECOMING AN OPEN-RELAY FOR SPAM
function clean_string($str)
{
    $str = stripslashes($str);
    $str = trim(preg_replace("/ +/", " ", $str));
    $str = preg_replace('/^ a-zA-Z0-9&+:?_\.\-/', '', $str);
    return $str;
}

// REQUIRED VALUES ARE PREPOPULATED - CHANGE THESE FOR YOUR WORK
$from  = "NoReply@Your.org";
$subj  = "Contact Form";

// THIS IS AN ARRAY OF RECIPIENTS
$to[]  = "You@Your.org";
$to[]  = "Her@Your.org";
$to[]  = "Him@Your.org";

// IF THE DATA HAS BEEN POSTED
if (!empty($_POST['email']))
{
    // CLEAN UP THE POTENTIALLY BAD AND DANGEROUS DATA
    $email      = clean_string($_POST["email"]);
    $name       = clean_string($_POST["name"]);
    $telephone  = clean_string($_POST["telephone"]);

    // CONSTRUCT THE MESSAGE
    $content    = '';
    $content   .= "You have a New Query From $name \n\n";
    $content   .= "Tel No: $telephone\n";
    $content   .= "Email: $email\n";

    // SEND MAIL TO EACH RECIPIENT
    foreach ($to as $recipient)
    {
        if (!mail( $recipient, $subj, $content, "From: $from\r\n"))
        {
            echo "MAIL FAILED FOR $recipient";
        }
        else
        {
            echo "MAIL WORKED FOR $recipient";
        }
    }
} // END OF PHP - PUT UP THE FORM
?>
<form method="post">
<br/>Email: <input name="email" />
<br/>Phone: <input name="telephone" />
<br/>Name:  <input name="name" />
<br/><input type="submit" />
</form>

Open in new window

0
 

Author Closing Comment

by:newbey
ID: 33560483
Thanks for your help
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now