<?php
$to = 'marivelcoresis@gmail.com'; // please change this email id
$errors = array();
// print_r($_POST);
// Check if name has been entered
if (!isset($_POST['name'])) {
$errors['name'] = 'Please enter your name';
}
// Check if email has been entered and is valid
if (!isset($_POST['email']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errors['email'] = 'Please enter a valid email address';
}
//Check if message has been entered
if (!isset($_POST['message'])) {
$errors['message'] = 'Please enter your message';
}
$errorOutput = '';
if(!empty($errors)){
$errorOutput .= '<div class="alert alert-danger alert-dismissible" role="alert">';
$errorOutput .= '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>';
$errorOutput .= '<ul>';
foreach ($errors as $key => $value) {
$errorOutput .= '<li>'.$value.'</li>';
}
$errorOutput .= '</ul>';
$errorOutput .= '</div>';
echo $errorOutput;
die();
}
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = $email;
$subject = 'Contact Form : Texas Lawers Responsive HTML5 Template';
$body = "From: $name\n E-Mail: $email\n Message:\n $message";
//send the email
$result = '';
if (mail ($to, $subject, $body)) {
$result .= '<div class="alert alert-success alert-dismissible" role="alert">';
$result .= '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>';
$result .= 'Thank You! I will be in touch';
$result .= '</div>';
echo $result;
die();
}
$result = '';
$result .= '<div class="alert alert-danger alert-dismissible" role="alert">';
$result .= '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>';
$result .= 'Something bad happend during sending this message. Please try again later';
$result .= '</div>';
echo $result;
die();
?>
At first glance and with the info provided, my suggestion is to change
$email = $_POST['email'];
with
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
In addition to this it will be a good idea to filter all $_POST
variables, since the checks are not sufficient to clear any malicious code hidden in the text.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.