Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    New Coder
    Join Date
    Jan 2008
    Posts
    16
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Php forms for beginners - tutorial

    Hi, I would like to have a feedback form on my website, but I do not know about the Php language. Basically, just an email and a message that I would actually receive in my email. That's it. Could anybody suggest an easy tutorial?

    Man Rui

  • #2
    New Coder
    Join Date
    Sep 2007
    Location
    US
    Posts
    88
    Thanks
    4
    Thanked 4 Times in 4 Posts
    You can find all you'll ever need to know about php here:
    http://www.php.net

    But what your asking is super simple.
    PHP Code:
    <?php

    $name 
    $_POST['name'];
    $email $_POST['email'];
    $msg $_POST['message'];

    $to "Youremail@yourhost.com";
    $subject "Feedback";
    $headers "From: $email";
    mail($to,$subject,$msg,$headers);

    ?>
    You'll want to validate and do a few other things to that first though
    I need to find a book about all this stuff. God, thats gonna be one big book!

    http://www.gamezftw.com
    Play On!

  • Users who have thanked Digicoder for this post:

    yangmanrui (01-15-2008)

  • #3
    New Coder
    Join Date
    Jan 2008
    Posts
    16
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Thanks,

    so, I would just put it anywhere in the body of my html?
    Man Rui

  • #4
    Regular Coder
    Join Date
    Dec 2007
    Posts
    145
    Thanks
    5
    Thanked 5 Times in 5 Posts
    For example a form to refer a site to a friend. It would look like this:

    Code:
    // Put this at the very top of your page, before the head
    <?php
    if(isset($_REQUEST['email']))   
    {   
      $name = $_REQUEST['name'];
    $email = $_REQUEST['email']; 
       
    $message = "$name wants you to take a look at My Site(http://www.mysite.net/)!\n\n\http://www.mysite.net\n\n";
    
    
    
      mail($femail, "Subject: My Site",
      $message, "From: $email" );
      echo "Thank you for referring our site to your friends.";
    
    }  
    else {
    
    echo "<form action='".$_SERVER['PHP_SELF']."' method=\"post\">"; 
    
    echo "Name: <input type=\"text\" name=\"name\"><br>";
    echo "Your email: <input type=\"text\" name=\"email\"><br>";
    echo "Friends email: <input type=\"text\" name=\"femail\"><br>";
    echo "<input type=\"submit\" value=\"Tell my friend!\">";
    
    }
    
    ?>
    But of course change My Site to your site name and http://www.mysite.net/ to your site if you want the script to work for your site. This is a great example of $_SERVER['PHP_SELF'], passing and getting variables, and mailing in PHP.

  • #5
    New Coder
    Join Date
    Sep 2007
    Location
    US
    Posts
    88
    Thanks
    4
    Thanked 4 Times in 4 Posts
    Yeah but you may want to use a different one, that was just an example i made up, You'll want to use this one instead:

    PHP Code:
    <form name="form1" method="post" action="">
    <table width="100%" border="0" cellspacing="0" cellpadding="2">
      <tr>
        <td width="10%">Email Address: </td>
        <td width="90%"><input name="email" type="text" id="email"></td>
      </tr>
      <tr>
        <td>Name:</td>
        <td><input name="name" type="text" id="name"> 
          (optional) </td>
      </tr>
      <tr>
        <td>Message:</td>
        <td><textarea name="message" cols="40" rows="6"></textarea></td>
      </tr>
        <tr>
        <td colspan="2"><input type="submit" name="Submit" value="Submit"></td>
      </tr>
    </table>

    </form>

    <?php

    if(isset($_POST['email']) && isset($_POST['message']))
    {
        
        
    $name $_POST['name'];
        
    $email $_POST['email'];
        
    $msg $_POST['message'];
        
        
    // You'll want to validate the email and make sure that no one is trying to send this feedback to some one else as well.
        
    if(eregi("to:",$email) || eregi("cc:",$email) || eregi('bcc:',$email)) 
            echo
    'Sorry, we couldn\'t send your message, please try again.';
        
        if(!
    ereg('^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$'$email))
            echo
    'Sorry, you entered an invalid email address!';

    /*
    * You may also want to run a strip_tags on the message so you don't get radnom html/JS in your emails
    */
        
    $msg strip_tags($msg);
        
    /*
    * Please be away that this can still be attacked by spam bots and they may use this to send you junk emails.
    */

        
    $to "Youremail@yourhost.com";
        
    $subject "Feedback";
        
    $headers "From: $name <$email>";

        
    mail($to,$subject,$msg,$headers);

    }

    ?>
    I need to find a book about all this stuff. God, thats gonna be one big book!

    http://www.gamezftw.com
    Play On!

  • Users who have thanked Digicoder for this post:

    yangmanrui (01-16-2008)

  • #6
    Regular Coder
    Join Date
    Dec 2007
    Posts
    145
    Thanks
    5
    Thanked 5 Times in 5 Posts
    And that example from Digi Coder will show the form whether or not submitted, and has extra security, if that's what you want.

  • #7
    New Coder
    Join Date
    Jan 2008
    Posts
    16
    Thanks
    4
    Thanked 0 Times in 0 Posts
    thank you guys very much,
    I will try it.

    Man rui

  • #8
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    Does anyone use the filter functions opposed to eregi? I was just wondering how good it worked in comparison.
    PHP Code:
    filter_var($emailFILTER_VALIDATE_EMAIL//validate as an email 
    Last edited by StupidRalph; 01-16-2008 at 09:43 AM.
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.

  • #9
    New Coder
    Join Date
    Jan 2008
    Posts
    16
    Thanks
    4
    Thanked 0 Times in 0 Posts
    thanks,

    Here is what i did. I have a website where people learn languages for free .(human not computer www.languagelearninglinks.org ) My friend, who hosts my site told me that he has only Ruby on Rail, but his friend can host for me ( he says that he has Php...)
    Long story short. I copied your post and put it in my page. It is tentatively at www.jiriskalsky.com. I have substituted the email address with my email studentmatters@yahoo.com, but somehow it doesn't work. Could you give me some advice?

    Man rui

  • #10
    New Coder
    Join Date
    Sep 2007
    Location
    US
    Posts
    88
    Thanks
    4
    Thanked 4 Times in 4 Posts
    GoDaddy requires the use of their own email script, not yours.

    Read the information provided by GoDaddy about processing forms.

    See this:
    http://codingforums.com/sitemap/t-49998.html

    Sorry, godaddy is gay, I host there too.
    I need to find a book about all this stuff. God, thats gonna be one big book!

    http://www.gamezftw.com
    Play On!

  • #11
    Regular Coder
    Join Date
    Dec 2007
    Location
    Nebraska
    Posts
    113
    Thanks
    0
    Thanked 2 Times in 2 Posts
    There is no need to look for every possible mail header in the content to determine if someone is trying header injection. You simply need to look for newline "\n" characters. Header injection can't be done if they can't separate the headers with newlines.

    That still won't provide complete protection. The body of the message isn't a header, but an attacker can insert alternate messages and attachments. You would need to do a case insensitive match for "boundary" and "content-type" for any input intended for the message body.

    That will take care of injection, but not automated submissions. What people don't seem to understand is that spammers actively look for "contact us" or "feedback" forms. If they find one, they will hit it, either personally, or using a bot. It's just not as simple as using the mail function anymore.

    There is no point to adding such widely used code in a procedural manner, when it could be done in a re-usable class, or better yet use proven code such as PHPMailer or PEAR::mail and be done with it.
    Deliver yesterday, code today, think tomorrow.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •