Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
Hello everyone. My task is to create a 'Contact Us' form where the users can type a message, click a button, and it will send it to my e-mail.
 
What I have:
four files:
 
error_message.html -- 'Oops, something went wrong' form.
feedback_form.html -- This contains my actual form.
send_mail.php -- This is the action which would send the email.
thank_you.html -- Confirmation of the send.
 
Here is the feedback_form.html
 
<div class="main_body">
                <p>Send Us Your Feedback!</p>
                <form action="send_mail.php" method="post">
                <table>
                <tr>
                <td>Email Adress:</td>
                <td>
                <input type="text" name="email_address" value="" maxlength="100" />
                </td>
                </tr>
                <tr>
                <td>Comments:</td>
                <td>
                <textarea rows="10" cols="50" name="comments"></textarea>
                </td>
                </tr>
                <tr><td>&nbsp;</td>
                <td>
                <input type="submit" value="Submit" />
                </td>
                </tr>
                </table>
                </form>
            </div>
 

Now, What I wanted to happen, was to run the send_mail.php:
 
<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "Myemail@mail.com";
 
/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
 
/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
 
/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
	$injections = array('(\n+)',
	'(\r+)',
	'(\t+)',
	'(%0A+)',
	'(%0D+)',
	'(%08+)',
	'(%09+)'
	);
	$inject = join('|', $injections);
	$inject = "/$inject/i";
	if(preg_match($inject,$str)) {
		return true;
	}
	else {
		return false;
	}
}
 
// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}
 
// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($comments)) {
header( "Location: $error_page" );
}
 
// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: $error_page" );
}
 
// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Feedback Form Results",
  $comments, "From: $email_address" );
header( "Location: $thankyou_page" );
}
?>
 
But, instead, what happens is that when I click submit on the first form, I end up downloading the send_mail.php file.
 
What is my problem? And what is the proper approach? Thanks to all.
 

NOTE: I had downloaded this as a template from a website:
http://www.quackit.com/php/tutorial/php_mail_configuration.cfm[^]
Posted 13-Sep-12 19:33pm
Comments
Peter_in_2780 at 14-Sep-12 1:43am
   
Find out about your server config. I'd bet that your send_mail.php is not recognised as executable PHP, but rather as just some text. The PHP code looks OK at a quick glance.
(If this is correct, reply and I'll turn it into an answer.)
vlad781 at 14-Sep-12 23:17pm
   
As of right now, I am hosting on a dropbox server. That may be the issue, dropbox may not recognize it. I'll look more into this, and let you know.
vlad781 at 15-Sep-12 18:05pm
   
Yes, you are correct, DropBox doesn't support php scripts. Time to look for a better way to host the site. GO ahead and post it as an answer, I'll accept it.
Sergey Alexandrovich Kryukov at 14-Sep-12 2:39am
   
It's great that you fight injection, but not sure you cover all possible situations. Do you have some formal logical proof it does? If injection is possible, it could turn your host computer into a zombie sending spam in no time...
--SA
Kislay Raj at 15-Sep-12 1:15am
   
I think it may happen due to .php extension file not setuped in your server.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Maciej Los 225
1 OriginalGriff 145
2 manoj kumar choubey 115
3 _Amy 115
4 Sergey Alexandrovich Kryukov 105
0 OriginalGriff 7,320
1 Sergey Alexandrovich Kryukov 6,043
2 Maciej Los 3,749
3 Peter Leow 3,408
4 DamithSL 2,555


Advertise | Privacy | Mobile
Web04 | 2.8.140721.1 | Last Updated 14 Sep 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100