Web Conference 2005
Writing PHP for ITS/ASET Web services
Email Submission Form
|
|
Web Conference 2005Writing PHP for ITS/ASET Web servicesEmail Submission Form |
|
| <- Back - The POST Method | | | Up | | | Saving Data on the Server - Next -> |
Next we will build a form that will send an email upon submission. Create a new file with the following content:
<html>
<body>
<?php
// Set the following variable to your email address:
$my_email = 'xyz123@psu.edu';
if( isset($_REQUEST['subject']) && isset($_REQUEST['message']) ){
if( mail( $my_email,
"Email form: " . htmlspecialchars($_REQUEST['subject']),
htmlspecialchars($_REQUEST['message']),
"From: Email Submission Form <$my_email>\r\n" .
"X-Mailform-Submitted-By-IP: " . $_SERVER['REMOTE_ADDR'] . "\r\n" )){
echo "<p>Email sent successfully.</p>\n";
}else{
echo "<p>There was an error attempting to send mail.</p>\n";
}
}else{
?>
<form action="mailform.php" method="POST">
<p>Send me an email.</p>
<p>Subject: <input type="text" name="subject"></p>
<p>Body:</p>
<textarea cols=70 rows=5 name="message">
</textarea>
<p>
<input type="reset"><input type="submit">
</p>
</form>
<?php
}
?>
</body>
</html>
Before saving, go back and change the value of $my_email,
xyz123@psu.edu to be your email address.
Save the file as mailform.php in your space.
Next, view mailform.php in a browser. It should look like this:
Notice the form will send mail to your email address, which you set in $my_email.
You may allow the user to specify the destination address, but that may allow for abuse, such as relaying unsolicited commercial email to unsuspecting parties.
It may be preferable to provide a select list in the form and configure the script to only send mail to one of those addresses.
It will also send it from your email address.
You may ask the user to specify his/her return address, but you will be relying on all site visitors to be honest.
In sites that require authentication (such as with Penn State WebAccess to be discussed in a later lesson), one may be able to automatically determine the return address from the userid or directory information.
Finally, it will send an email header, X-Mailform-Submitted-By-IP which designates the IP address of the computer from whence the form submission was
made.
This last header is useful from a security standpoint to help track who sent the email in cases of abuse.
It can be named whatever you want, but the name must start with "X-" so as not to confuse it with other email headers as required by RFC 2822 (Internet Standards Document on Email formatting).
In addition to tracking the IP address of the sender, it is wise to restrict from whence and to which address domains an email address may be made.
This form makes use of the mail() function. If you read the manual page, it will tell you what options it will take, in what order, which are required or optional, what types they should be and how they should be formatted.
| <- Back - The POST Method | | | Up | | | Saving Data on the Server - Next -> |
|
If you have any questions, feel free to ask me. Content by: Jeff D'Angelo <jcd@psu.edu> © 2005 Last update on: Mon Jun 29, 2009, 12:14:51 AM |
|