Php Mailer

software development

#1

Hey guys,
I’ve been really annoyed recently. This form mailer I have sends me blank emails whenever someone visits the page with the form. I have to scan through these emails to find the “actual” mail from people.

Here is a sample of my code:

<?php $name = $_GET['name']; $email = $_GET['email']; $experience = $_GET['experience']; $project = $_GET['project']; $agree = $_GET['agree']; $comments = $_GET['comments']; $to = 'i_m_a_penguin@bellsouth.net'; $subject = 'Programmer'; $body = " Name: $name Email: $email Experience: $experience Project: $project Agree: $agree Comments, etc: $comments "; mail($to, $subject, $body); ?> You can contact me through this form without the hassle of looking up my email address!

[Once you have sent this form once, nothing will have changed except the text boxes clear; don’t worry. That’s normal. It just means the email was sent.]

Name:

Email:

Previous experience (link to website):

Project (link):

Are you willing to do your best?: YesNo

Reason why you’re applying & comments:

Also, when I tried to redirect users to a thank you page when you fill out the form, it redirects the user, but the form isn’t sent to my email.

Any help is appreciated. Thanks so much!


#2

I don’t see any "method or “action” in your form at all :wink: . Take a look here for an introductory tutorial on how to create a simple PHP driven feedback form.

Additionally, you should know that the basic form mail script used in the tutorial (and your script) are very dangerous in that they don’t do anything at all to prevent email injection exploits or do anything at all to check the information entered by the user.

This is extremely dangerous practice, and such a script should never be placed “in the wild” where the general public can get at it (or even run at all IMHO).

That same site has a beginning tutorial on “hardening” such a script, but it is only a beginning tutorial that addresses a single aspect of the problem of verifying user input - hey at least it is a start:

http://www.thesitewizard.com/php/protect-script-from-email-injection.shtml

–rlparker