php mail
could you please check my script for security resons?
do you think I have an open space for the spammers to use my code to send spam emails from my web site?
I use also spry form validation with Dreamweaver.
do you think I have an open space for the spammers to use my code to send spam emails from my web site?
I use also spry form validation with Dreamweaver.
<?php
$ipi = getenv("REMOTE_ADDR");
$httprefi = getenv ("HTTP_REFERER");
$httpagenti = getenv ("HTTP_USER_AGENT");
$httpref = $_POST['httpref'];
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "my mail address";
$email_subject = "contact form";
function died($error) {
// your error code can go here
echo "there are some errors ";
echo "error<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
// validation expected data exists
if(!isset($_POST['first_name']) ||
!isset($_POST['last_name']) ||
!isset($_POST['email']) ||
!isset($_POST['telephone'])) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$first_name = $_POST['first_name']; // required
$last_name = $_POST['last_name']; // required
$email_from = $_POST['email']; // required
$telephone = $_POST['telephone']; // not required
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Web site contact form\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "<br><br>" . "Ad-Soyad: ".clean_string($first_name)."\n"."<br>";
$email_message .= "Email: ".clean_string($email_from)."\n"."<br>";
$email_message .= "Cep Tel: ".clean_string($telephone)."\n"."<br>";
$email_message .= "Sehir: ".clean_string($last_name)."\n"."<br>";
$email_message .= "IP: ".clean_string($ipi)."\n"."<br>";
$email_message .= "Refferal: ".clean_string($httprefi)."\n"."<br>";
$email_message .= "Browser: ".clean_string($httpagenti)."\n"."<br>";
$headers .= 'Content-type: text/html; charset=utf-8' ."\n";
$headers .= "Reply-To: myotheremail@domain.com" ."\n";
$headers .= 'Cc: myotheremail@domain.com' ."\n";
$headers .= 'Bcc: myotheremail@domain.com' ."\n";
// create email headers
//$headers .= "From: info@livcon.com.tr" . "\r\n";
//$headers .= "Reply-To: info@livcon.com.tr" . "\r\n";
//$headers .= "Organization: LIVCON\r\n";
//$headers .= "X-Priority: 3\r\n";
//$headers .= "X-MSMail-Priority: Normal" ."\r\n";
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
echo "thank you";
}
?>
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
darren-w-
Use htmlentities on the message : $email_message
PHP
PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.
125K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
