It is common to send input data from a web form to an email
address (typically to the webmaster's email address).
PHP provides a convenient way to send email with the mail() functio
Syantax:-
mail(to,subject,message,headers,parameters)
----------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------
Example:-
<h2>Prashant Singh</h2>
<?php
// display form if user has not clicked submit
if (!isset($_POST["submit"]))
{
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
From: <input type="text" name="from"><br>
Subject: <input type="text" name="subject"><br>
Message: <textarea rows="10" cols="40" name="message"></textarea><br>
<input type="submit" name="submit" value="Submit Feedback">
</form>
<?php
}
else
// the user has submitted the form
{
// Check if the "from" input field is filled out
if (isset($_POST["from"]))
{
$from = $_POST["from"]; // sender
$subject = $_POST["subject"];
$message = $_POST["message"];
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail("webmaster@example.com",$subject,$message,"From: $from\n");
echo "Thank you for sending us feedback";
}
}
?>
==================================================
Secure Email :-
The best way to stop e-mail injections is to validate the input.
The code below is the same as in the previous chapter, but now we have added an input validator that checks the "from" field in the form:
<html>
<body>
<?php
function spamcheck($field)
{
// Sanitize e-mail address
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
// Validate e-mail address
if(filter_var($field, FILTER_VALIDATE_EMAIL))
{
return TRUE;
}
else
{
return FALSE;
}
}
?>
<h2>Feedback Form</h2>
<?php
// display form if user has not clicked submit
if (!isset($_POST["submit"]))
{
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
From: <input type="text" name="from"><br>
Subject: <input type="text" name="subject"><br>
Message: <textarea rows="10" cols="40" name="message"></textarea><br>
<input type="submit" name="submit" value="Submit Feedback">
</form>
<?php
}
else
// the user has submitted the form
{
// Check if the "from" input field is filled out
if (isset($_POST["from"]))
{
// Check if "from" email address is valid
$mailcheck = spamcheck($_POST["from"]);
if ($mailcheck==FALSE)
{
echo "Invalid input";
}
else
{
$from = $_POST["from"]; // sender
$subject = $_POST["subject"];
$message = $_POST["message"];
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail("webmaster@example.com",$subject,$message,"From: $from\n");
echo "Thank you for sending us feedback";
}
}
}
?>
</body>
</html>
PHP provides a convenient way to send email with the mail() functio
Syantax:-
mail(to,subject,message,headers,parameters)
----------------------------------------------------------------------------------------------------------
| Parameter | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| to | Required. Specifies the recipient's email address(es) | ||||||||
| subject | Required. Specifies the email's subject line. Note: This parameter cannot contain any newline characters | ||||||||
| message | Required. Specifies the actual email body (the message to be sent). Each line should be separated with a LF (\n). Lines should not exceed 70 characters | ||||||||
| headers | Optional. Specifies additional headers such as "From", "Cc", "Bcc", etc. The additional headers should be separated with a CRLF (\r\n) | ||||||||
| parameters | Optional. Specifies any additional parameters |
---------------------------------------------------------------------------------------------------------
Example:-
<h2>Prashant Singh</h2>
<?php
// display form if user has not clicked submit
if (!isset($_POST["submit"]))
{
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
From: <input type="text" name="from"><br>
Subject: <input type="text" name="subject"><br>
Message: <textarea rows="10" cols="40" name="message"></textarea><br>
<input type="submit" name="submit" value="Submit Feedback">
</form>
<?php
}
else
// the user has submitted the form
{
// Check if the "from" input field is filled out
if (isset($_POST["from"]))
{
$from = $_POST["from"]; // sender
$subject = $_POST["subject"];
$message = $_POST["message"];
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail("webmaster@example.com",$subject,$message,"From: $from\n");
echo "Thank you for sending us feedback";
}
}
?>
==================================================
Secure Email :-
The best way to stop e-mail injections is to validate the input.
The code below is the same as in the previous chapter, but now we have added an input validator that checks the "from" field in the form:
<html>
<body>
<?php
function spamcheck($field)
{
// Sanitize e-mail address
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
// Validate e-mail address
if(filter_var($field, FILTER_VALIDATE_EMAIL))
{
return TRUE;
}
else
{
return FALSE;
}
}
?>
<h2>Feedback Form</h2>
<?php
// display form if user has not clicked submit
if (!isset($_POST["submit"]))
{
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
From: <input type="text" name="from"><br>
Subject: <input type="text" name="subject"><br>
Message: <textarea rows="10" cols="40" name="message"></textarea><br>
<input type="submit" name="submit" value="Submit Feedback">
</form>
<?php
}
else
// the user has submitted the form
{
// Check if the "from" input field is filled out
if (isset($_POST["from"]))
{
// Check if "from" email address is valid
$mailcheck = spamcheck($_POST["from"]);
if ($mailcheck==FALSE)
{
echo "Invalid input";
}
else
{
$from = $_POST["from"]; // sender
$subject = $_POST["subject"];
$message = $_POST["message"];
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail("webmaster@example.com",$subject,$message,"From: $from\n");
echo "Thank you for sending us feedback";
}
}
}
?>
</body>
</html>
No comments:
Post a Comment