Help with contact form!!

laurieballard

I have coded a contact form in HTML and created a PHP script to send the form to my email address. I uploaded both to the server and when i click on 'Send' it just takes me to the php script as if t is a link instead of running the actual script itself.

The coding is below:

This is the HTML code i used to create the form

http://www.complain2.co.uk/test/text/contactus.txt

This is the PHP script i used (minus the <?php and ?> tags)

http://www.complain2.co.uk/test/text/contactform.txt

The actual form on the servers is here

http://www.complain2.co.uk/test/contactus.html

Any help would be appreciated.

NogDog

You have a parse error. This line needs the terminating colon changed to a semi-colon:

	$email = $_POST['email']:

NogDog

PS: You should either validate the user-input email value or filter it, in order to ensure it is not used for header injection and thus hijacking of your form by spammers.

laurieballard

Thanks very muc for spotting that.

How would i go about validating the email field?....i am very new to php and this is my first script btw

TheQ

Here's one way to validate the email, but there are numerous tutorials and scripts out there (do a search).

<?
if (empty($_POST['email']))
{
$errors[] = 'Please enter an e-mail';
}
else if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $_POST['email']))
{
$errors[] = 'Please enter a valid e-mail address';
}
?>

NogDog

The simplest thing as far as header injection is concerned is to reject any user inputs that contain a carriage return or newline, other that for data that is supposed to allow that, such as the message text to be used in the body of the email. At its crudest:

if(preg_match('/[\r\n]/', $_POST['email']))
{
   die("Illegal character in email address");
}

Obviously you could do more to make the exit more graceful, but then no legitimate user should be able to get newlines into your email field to begin with.