» Consiglio script contact form

ciucciarello · 09-01-09, 13:31

Salve, vorrei utilizzare questo script per l'invio di una email da un form. Ecco il codice:
File email.htm

Codice PHP:


			
............ 
    <form action="email.php?action=send" method="post"> 
     <table width="50%"> 
      <tr>  
       <td width="110"><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Email:</font></div></td> 
       <td width="260"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">  
        <input name="from" type="text" id="from"> 
        </font></td> 
      </tr> 
      <tr>  
       <td><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Name:</font></div></td> 
       <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">  
        <input type="text" name="fullname"> 
        </font></td> 
      </tr> 
      <tr>  
       <td><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div></td> 
       <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">  
        <input name="subject" type="text" id="subject"> 
        </font></td> 
      </tr> 
      <tr>  
       <td height="136"><div align="right">  
         <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Message:</font></p> 
         <p>&nbsp;</p> 
         <p>&nbsp;</p> 
         <p>&nbsp;</p> 
        </div></td> 
       <td><textarea name="message" rows="7" id="message"></textarea> 
        <font size="2" face="Verdana, Arial, Helvetica, sans-serif">&nbsp;</font></td> 
      </tr> 
     </table> 
     <p>  
      <input type="submit" value="Send"> 
     </p> 
    </form> 
................

File email.php

Codice PHP:


			
<?php 
extract($HTTP_GET_VARS); 
extract($HTTP_POST_VARS); 
if ($action == "send") 
{ 
include("config.php"); 
$to = $ademail; 
$from = $_POST['from']; 
$name = $_POST['fullname']; 
$subject = $_POST['subject']; 
$message = $_POST['message']; 

$to = trim($to); 
$from = trim($from); 
$name = trim($name); 
$subject = trim($subject); 
$message = trim($message); 

if (empty($to)) 
{ 
$ermessage = "Error: Email address to can not be blank, Please enter your email address in the config file!"; 
include("_inc/email_error.htm"); exit(); 
} 
if (empty($from)) 
{ 
$ermessage = "Error: Email address can not be blank, Please enter your email address!"; 
include("_inc/email_error.htm"); exit(); 
} 
if (!ereg('^[-!#$%&'*+./0-9=?A-Z^_`a-z{|}~]+'. 
'@'. 
'[-!#$%&'*+\/0-9=?A-Z^_`a-z{|}~]+.'. 
'[-!#$%&'*+\./0-9=?A-Z^_`a-z{|}~]+$', $from)) 
{ 
$ermessage = "Error: Invalid Email address, Please re-enter your email address!"; 
include ("_inc/email_error.htm"); exit; 
} 
if (empty($name)) 
{ 
$ermessage = "Error: Please enter your name!"; 
include("_inc/email_error.htm"); exit(); 
} 
if (empty($subject)) 
{ 
$ermessage = "Error: Subject can not be blank, Please enter email subject"; 
include("_inc/email_error.htm"); exit(); 
} 
if (empty($message)) 
{ 
$ermessage = "Error: Message body can not be blank, Please enter email message"; 
include("_inc/email_error.htm"); exit(); 
} 
$send = mail($to, $subject, $message, "From: {$from}"); 
if ($send) 
{ 
include("_inc/email_sent.htm"); exit(); 
} 
else  
{  
$ermessage = "Error: You message has not been sent, please try again"; 
include("_inc/email_error.htm"); exit(); 
} 
} 
else 
{ 
include("_inc/email.htm"); 
} 
?>

Lo script mi pare pericoloso per l'utilizzo di questo codice

Codice PHP:


			
extract($HTTP_GET_VARS); 
extract($HTTP_POST_VARS);

Quindi vorrei modificarlo così

file email.htm

<div class="boxcode">

Codice PHP:


			
.................. 
<form method="post" action="email.php"> 
.................. 
       
<input type="submit" value="invia"> 
..................

File email.php

Codice PHP:


			
<?php 
if ($_POST) 
{ 
..................

Sono sulla buona strada o parto già sbagliando?

Mi consigliate anche come validare meglio l'input sui campi?
Grazie

09-01-09, 13:31	#1 (permalink)
ciucciarello Esperto Data di registrazione: Dec 2006 Messaggi: 282	Consiglio script contact form Salve, vorrei utilizzare questo script per l'invio di una email da un form. Ecco il codice: File email.htm Codice PHP: ............ <form action="email.php?action=send" method="post"> <table width="50%"> <tr> <td width="110"><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Email:</font></div></td> <td width="260"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"> <input name="from" type="text" id="from"> </font></td> </tr> <tr> <td><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Name:</font></div></td> <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif"> <input type="text" name="fullname"> </font></td> </tr> <tr> <td><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div></td> <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif"> <input name="subject" type="text" id="subject"> </font></td> </tr> <tr> <td height="136"><div align="right"> <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Message:</font></p> <p> </p> <p> </p> <p> </p> </div></td> <td><textarea name="message" rows="7" id="message"></textarea> <font size="2" face="Verdana, Arial, Helvetica, sans-serif"> </font></td> </tr> </table> <p> <input type="submit" value="Send"> </p> </form> ................ File email.php Codice PHP: <?php extract($HTTP_GET_VARS); extract($HTTP_POST_VARS); if ($action == "send") { include("config.php"); $to = $ademail; $from = $_POST['from']; $name = $_POST['fullname']; $subject = $_POST['subject']; $message = $_POST['message']; $to = trim($to); $from = trim($from); $name = trim($name); $subject = trim($subject); $message = trim($message); if (empty($to)) { $ermessage = "Error: Email address to can not be blank, Please enter your email address in the config file!"; include("_inc/email_error.htm"); exit(); } if (empty($from)) { $ermessage = "Error: Email address can not be blank, Please enter your email address!"; include("_inc/email_error.htm"); exit(); } if (!ereg('^[-!#$%&'+./0-9=?A-Z^_`a-z{\|}~]+'. '@'. '[-!#$%&'+\/0-9=?A-Z^_`a-z{\|}~]+.'. '[-!#$%&'*+\./0-9=?A-Z^_`a-z{\|}~]+$', $from)) { $ermessage = "Error: Invalid Email address, Please re-enter your email address!"; include ("_inc/email_error.htm"); exit; } if (empty($name)) { $ermessage = "Error: Please enter your name!"; include("_inc/email_error.htm"); exit(); } if (empty($subject)) { $ermessage = "Error: Subject can not be blank, Please enter email subject"; include("_inc/email_error.htm"); exit(); } if (empty($message)) { $ermessage = "Error: Message body can not be blank, Please enter email message"; include("_inc/email_error.htm"); exit(); } $send = mail($to, $subject, $message, "From: {$from}"); if ($send) { include("_inc/email_sent.htm"); exit(); } else { $ermessage = "Error: You message has not been sent, please try again"; include("_inc/email_error.htm"); exit(); } } else { include("_inc/email.htm"); } ?> Lo script mi pare pericoloso per l'utilizzo di questo codice Codice PHP: `extract($HTTP_GET_VARS); extract($HTTP_POST_VARS);` Quindi vorrei modificarlo così file email.htm <div class="boxcode"> Codice PHP: `.................. <form method="post" action="email.php"> .................. <input type="submit" value="invia"> ..................` File email.php Codice PHP: `<?php if ($_POST) { ..................` Sono sulla buona strada o parto già sbagliando? Mi consigliate anche come validare meglio l'input sui campi? Grazie
	__________________ Studio legale Nola, Roma - Infortunistica stradale

Condividi questo contenuto nei Social Network:		Tweet
Ti stiamo aspettando: Registrati subito e gratis. Entra a far parte di una delle comunità più attive in Italia. Se hai dimenticato i tuoi dati li puoi recuperare subito.

Strumenti di discussione
Visualizza la versione stampabile Invia la pagina tramite email