Code: Selecteer alles
<head>
<title> Form</title>
</head>
<body>
<h1>Send Us Your order details!</h1>
<form action="send_mail.php" method="post">
<table>
</tr>
<tr>
<td>Name:</td>
<td>
<input type="text" name="yorname" value="" maxlength="100" size="20" />
</td>
</tr>
<tr>
<td>Email Adress:</td>
<td>
<input type="text" name="email_address" value="" maxlength="100" size="20" />
</td>
</tr>
<tr>
<td>Order number:</td>
<td>
<input type="text" name="comments" value="" maxlength="100" size="20" />
</td>
<tr><td> </td>
<td>
<input type="submit" style="font-size: 36pt" value="Submit" />
</td>
</tr>
</table>
</form>
</body>
</html>
Mijn PHP code
========
<?php
// This function checks for email injection. Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
function isInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}
// Load form field data into variables.
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$yourname = $_REQUEST['yourname'] ;
// If the user tries to access this script directly, redirect them to feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: feedback_form.html" );
}
// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($comments)) {
header( "Location: error_message.html" );
}
// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: error_message.html" );
}
// If we passed all previous tests, send the email!
else {
mail( "info@mijn mail.nl", " Form Results",
$yourname, $comments, "From: $email_address" );
header( "Location:thankyou.html" );
}
?>
=========
Code: Selecteer alles
// Load form field data into variables.
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$yourname = $_REQUEST['yourname'] ;
Iemand enig idee?