cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

How do I strip Name and Email Address requirements from a php 'send comment' form?

daveharr1s0n
Participant ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

My pre-apologies for not being well-versed in php, but I am trying to put together a simple Comment box for users to "drop me a line".  I know this might seem strange, but for this particular purpose I don't want to require a Name and Email Address form field. How do I remove it from the following simple php so that the feedback comes through to my email?

 

Must be an easy thing, right?

 

Thanks,

 

Dave

 

 

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "example@example.com";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$first_name = $_REQUEST['first_name'] ;
$msg =
"First Name: " . $first_name . "\r\n" .
"Email: " . $email_address . "\r\n" .
"Comments: " . $comments ;

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($first_name) || empty($email_address)) {
header( "Location: $error_page" );
}

/*
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif ( isInjected($email_address) || isInjected($first_name) || isInjected($comments) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {

mail( "$webmaster_email", "Feedback Form Results", $msg );

header( "Location: $thankyou_page" );
}
?>

Views

839

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 2 Correct answers

osgood_
LEGEND , Dec 29, 2020 Dec 29, 2020

 

All you need is the below:

 

<?php
$webmaster_email = "example@example.com";
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
// Sanitize data from comments form field using filter_var
$comments = filter_var($_POST['comments'], FILTER_SANITIZE_STRING);
$msg = "Comments: " . $comments ;
if (empty($comments)){
header( "Location: $error_page" );
}
else {
mail( "$webmaster_email", "Feedback Form Results", $msg );
header( "Location: $thankyo
...

Votes

Translate

Translate
osgood_
LEGEND , Dec 29, 2020 Dec 29, 2020

elseif (empty($comments) {
header( "Location: $error_page" );
}

 

Your edited script is missing a bracket (empty($comments)) {

header( "Location: $error_page" );
}

 

You dont really need all that heavy checking as there is no email field any longer, just a simple 'comments' field, which can be sanitized by using the inbuilt php filter_var function.

 

 

 

Votes

Translate

Translate
replies 7 Replies 7
latest latest Jump to latest reply
osgood_
LEGEND ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

 

All you need is the below:

 

<?php
$webmaster_email = "example@example.com";
$feedback_page = "feedback_form.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
// Sanitize data from comments form field using filter_var
$comments = filter_var($_POST['comments'], FILTER_SANITIZE_STRING);
$msg = "Comments: " . $comments ;
if (empty($comments)){
header( "Location: $error_page" );
}
else {
mail( "$webmaster_email", "Feedback Form Results", $msg );
header( "Location: $thankyou_page" );
}
?>

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Nancy OShea Community Expert
Community Expert ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

You know the old saying... read the instructions?  That's what code comments are for.

 

// This next bit loads the form field data into variables. If you add a form field, you will need to add it here.
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$first_name = $_REQUEST['first_name'] ;
$msg =
"First Name: " . $first_name . "\r\n" .
"Email: " . $email_address . "\r\n" .
"Comments: " . $comments ;

 

// If the form fields are empty, redirect to the error page. If you add a form field, you should add it here.
elseif (empty($comments) {
header( "Location: $error_page" );
}

// If email injection is detected, redirect to the error page. If you add a form field, you should add it here.
elseif ( isInjected($comments) ) {
header( "Location: $error_page" );
}

 

Nancy O'Shea— Product User, Community Expert & Moderator
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
osgood_
LEGEND ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

In Response To Nancy OShea

elseif (empty($comments) {
header( "Location: $error_page" );
}

 

Your edited script is missing a bracket (empty($comments)) {

header( "Location: $error_page" );
}

 

You dont really need all that heavy checking as there is no email field any longer, just a simple 'comments' field, which can be sanitized by using the inbuilt php filter_var function.

 

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
daveharr1s0n
Participant ,
Jan 06, 2021 Jan 06, 2021

Copy link to clipboard

Copied

In Response To Nancy OShea

Ha, I know. I read the instructions and tried a few ways to no avail. I really do want to get a better understanding of all this. I  should probably start at the beginning, though.

 

Thanks, Nancy!

 

Dave

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Nancy OShea Community Expert
Community Expert ,
Dec 29, 2020 Dec 29, 2020

Copy link to clipboard

Copied

Part II of your question was about thwarting malicious bots.

 

I urge you to use Google's re-Captcha ver 3.  You'll need an unique ID and secret key from Google Console.  But the good news is it's free for up to 1 million assessments/month.

https://www.google.com/recaptcha/about/

 

Nancy O'Shea— Product User, Community Expert & Moderator
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
daveharr1s0n
Participant ,
Jan 06, 2021 Jan 06, 2021

Copy link to clipboard

Copied

In Response To Nancy OShea

Thanks so much! I will look into that, Nancy. As it turned out, my server (GoDaddy) was wrong in saying it had to be my php, that the reason my comment form wasn't working had to be my code. It wasn't. They had to add a note to my DNS comment so that Outlook didn't see my form submissions as spam. After that I found my old php page that I put together from your blog still worked perfectly well. So thanks for that, as well!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Nancy OShea Community Expert
Community Expert ,
Jan 06, 2021 Jan 06, 2021

Copy link to clipboard

Copied

LATEST
In Response To daveharr1s0n

"They had to add a note to my DNS comment so that Outlook didn't see my form submissions as spam."

Yes, as previously mentioned in your other discussion, email authentication is essential now.

 

"Another factor could be bounced emails for lack of proper authentication -- Sender Policy Frameworks (SPF) or DomainKeys (DKIM)  -- not to be confused with SMTP authentication which is completely different.

https://en.wikipedia.org/wiki/Email_authentication"

 

Glad you got it sorted.

 

Nancy O'Shea— Product User, Community Expert & Moderator
Alt-Web Design & Publishing ~ Web : Print : Graphics : Media

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices