cybertron

As usual you come through with shinning colors truefusion. Man, your rock! Thank you for all of the help man. How do you know all of these security flaws????Thanks again!

Ok, I changed the _REQUEST command to _POST and got the error message below.

I have no idea man, I just started to learn php and basically have no idea of what I'm doing. I'm going to rework the whole script I guess. I have no experience with php and from hearing what you guys are saying, this script seems very week. I'm going to change it to the _POST command instead of _REQUEST.Thanks for the heads up on the crappy coding. I'm just going to find a better approach.

That worked! You guys rule and thanks for all of the help! Really! What really concerns me is the security flaws now. How can hackers modify the php code if they do not have access to my host provider or server? Where do you guys think I should harden the flaws at from where the code is at now? Also, I'm going to pick up a php book. I see there is a new thread about that above this one. Thanks again! - Chad

//snipped

No, when people contact me it comes through fine. I pretty much just watched a tutorial on youtube for setting up a php form for email. Should I remove those curly brackes and place some other character to close those arrays?In regards to that security flaw you're talking about. How do I enhance that code so clients will not get spammed? I definitely don't want crackers or hackers spaming clients.One more thing truefusion, do I put the Stripslashes command before the $name = $_REQUEST['Name'];?Could you give me an example of how the Stripslash command would be written with this code?$name = $_REQUEST['Name'];?Thanks again for warning me about the security flaw. I'm in Information Security at school right now but php is alien to me. Man, I sure do appreciate the help though!Regards.

Hello, I'm very new to PHP but I find it very interesting. My form works just fine, but when I receive an email from a client there are / characters in front of apostrophes. Example: When a user types: I'm interested in a new design idea for one of our client's. It comes to my email with this: I/m interested in a new design idea for one of our client/s. Does anyone know where I would put in the Stripslashes command so I can see apostrophes instead of slashes? Here is my php code: <?php $to = $_REQUEST['sendto']; $from = $_REQUEST['Email']; $name = $_REQUEST['Name']; $headers = "From: $from"; $subject = "Web Contact Data"; $fields = array(); $fields{"Name"} = "Name"; $fields{"Company"} = "Company"; $fields{"Email"} = "Email"; $fields{"Phone"} = "Phone"; $fields{"Message"} = "Message"; $body = "We have received the following information:\n\n"; foreach($fields as $a => $b){ $body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]); } $headers2 = "From: [url="http://forums.xisto.com/no_longer_exists/;'>http://forums.xisto.com/no_longer_exists/;;'>http://forums.xisto.com/no_longer_exists/;'>http://forums.xisto.com/no_longer_exists/;; $subject2 = "Thank you for contacting us"; $autoreply = "Thank you for contacting us. Somebody will get back to you as soon as possible. If you have any more questions, please consult our website at [url="http://forums.xisto.com/no_longer_exists/&'>http://forums.xisto.com/no_longer_exists/& == '') {print "You have not entered an email, please go back and try again";} else { if($name == '') {print "You have not entered a name, please go back and try again";} else { $send = mail($to, $subject, $body, $headers); $send2 = mail($from, $subject2, $autoreply, $headers2); if($send) {header( "Location: [url="http://forums.xisto.com/no_longer_exists/;'>http://forums.xisto.com/no_longer_exists/; );} else {print "We encountered an error sending your mail, please notify [email=webmaster@YourCompany.com]webmaster@YourCompany.com[/email]"; } }}?>Many Thanks! Notice from rvalkass: Code tags added around the PHP code.