开发者

Problem with php form

问答 作者:

I have been asked by a friend to amend some code for his contact form. I don't know php so this is proving quite difficult. I know fluent HTML and CSS though.

The form needs to send name and email details to his email AND redirect to a thank you page. The redirect works fine as does all of the errors etc but it won't send any mail! This is the code:

<?php 
if(isset($_POST['txtName'])){

$sql = "SELECT * FROM tbl_ezine WHERE email = '$_POST[txtEmail]'";
$result = dbQuery($sql);
$numRows = dbNumRows($result);
if($numRows > 0){
echo "<script>window.location = 'http://www.thankyoupageishere.com';</script>";
}else{

if($_POST['txtEmail'] != "" && $_POST['txtEmail'] != "Email Address"){

$searchfor = "@";
$searchfor2 = ".";

$find1 = strpos($_POST['txtEmail'],$searchfor); // CHECK IF EMAIL CONTAINS @ SYMBOL
$find2 = strpos($_POST['txtEmail'],$searchfor2); // CHECK IF EMAIL CONTAINS . SYMBOL


if($find1 === false || $find2 === false) {
 // string needle NOT found in haystack
$errorStr = "Invalid email format.";
}
else {
 // string needle found in haystack
$sql = "INSERT INTO tbl_ezine (username, email, event) VALUES ('$_POST[txtName]', '$_POST[txtEmail]', 'hop')";
$result = dbQuery($sql);    
ec开发者_运维百科ho "<script>window.location = 'http://www.thankyoupageishere.com';</script>";
}


}else{// FIELDS ARE BLANK OR UNCHANGED
    $errorStr = "Please enter your name and email to continue.";
}
}
}

?>

<div id="content" class="hop" style="min-height:220px;">

<div id="body" style="min-height:200px;padding-right:340px;">
    <h2>Sign up to download your photos</h2>
    <p>Complete the registration form</p>
<?php 
if($errorStr != ""){echo "<p style=\"color:#F00;\">" . $errorStr . "</p>";}
?>
<form name="hop" class="competition" method="post" action="">
        <input type="text" value="Name" class="contact-name" name="txtName" /> <input type="text" value="Email Address" class="contact-email" name="txtEmail" /> <input type="submit" value="SUBMIT&gt;" class="submit" /></form>
</div>

Can someone tell me where I enter the email details!

Thanks.

where is your mail function?

you should use php's mail function to send emails.

htmlspecialchars() will make the input secure, because you want to avoid xss and sql injections . Dont ever develop something as insecure as the code you posted.

$name=htmlspecialchars($_POST['txtName'],ENT_QUOTES); 
$email=htmlspecialchars($_POST['txtEame'],ENT_QUOTES);
mail("yourfriendsemail@gmail.com","(subject) A new mail","name: $name , email: $email");

It won't send any email because you haven't used the php mail() command anywhere.

You can find the full reference to the function and examples at http://php.net/manual/en/function.mail.php

$sql = "INSERT INTO tbl_ezine (username, email, event) VALUES ('$_POST[txtName]', '$_POST[txtEmail]', 'hop')";
$result = dbQuery($sql);    
/*send mail here*/
mail($_POST[txtEmail], 'Your email subject', 'your email content here', "From: youremail@yourdomain.com\r\n");
echo "<script>window.location = 'http://www.thankyoupageishere.com';</script>";

But, before you go and make this code live,I would suggest you to use some readymade script. For example, $_POST[txtEmail] should be $_POST['txtEmail']. You are not filtering user input. Unsafe user input is a security hole. IMHO, if you do not have any interest in learning PHP or programming hire some freelance for 10$ to do the script rather than doing it yourself and landing in trouble.

You could try: (replace the 2 variables with the content you want). I also fixed a few incorrect uses of the $_POST array (you forgot the single quotes around txtEmail in places)

    <?php 
if(isset($_POST['txtName'])){

$sql = "SELECT * FROM tbl_ezine WHERE email = '". $_POST['txtEmail'] . "'";
$result = dbQuery($sql);
$numRows = dbNumRows($result);
if($numRows > 0){
//************ EDIT THESE ****************
$subject = "Your email subject";
$message = "Your email message";
//****************************************
mail($_POST['txtEmail'], $subject, $message);


echo "<script>window.location = 'http://www.thankyoupageishere.com';</script>";
}else{

if($_POST['txtEmail'] != "" && $_POST['txtEmail'] != "Email Address"){

$searchfor = "@";
$searchfor2 = ".";

$find1 = strpos($_POST['txtEmail'],$searchfor); // CHECK IF EMAIL CONTAINS @ SYMBOL
$find2 = strpos($_POST['txtEmail'],$searchfor2); // CHECK IF EMAIL CONTAINS . SYMBOL


if($find1 === false || $find2 === false) {
 // string needle NOT found in haystack
$errorStr = "Invalid email format.";
}
else {
 // string needle found in haystack
$sql = "INSERT INTO tbl_ezine (username, email, event) VALUES ('". $_POST['txtName']."', '".$_POST['txtEmail'].'", 'hop')";
$result = dbQuery($sql);    
echo "<script>window.location = 'http://www.thankyoupageishere.com';</script>";
}


}else{// FIELDS ARE BLANK OR UNCHANGED
    $errorStr = "Please enter your name and email to continue.";
}
}
}

?>

<div id="content" class="hop" style="min-height:220px;">

<div id="body" style="min-height:200px;padding-right:340px;">
    <h2>Sign up to download your photos</h2>
    <p>Complete the registration form</p>
<?php 
if($errorStr != ""){echo "<p style=\"color:#F00;\">" . $errorStr . "</p>";}
?>
<form name="hop" class="competition" method="post" action="">
        <input type="text" value="Name" class="contact-name" name="txtName" /> <input type="text" value="Email Address" class="contact-email" name="txtEmail" /> <input type="submit" value="SUBMIT&gt;" class="submit" /></form>
</div>

继续阅读:emailformsphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9