- Home
- Categorie
- Coding e Sistemistica
- PHP
- Consiglio script contact form
-
Consiglio script contact form
Salve, vorrei utilizzare questo script per l'invio di una email da un form. Ecco il codice:
File email.htm
[php]............
<form action="email.php?action=send" method="post">
<table width="50%">
<tr>
<td width="110"><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Email:</font></div></td>
<td width="260"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input name="from" type="text" id="from">
</font></td>
</tr>
<tr>
<td><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Name:</font></div></td>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="fullname">
</font></td>
</tr>
<tr>
<td><div align="right"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div></td>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input name="subject" type="text" id="subject">
</font></td>
</tr>
<tr>
<td height="136"><div align="right">
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Message:</font></p>
<p> </p>
<p> </p>
<p> </p>
</div></td>
<td><textarea name="message" rows="7" id="message"></textarea>
<font size="2" face="Verdana, Arial, Helvetica, sans-serif"> </font></td>
</tr>
</table>
<p>
<input type="submit" value="Send">
</p>
</form>
................[/php]File email.php[php]<?php
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
if ($action == "send")
{
include("config.php");
$to = $ademail;
$from = $_POST['from'];
$name = $_POST['fullname'];
$subject = $_POST['subject'];
$message = $_POST['message'];$to = trim($to);
$from = trim($from);
$name = trim($name);
$subject = trim($subject);
$message = trim($message);if (empty($to))
{
$ermessage = "Error: Email address to can not be blank, Please enter your email address in the config file!";
include("inc/email_error.htm"); exit();
}
if (empty($from))
{
$ermessage = "Error: Email address can not be blank, Please enter your email address!";
include("inc/email_error.htm"); exit();
}
if (!ereg('^[-!#$%&'*+./0-9=?A-Z^a-z{|}~]+'. '@'. '[-!#$%&'*+\/0-9=?A-Z^_a-z{|}~]+.'.
'[-!#$%&'*+./0-9=?A-Z^`a-z{|}~]+$', $from))
{
$ermessage = "Error: Invalid Email address, Please re-enter your email address!";
include ("_inc/email_error.htm"); exit;
}
if (empty($name))
{
$ermessage = "Error: Please enter your name!";
include("_inc/email_error.htm"); exit();
}
if (empty($subject))
{
$ermessage = "Error: Subject can not be blank, Please enter email subject";
include("_inc/email_error.htm"); exit();
}
if (empty($message))
{
$ermessage = "Error: Message body can not be blank, Please enter email message";
include("_inc/email_error.htm"); exit();
}
$send = mail($to, $subject, $message, "From: {$from}");
if ($send)
{
include("_inc/email_sent.htm"); exit();
}
else
{
$ermessage = "Error: You message has not been sent, please try again";
include("_inc/email_error.htm"); exit();
}
}
else
{
include("_inc/email.htm");
}
?> [/php]Lo script mi pare pericoloso per l'utilizzo di questo codice
[php]extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);[/php]Quindi vorrei modificarlo cosìfile email.htm
<div class="boxcode">[php]..................
<form method="post" action="email.php">
..................<input type="submit" value="invia">
..................
[/php]File email.php
[php]
<?php
if ($_POST)
{
..................
[/php]Sono sulla buona strada o parto già sbagliando?Mi consigliate anche come validare meglio l'input sui campi?
Grazie