Solved

Stop PHP script running from address bar

Posted on 2010-08-30
5
279 Views
Last Modified: 2012-05-10
Hello,

I have a simple php script that takes information from a form on my website and then emails me the information. While testing I noticed that if I input the script path into the address bar it sends me an empty email, is there any way to stop this in order to prevent anyone maliciously trying to send me emails (All of the validation is done on the form before it gets posted.)

PHP script below:

<?php  
 

############### Code

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to="xxxx@yyyy.com";

// Your subject
$subject="Enquiry";

// From
$header="me";

// send email
$sentmail = mail($to,$subject,$header);

// if your email succesfully sent
if($sentmail){
echo "Email Has Been Sent .";
}
else {
echo "Cannot Send Email ";
}

?>
0
Comment
Question by:newbey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Expert Comment

by:mattibutt
ID: 33560209
you should use isset get or post pre condition based on what you are using when its empty then dont process email
0
 
LVL 3

Expert Comment

by:gfdos
ID: 33560214
tell it to check subject and or email content.... if blank dont send.
0
 
LVL 3

Expert Comment

by:gfdos
ID: 33560231
check the info that is to be sent from the form... if it doesnt exist or is all null.... dont send (like it would be if you just went to the page from a empty webrowser
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 33560241
The whole "form-to-email" thing has kind of "been done" before.  Here is a little script that is a teaching example.  You can tailor it to your needs quite easily.  Please post back here with any questions.  Best, ~Ray
<?php // RAY_form_to_email.php
error_reporting(E_ALL);

// SEND MAIL FROM A FORM

// A FUNCTION TO CLEAN UP THE DATA - AVOID BECOMING AN OPEN-RELAY FOR SPAM
function clean_string($str)
{
    $str = stripslashes($str);
    $str = trim(preg_replace("/ +/", " ", $str));
    $str = preg_replace('/^ a-zA-Z0-9&+:?_\.\-/', '', $str);
    return $str;
}

// REQUIRED VALUES ARE PREPOPULATED - CHANGE THESE FOR YOUR WORK
$from  = "NoReply@Your.org";
$subj  = "Contact Form";

// THIS IS AN ARRAY OF RECIPIENTS
$to[]  = "You@Your.org";
$to[]  = "Her@Your.org";
$to[]  = "Him@Your.org";

// IF THE DATA HAS BEEN POSTED
if (!empty($_POST['email']))
{
    // CLEAN UP THE POTENTIALLY BAD AND DANGEROUS DATA
    $email      = clean_string($_POST["email"]);
    $name       = clean_string($_POST["name"]);
    $telephone  = clean_string($_POST["telephone"]);

    // CONSTRUCT THE MESSAGE
    $content    = '';
    $content   .= "You have a New Query From $name \n\n";
    $content   .= "Tel No: $telephone\n";
    $content   .= "Email: $email\n";

    // SEND MAIL TO EACH RECIPIENT
    foreach ($to as $recipient)
    {
        if (!mail( $recipient, $subj, $content, "From: $from\r\n"))
        {
            echo "MAIL FAILED FOR $recipient";
        }
        else
        {
            echo "MAIL WORKED FOR $recipient";
        }
    }
} // END OF PHP - PUT UP THE FORM
?>
<form method="post">
<br/>Email: <input name="email" />
<br/>Phone: <input name="telephone" />
<br/>Name:  <input name="name" />
<br/><input type="submit" />
</form>

Open in new window

0
 

Author Closing Comment

by:newbey
ID: 33560483
Thanks for your help
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question