Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Stop PHP script running from address bar

Hello,

I have a simple php script that takes information from a form on my website and then emails me the information. While testing I noticed that if I input the script path into the address bar it sends me an empty email, is there any way to stop this in order to prevent anyone maliciously trying to send me emails (All of the validation is done on the form before it gets posted.)

PHP script below:

<?php  
 

############### Code

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to="xxxx@yyyy.com";

// Your subject
$subject="Enquiry";

// From
$header="me";

// send email
$sentmail = mail($to,$subject,$header);

// if your email succesfully sent
if($sentmail){
echo "Email Has Been Sent .";
}
else {
echo "Cannot Send Email ";
}

?>
0
newbey
Asked:
newbey
1 Solution
 
mattibuttCommented:
you should use isset get or post pre condition based on what you are using when its empty then dont process email
0
 
gfdosCommented:
tell it to check subject and or email content.... if blank dont send.
0
 
gfdosCommented:
check the info that is to be sent from the form... if it doesnt exist or is all null.... dont send (like it would be if you just went to the page from a empty webrowser
0
 
Ray PaseurCommented:
The whole "form-to-email" thing has kind of "been done" before.  Here is a little script that is a teaching example.  You can tailor it to your needs quite easily.  Please post back here with any questions.  Best, ~Ray
<?php // RAY_form_to_email.php
error_reporting(E_ALL);

// SEND MAIL FROM A FORM

// A FUNCTION TO CLEAN UP THE DATA - AVOID BECOMING AN OPEN-RELAY FOR SPAM
function clean_string($str)
{
    $str = stripslashes($str);
    $str = trim(preg_replace("/ +/", " ", $str));
    $str = preg_replace('/^ a-zA-Z0-9&+:?_\.\-/', '', $str);
    return $str;
}

// REQUIRED VALUES ARE PREPOPULATED - CHANGE THESE FOR YOUR WORK
$from  = "NoReply@Your.org";
$subj  = "Contact Form";

// THIS IS AN ARRAY OF RECIPIENTS
$to[]  = "You@Your.org";
$to[]  = "Her@Your.org";
$to[]  = "Him@Your.org";

// IF THE DATA HAS BEEN POSTED
if (!empty($_POST['email']))
{
    // CLEAN UP THE POTENTIALLY BAD AND DANGEROUS DATA
    $email      = clean_string($_POST["email"]);
    $name       = clean_string($_POST["name"]);
    $telephone  = clean_string($_POST["telephone"]);

    // CONSTRUCT THE MESSAGE
    $content    = '';
    $content   .= "You have a New Query From $name \n\n";
    $content   .= "Tel No: $telephone\n";
    $content   .= "Email: $email\n";

    // SEND MAIL TO EACH RECIPIENT
    foreach ($to as $recipient)
    {
        if (!mail( $recipient, $subj, $content, "From: $from\r\n"))
        {
            echo "MAIL FAILED FOR $recipient";
        }
        else
        {
            echo "MAIL WORKED FOR $recipient";
        }
    }
} // END OF PHP - PUT UP THE FORM
?>
<form method="post">
<br/>Email: <input name="email" />
<br/>Phone: <input name="telephone" />
<br/>Name:  <input name="name" />
<br/><input type="submit" />
</form>

Open in new window

0
 
newbeyAuthor Commented:
Thanks for your help
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now