X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Changing design (https://forum.x-cart.com/forumdisplay.php?f=51)
-   -   How to include PHP code into static page (https://forum.x-cart.com/showthread.php?t=42942)

Oktane Design 10-13-2008 11:18 AM
How to include PHP code into static page
 
Hello guys,

i would like to know how i could include a php code into a static page?

in my first page i have a form calling the php code
Code:
<form name="form" action="filename.php" method="post">
In the second file named filename.php i have this php code ;

Code:
<?php

$youremail="info@email.com";
$from_who= $_POST['email'];
$emailsubject= "E-mail Subject";
$email = $_POST['email'];
$name = $_POST['name'];
$town = $_POST['town'];
$province = $_POST['province'];

$mailbody.="E-mail:\n$email\n\n";
$mailbody.="Name:\n$name\n\n";
$mailbody.="Town:\n$town\n\n";
$mailbody.="Province:\n$province\n\n";

mail("$youremail", "$emailsubject", "$mailbody", "From: $from_who");

?>

Thanks a lot!

Jon 10-13-2008 11:26 AM
Re: How to include PHP code into static page
 
You wouldn't want to include such code into your static page, you'd want your static page form to post to a different php file.

FYI, that code is amazingly unsecure and open to being used for spam.

Oktane Design 10-13-2008 12:13 PM
Re: How to include PHP code into static page
 
Thanks for the fast answer.

Do you have any idea how i could upgrade or change this code to make it more secure?

Thanks a lot!

exsecror 10-13-2008 12:15 PM
Re: How to include PHP code into static page
 
As Jon has already stated, you actually need to have the static page send a POST request to the PHP file to send the e-mail. Also as already stated that code is horrifically insecure, always, sanitize user input because it cannot be trusted. This is better:

Note: This assumes you are using PHP5 and have the filter extension available. Also note that this code has not been tested.

Code:
<?php
$date = date('r');
$mailer = 'PHP ' . phpversion() . ' - ' . $_SERVER['SCRIPT_NAME'];

$headers = <<< EOT
From: info@email.com
Subject: Your subject
Date: $date
X-Mailer: $mailer
EOT;

$recipient = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
$town = filter_input(INPUT_POST, 'town', FILTER_SANITIZE_STRING);
$province = filter_input(INPUT_POST, 'province', FILTER_SANITIZE_STRING);

$message = <<< EOT
Name: $name
Town: $town
Province: $province
EOT;

if ($recipient !== false || $name !== false || $town !== false || $province !== false) {
    mail($recipient, $subject, $message, $headers);
}
else {
    trigger_error('Fatal Error: Input data failed sanitizing!', E_USER_ERROR);
}


All times are GMT -8. The time now is 02:21 AM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.