1

Php e-mail

 2 years ago
source link: https://www.codesd.com/item/php-e-mail.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Php e-mail

advertisements

I have to file to send mail.

First one is html file.

mailhtml.php

<form action="mailsend.php" method="post">
  <label for="name">Name:</label>
  <input type="text" name="name" id="name" />

  <label for="Email">Email:</label>
  <input type="text" name="email" id="email" />

  <label for="Message">Message:</label><br />
  <textarea name="message" rows="20" cols="20" id="message"></textarea>

  <input type="submit" name="submit" value="Submit" />
</form>

Second is mailsend.php

<?php
       try{
       $name = trim(strip_tags($_POST['name']));
       $email = trim(strip_tags($_POST['email']));
       $message = htmlentities($_POST['message']);

       // set here
       $subject = "Contact form submitted!";
       $to = '[email protected]';

       $body = <<<HTML
$message
HTML;

       $headers = "From: $email\r\n";
       $headers .= "Content-type: text/html\r\n";

       // send the email
       if(mail($to, $subject, $body, $headers))
       {
            echo "success";
       }
       else
       {
        echo "Not Success";
       }
       }
       catch (Exception $e) {
    echo 'Caught exception: ',  $e->getMessage(), "\n";
}
?>

Mail send successfully but my html data is not render in mail. It is look like same as i insert in textbox. See image.Thats i received in mail.

rpvt6.png

Please first note that this form allows a potential attacker to use your site to spam other people. You do not sanitize the $_POST values properly, you only strip tags from them, so it is possible to add custom headers.

For exemple, if I were to post to your form with

  $_POST['email'] = "[email protected]\r\nCC: [email protected], [email protected], [email protected], ...

I would be able to mass-spam a list of users using your server.

Please make sure to strip any new lines (\n) and carriage return (\r) from the values you receive before using them in a mail header.

As for your actual encoding issue, you are using htmlentities($_POST['message'], so the message you are sending has all it's html tags converted to text entities (eg < becomes <)


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK