|
PHP - New To Php - Seeking Guidance On Cms
Hello:
I am very new to PHP. I have done a few basic feedback forms, but that's it. I have done Classic ASP for years, and am trying to switch over to PHP. I wanted to see what it would take to make a basic CMS that would allow users to update page content from an admin panel. Very much like the attached .JPG demo. Is there existing code available like what I'm trying to do? I can post the ASP version code if it will help. I assume it would need a database, but I have only used DNS-less connections with Access - not anything PHP related. I know the site is hosted on justhost.com, and justhost.com uses unix servers. Any assistance would be appreciated! Similar TutorialsIt appears that I have PHP 5.1.6 on my VPS and it is unstable when using filter_var($_POST['email'], FILTER_VALIDATE_EMAIL). Can someone recommend a reasonable Regular Expression to replace this faulty function? (Not looking for overly complicated, just something that will block out outrageous e-mails.) Thanks, Debbie My website is http://www.infotechnologist.biz.
We handle Web Site Development, web app development, and mobile development. No project is too big, or too small.
Contact me today with details.
My number is 4049390637.
Okay so I'm trying to come up with as many alternative methods to accomplish something. So I'm just seeking input from anyone who is willing to supply some. After the user clicks on a match type it'll know HOW MANY sides to the match there are so say for a singles match it'd have 2 sides (1 vs. 1) for a Triple Threat Match it'd have 3 sides (1 vs. 1 vs. 1) and so on. All matches have a stored field in the database of how many sides they have. So I'm thinking that I could have it create 3 divs (or something) down in the competitors area of how many sides there are in the match (separated by a VS. text block) and when the user selects a character from the dropdown and adds a character the user can maybe drag and drop the character's name to whatever side they choose. Its one idea. If you think of an EASIER more EFFICIENT way to do something like this and have an idea say something please or even if you can't let me know that you think it's a worth while idea. Code: [Select] <label for="matchtypedrop<?php echo $i+1 ?>">Match Type:</label> <select class="dropdown" name="matchtypedrop<?php echo $i+1 ?>" id="matchtypedrop<?php echo $i+1 ?>" title="Match Type <?php echo $i+1 ?>"> <option value="0">- Select -</option> <?php $query = 'SELECT id, matchtype FROM matchtypes'; $result = mysqli_query ( $dbc, $query ); // Run The Query while ( $row = mysqli_fetch_array ( $result, MYSQL_ASSOC ) ) { print "<option value=\"".$row['id']."\">".$row['matchtype']."</option>\r"; } ?> </select> <label for="competitors<?php echo $i+1 ?>">Competitors:</label><ul id="competitors<?php echo $i+1 ?>" style="list-style: none; margin-left: 195px;"></ul> <select class="dropdown" name="charactersdrop<?php echo $i+1 ?>" id="charactersdrop<?php echo $i+1 ?>" title="Characters Dropdown <?php echo $i+1 ?>" style="margin-left: 195px;"> <option value="0">- Select -</option> <?php $query = 'SELECT id, `character` FROM characters ORDER BY `character`'; $result = mysqli_query ( $dbc, $query ); // Run The Query while ( $row = mysqli_fetch_array ( $result, MYSQL_ASSOC ) ) { print "<option value=\"".$row['id']."\">".$row['character']."</option>\r"; } ?> </select> <input type="button" value="Add Character" class="" onclick="Competitors(<?php echo $i+1 ?>)"/> In <div id="chart_rt">%3$s</div> below, it is populated with a string that always begins with a number followed by a colon (from 1: to 25:). I see that ltrim removes characters from the beginning of a string but I don't see how to compensate for the extra character in 10: through 25: function wp_rss( $url, $num_items = -1 ) { if ( $rss = fetch_rss( $url ) ) { echo '<div id="charts">'; if ( $num_items !== -1 ) { $rss->items = array_slice( $rss->items, 0, $num_items ); } //start count $i = 1; foreach ( (array) $rss->items as $item ) { printf( '<div id="chart_lt">'.$i.'</div><div id="chart_rt">%3$s</div>', esc_url( $item['link'] ), esc_attr( strip_tags( $item['description'] ) ), htmlentities( $item['title'] ) ); //increment $i++; } echo '</div>'; } else { _e( 'An error has occurred, which probably means the feed is down. Try again later.' ); } } Hello: I would like to know how I can add the option to upload JPGs and/or PDFs to the form I have. I believe I will need to allow 3 uploads once the whole form is done, but I'm trying to keep it small as I learn this. Currently, the form saves the data to the database, and emails the results to a contact. This is fine - just what I need to do most of the time. However, what I'm interesting in doing for this form is to allow the end user to upload/attached JPGs and/or PDFs and save then to the database (and I believe I will need to save the files in a folder on the server, I have one called "EmailedImages"), and then email the results to the contact, including links that will allow the contact to click and download the attached JPGs and/or PDFs. I haven't done this before, so can someone point me in the direction of how to do this, or should an example with the code I use: Code: [Select] <?php $error = NULL; $myDate = NULL; $FullName = NULL; $Email = NULL; if(isset($_POST['submit'])) { $myDate = $_POST['myDate']; $FullName = $_POST['FullName']; $Email = $_POST['Email']; if(empty($FullName)) { $error .= '-- Enter your Full Name. <br />'; } if(empty($Email)) { $error .= '-- Enter your Email. <br />'; } if($error == NULL) { $sql = sprintf("INSERT INTO myContactData(myDate,FullName,Email) VALUES ('%s','%s','%s')", mysql_real_escape_string($myDate), mysql_real_escape_string($FullName), mysql_real_escape_string($Email); if(mysql_query($sql)) { $error .= 'Thank you for contacting us.'; mail( "email@mywebsite.com", "Contact Request", "Date Sent: $myDate\n Full Name: $FullName\n Email: $Email\n", "From: $Email" ); } else { $error .= 'There was an error in our Database, please Try again!'; } } } echo '<span class="textError">' . $error . '</span>'; ?> <form name="myform" action="" method="post"> <input type="hidden" name="myDate" size="45" maxlength="50" value="<?php echo date("F j, Y"); ?>" /> Full Name: <input type="text" name="FullName" size="45" maxlength="50" value="<?php echo $FullName; ?>" /> Email: <input type="text" name="Email" size="45" maxlength="50" value="<?php echo $Email; ?>" /> <input type="submit" name="submit" value="Submit" /> </form> Any help would be greatly appreciated!
I have created a script that will upload and reminder images. Now, I want to replace the timestamp with a number so that each image is listed sequentially with more easily recognized values (1,2,3,etc). My concern is the effect this could have if several uploads were coincidentally started simultaneously. I doubt the script (or directory) would allow duplicate names to be rendered, so would I lose files because of overwriting?
If 3 uploads of 10 images each were all started at exactly midnight what could go wrong? How can I best resolve the risk and ensure that I get 30 complete files sequentially numbered? It's always these seemingly simple tasks that become challenges. I got a good handle on how to watermark some photos (thanks to respondents to my previous post) and developed a script that calls a function that uses imagettftext() Essentially, I can upload multiple images and watermark them before they reach their destination folder. Good stuff. Now, I got this crazy idea of watermarking them with a sequence number, so that if I grab 12 images, each will be labeled with it's sequence number (rather than a standard text watermark). I placed $count++ in my script, and then used $count as my $watermark both inside imagettftext and as a variable. It didn't work. The closest I got was after placing $count++ inside a watermark function, but. of course, that merely labeled each photo with a "1" (bc each call of the function was a new iteration. Can someone please offer some direction here. Thanks.
I'm looking for some direction as I approach a new challenge. I have a table named friends_and_family and it contains name, email, and age fields. I'm planning a party and want to invite 10 of the people that are between 20 and 35 years old. The format I am considering would query the table and provide a list of those members that fit the age requirement. I would like to generate that result (which I should be capable of handling) so that each person listed has a checkbox next to their name. I imagine I will be creating a resultant form, so that I can then evaluate the result and select the checkboxes for those specific people that I want to invite. Upon submission, an email will be sent to the people with selected checkboxes. How should I approach this best? A for each loop? Implode an array? I'm not very good with AJAX, so I'm thinking along these lines.
Hi guys, I need some help from you pro's please with converting code from a TPL template file to PHP. My client has payment gateway scripts in an ecommerce site that he wants to offer to other merchants. The code currently is in numerous TPL files (currently being used in Opencart). What is involved in converting to plain ol' PHP? Do I need the TPL files at all? Can I rename the TPL extension to PHP as it looks like they contain PHP code?? Example of one of the TPL's is below: <form action="<?php echo $action; ?>" method="post" id="checkout"> <input type="hidden" name="instId" value="<?php echo $merchant; ?>" /> <input type="hidden" name="cartId" value="<?php echo $order_id; ?>" /> <input type="hidden" name="amount" value="<?php echo $amount; ?>" /> <input type="hidden" name="currency" value="<?php echo $currency; ?>" /> <input type="hidden" name="desc" value="<?php echo $description; ?>" /> <input type="hidden" name="name" value="<?php echo $name; ?>" /> <input type="hidden" name="address" value="<?php echo $address; ?>" /> <input type="hidden" name="postcode" value="<?php echo $postcode; ?>" /> <input type="hidden" name="country" value="<?php echo $country; ?>" /> <input type="hidden" name="tel" value="<?php echo $telephone; ?>" /> <input type="hidden" name="email" value="<?php echo $email; ?>" /> <input type="hidden" name="testMode" value="<?php echo $test; ?>" /> </form> <div class="buttons"> <table> <tr> <td align="left"><a onclick="location = '<?php echo $back; ?>'" class="button"><span><?php echo $button_back; ?></span></a></td> <td align="right"><a onclick="$('#checkout').submit();" class="button"><span><?php echo $button_confirm; ?></span></a></td> </tr> </table> </div> I also have 3 PHP files as well, which look like (example): <?php class ControllerPaymentOnlineVoucher extends Controller { protected function index() { $this->data['button_confirm'] = $this->language->get('button_confirm'); $this->data['button_back'] = $this->language->get('button_back'); $this->load->model('checkout/order'); $order_info = $this->model_checkout_order->getOrder($this->session->data['order_id']); $this->load->library('encryption'); $this->data['action'] = 'https://www.domain-removed.com/purchaseAndRedeem.php'; $this->data['merchant'] = $this->config->get('onlineVoucher_merchant'); $this->data['order_id'] = $order_info['order_id']; $this->data['amount'] = $order_info['total']; $this->data['currency'] = $order_info['currency']; $this->data['description'] = $this->config->get('config_store') . ' - #' . $order_info['order_id']; $this->data['name'] = $order_info['payment_firstname'] . ' ' . $order_info['payment_lastname']; if (!$order_info['payment_address_2']) { $this->data['address'] = $order_info['payment_address_1'] . ', ' . $order_info['payment_city'] . ', ' . $order_info['payment_zone']; } else { $this->data['address'] = $order_info['payment_address_1'] . ', ' . $order_info['payment_address_2'] . ', ' . $order_info['payment_city'] . ', ' . $order_info['payment_zone']; } $this->data['postcode'] = $order_info['payment_postcode']; $payment_address = $this->customer->getAddress($this->session->data['payment_address_id']); $this->data['country'] = $payment_address['iso_code_2']; $this->data['telephone'] = $order_info['telephone']; $this->data['email'] = $order_info['email']; $this->data['test'] = $this->config->get('onlineVoucher_test'); $this->data['back'] = $this->url->https('checkout/payment'); $this->id = 'payment'; $this->template = $this->config->get('config_template') . 'payment/onlineVoucher.tpl'; $this->render(); } public function callback() { if (isset($this->request->post['callbackPW']) && ($this->request->post['callbackPW'] == $this->config->get('onlineVoucher_password'))) { $this->language->load('payment/onlineVoucher'); $this->data['title'] = sprintf($this->language->get('heading_title'), $this->config->get('config_store')); if (!isset($this->request->server['HTTPS']) || ($this->request->server['HTTPS'] != 'on')) { $this->data['base'] = HTTP_SERVER; } else { $this->data['base'] = HTTPS_SERVER; } $this->data['charset'] = $this->language->get('charset'); $this->data['language'] = $this->language->get('code'); $this->data['direction'] = $this->language->get('direction'); $this->data['heading_title'] = sprintf($this->language->get('heading_title'), $this->config->get('config_store')); $this->data['text_response'] = $this->language->get('text_response'); $this->data['text_success'] = $this->language->get('text_success'); $this->data['text_success_wait'] = sprintf($this->language->get('text_success_wait'), $this->url->https('checkout/success')); $this->data['text_failure'] = $this->language->get('text_failure'); $this->data['text_failure_wait'] = sprintf($this->language->get('text_failure_wait'), $this->url->https('checkout/payment')); $this->data['button_continue'] = $this->language->get('button_continue'); if (isset($this->request->post['transStatus']) && $this->request->post['transStatus'] == 'Y') { $this->load->model('checkout/order'); $this->model_checkout_order->confirm($this->request->post['cartId'], $this->config->get('onlineVoucher_order_status_id')); $message = ''; if (isset($this->request->post['transId'])) { $message .= 'transId: ' . $this->request->post['transId'] . "\n"; } if (isset($this->request->post['transStatus'])) { $message .= 'transStatus: ' . $this->request->post['transStatus'] . "\n"; } if (isset($this->request->post['countryMatch'])) { $message .= 'countryMatch: ' . $this->request->post['countryMatch'] . "\n"; } if (isset($this->request->post['AVS'])) { $message .= 'AVS: ' . $this->request->post['AVS'] . "\n"; } if (isset($this->request->post['rawAuthCode'])) { $message .= 'rawAuthCode: ' . $this->request->post['rawAuthCode'] . "\n"; } if (isset($this->request->post['authMode'])) { $message .= 'authMode: ' . $this->request->post['authMode'] . "\n"; } if (isset($this->request->post['rawAuthMessage'])) { $message .= 'rawAuthMessage: ' . $this->request->post['rawAuthMessage'] . "\n"; } if (isset($this->request->post['wafMerchMessage'])) { $message .= 'wafMerchMessage: ' . $this->request->post['wafMerchMessage'] . "\n"; } $this->model_checkout_order->update($this->request->post['cartId'], $this->config->get('onlineVoucher_order_status_id'), $message, FALSE); $this->data['continue'] = $this->url->https('checkout/success'); $this->template = $this->config->get('config_template') . 'payment/onlineVoucher_success.tpl'; $this->render(); } else { $this->data['continue'] = $this->url->https('checkout/payment'); $this->template = $this->config->get('config_template') . 'payment/onlineVoucher_failure.tpl'; $this->render(); } } } } ?> Any guidance would be highly appreciated... Phil I am trying to set up a class for my database connection. I have it working one way, this is a completely new method I am trying to learn. I have a file called MyClasses.php and in that file I did this. (I am following a not very well done tutorial) Code: [Select] class MySQLDatabase { private $connection; function __construct(){ $this->open_connection(); } public function open_connection(){ $this->connection = new MySQLi('localhost','MyDatabase','password','billpay') or die($mysql->error); } } $database = new MySQLDatabase(); then in my index page where I want to begin by doing a query on the database, I did this Code: [Select] <?php include MyClasses.php ?> $result = $database->query("SELECT * FROM names") or die($mysql->error); but that gives me this error Fatal error: Call to undefined method MySQLDatabase::query() in C:\wamp\www\BillPay\index.php I can't figure out how to get past it. This has probably been asked a bunch of times , but : I only recently started to self learn PHP , and this small project i am making is quite a challange for me. The scripts below are not realy writen by me , but i wished to tie them together to get a fully working code. What is suppose to happen is : In the form i wish to put a special button that puts extra input fields in the form. After the form is submited ,with whatever amount of feilds in it, the data goes to a processing.php file that sorts all the info gathered and finaly sends all this data formated in to the last file that will be inluded in the index.php. i already have the code for increcing the amount of inputs but the problem is , all inputs have the same names. Coz of that i get a mess. What i need is each input to have a unique name or id , that way the processing file would receive different names(id's) with different values(what ever is writen in the inputs by users). for example: I have 2 enitial fields displayed on form.html , i click the button "add new" 5 times and add 5 more input fields. All this data must be sent to a process.php and on the output write all of this information formated in the last file in a row that will be displayed in the index by useing <?include("blablabla.php");?> The input increment is done by a java script. the problem is sending data with unique id(name) and receiving it. The form file : <?include("header.php");?> <?$i = 1; ?> <script type="text/javascript"> function validate(frm) { var ele = frm.elements['feedurl[]']; if (! ele.length) { alert(ele.value); } for(var i=0; i<ele.length; i++) { alert(ele[i].value); } return true; } function add_feed() { var div1 = document.createElement('div'); // Get template data div1.innerHTML = document.getElementById('newlinktpl').innerHTML; // append to our form, so that template data //become part of form document.getElementById('newlink').appendChild(div1); } var ct = 1; function new_link() { ct++; var div1 = document.createElement('div'); div1.id = ct; // link to delete extended form elements var delLink = '<div style="text-align:right;margin-right:65px"><a href="javascript:delIt('+ ct +')">Del</a></div>'; div1.innerHTML = document.getElementById('newlinktpl').innerHTML + delLink; document.getElementById('newlink').appendChild(div1); } // function to delete the newly added set of elements function delIt(eleId) { d = document; var ele = d.getElementById(eleId); var parentEle = d.getElementById('newlink'); parentEle.removeChild(ele); } </script> <TABLE> <style> #newlink {width:600px} </style> <form action='sendorder.php' method='post'> <div id="newlink"> <div> <table align="center" border=0> <TR><TD><B>Product:</B> </TD><TD><input type=text name=prodname1 value="<?=$_GET['prodname1'];?>"> </TD> <TD><B>Price:</B> </TD><TD><input type=text name=price1 value="<?=$_GET['price1'].$curency;?>"><b>%</b></TD></TR> </table> </div> </div> <p> <br> <input type="submit" name="submit1"> <input type="reset" name="reset1"> </p> <p id="addnew"></p> <FORM> <INPUT type="button" value="Add New" name="button2" onClick="javascript:new_link()"> </FORM> </form> <!-- Template --> <div id="newlinktpl" style="display:none"> <div> <table border=0> <TR><TD><B>Product:</B> </TD><TD><input type=text name=<?$_POST[++$i];?> value="<?$_GET[$i];?>"> </TD> <TD><B>Price:</B> </TD><TD><input type=text name=<?$_POST [++$i];?> value="<?$_GET[$i].$curency;?>"> </TD></TR> </form> </TABLE> <?include("footer.php");?> in the code above i tryed to make the programm POST the numbers in the name increcing it by 1. But when i click submit i get offset error. The processing file : <? $timestamp = strftime("%d-%m-%Y %H:%M:%S %Y"); // for later use (ignore it) $i =1; #################################################################################### if(($_POST['prodname']!="")&&($_POST['price']!="")){ ############################################################ $writetocsv = $_POST['prodname1'] . "," . $_POST['price1']"%" <BR> . $_POST[$i] . $_POST[$i]; $fp = fopen("data/data.csv", "a"); fwrite ($fp,$writetocsv); fclose ($fp); echo "<script>alert('Data sent.')</script>"; } else{ echo "<script>alert('Error! Please fill the form!')</script>"; } echo "<script>location.replace('index.php')</script>"; ?> Perhaps someone knows a easyer way , since i am not sure how to make stuff due to the lack of knowlage in php. I also tryed arrays but , as said before , too tough when you are a noob Please help. This topic has been moved to Other. http://www.phpfreaks.com/forums/index.php?topic=314445.0 Helo - Total newbie here, so please keep that in mind. I'd really appreciate some wisdom from someone here as to how you would improve this form: <?php $email = $_POST['email']; $message = $_REQUEST['message']; $message = $_POST['date']; $message .= $_POST['location']; $message .= $_POST ['comments']; mail( "testing@gmail.com, 5602346789@metropcs.com", "General Inquiry", $message, "From: $email" ); header( "Location: thankyou.html" ); ?> *******************************html****************************** <HEAD><title>Hi</title<HEAD><BODY BGCOLOR="lightgray"><br><br><center><br><br><form method="post" action="sendmail2.php"><table cellspacing="5" cellpadding="5" border="0"> <tr> <td valign="top"><font face="arial"> <strong>Contact email:</strong><br> </td> <td valign="top"><font face="arial"> <input type="text" name="email" size="50" value="" /> </td> </tr><tr><td valign="top"><font face="arial"> <strong>Date:</strong> </td> <td valign="top"><font face="arial"> <input type="text" name="date" size="50" value="" /> </td> </tr> <tr><td valign="top"><font face="arial"> <strong>location:</strong><br> </td> <td valign="top"> <input type="text" name="location" size="50" value="" /> </td> </tr> <tr> <td valign="top"><font face="arial"> <strong>Comments:</strong><br><font color="black"> </td> <td valign="top"> <textarea name="comments" rows="6" cols="40"></textarea> </td> </tr> <tr> <td colspan="2" align="center"> <input type="submit" value=" Submit Form " /> </td> </tr> </table> </form></center></body> Gday, I'm trying to add a contact form on my site using a PHP script I downloaded from the web. I have tweaked the script, but I have never used PHP before and haven't got the time to learn it yet. Could someone please help me to get this working, I have added a subject drop down field that I would like to add validation to force the user to choose one, and I'd like the subject they choose to appear in the subject field of the resulting email. Once the PHP script has run and the email has been sent I'd like the text at the bottom to appear on the original page. At the moment when i click submit it just goes to the php page and shows three lines of the error message text. Here is the relevant code: This form is placed within a static html page: Code: [Select] <form name="contactform" method="post" action="send_form_email.php" style="text-align:left;"> <label for="first_name">First name <span class="red">*</span></label> <input name="first_name" type="text" value="please enter your first name" size="30" maxlength="75" onclick="document.contactform.first_name.value='';" /> <br/> <label for="last_name">Last name <span class="red">*</span></label> <input name="last_name" type="text" value="please enter your last name" size="30" maxlength="75" onclick="document.contactform.last_name.value='';" /> <br/> <label for="email" style="margin-right:32px;">Email <span class="red">*</span></label> <input name="email" type="text" value="please enter your email address" size="30" maxlength="75" onclick="document.contactform.email.value='';" /> <br/> <label for="phone_number" style="margin-right:34px;">Phone</label> <input name="phone_number" type="text" value="please enter your phone number" size="30" maxlength="75" onclick="document.contactform.phone_number.value='';" /> <br/> <label for="email_subject" style="margin-right:19px;">Subject <span class="red">*</span></label> <select name="email_subject" style="margin-bottom:10px;"> <option value="Choose one">Choose one</option> <option value="Lost my password">Lost my password</option> <option value="Gardening advice">Gardening advice</option> <option value="Order status">Order status</option> <option value="Web feedback">Web feedback</option> <option value="Customer Service">Customer Service</option> <option value="Product feedback">Product feedback</option> <option value="Other">Other</option> </select> <br/> <label for="comments">Queries/Comments <span class="red">*</span></label> <textarea rows="10" cols="50" wrap="virtual" name="comments" onclick="document.contactform.comments.value='';" style="margin-bottom:5px;">Please type your query or comments here</textarea> <input type="submit" value="Submit" /> </form> and here is the seperate php script that is used: <?php if(isset($_POST['email'])) { // EDIT THE 2 LINES BELOW AS REQUIRED $email_to = "johnc@diggers.com.au"; $email_subject = $_REQUEST['email_subject']; function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error."<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die(); } // validation expected data exists if(!isset($_POST['first_name']) || !isset($_POST['last_name']) || !isset($_POST['email']) || !isset($_POST['telephone']) || !isset($_POST['email_subject']) || !isset($_POST['comments'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $first_name = $_POST['first_name']; // required $last_name = $_POST['last_name']; // required $email_from = $_POST['email']; // required $telephone = $_POST['telephone']; // not required $telephone = $_POST['email_subject']; // required $comments = $_POST['comments']; // required $error_message = ""; $email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$"; if(!eregi($email_exp,$email_from)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "^[a-z .'-]+$"; if(!eregi($string_exp,$first_name)) { $error_message .= 'The First Name you entered does not appear to be valid.<br />'; } if(!eregi($string_exp,$last_name)) { $error_message .= 'The Last Name you entered does not appear to be valid.<br />'; } if(strlen($comments) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } $string_exp = "^[0-9 .-]+$"; if(!eregi($string_exp,$telephone)) { $error_message .= 'The Telephone Number you entered does not appear to be valid.<br />'; } if(strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type","bcc:","to:","cc:","href"); return str_replace($bad,"",$string); } $email_message .= "First Name: ".clean_string($first_name)."\n"; $email_message .= "Last Name: ".clean_string($last_name)."\n"; $email_message .= "Email: ".clean_string($email_from)."\n"; $email_message .= "Telephone: ".clean_string($telephone)."\n"; $email_message .= "Comments: ".clean_string($comments)."\n"; // create email headers $headers = 'From: '.$email_from."\r\n". 'Reply-To: '.$email_from."\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); ?> <!-- include your own success html here --> Thank you for contacting us. We will be in touch within 72 hours of the next working day. <? } ?> Any help on how to get this going would be greatly appreciated, thanks I have made a classified website. it works and I am proud of it. But as far as securing it goes, I have done almost nothing and I am sure, if in case the site becomes popular, it would be compromised with ease. So I have started reading a book ' essential php security' and am reading several articles on php security online , but am still unable to wrap my head around the whole security issue. Can someone help me ? there are a lot of unfamiliar topics, filtering, escaping , validating, session hijacking etc etc and it all goes over my head. Its a classified website , considering this on what should I concentrate on as far as security goes ? btw what I have managed to do is use mysql_real_escape_string on every var going into a mysql $query. Thanks |
|||||||