PHP Form Options

[lullabell]

Hi everyone,

I recently design a website: www.unusuallyinspired.com

I'm having trouble with my Contact.html page: http://www.unusuallyinspired.com/Pages/Contact.html and the sendmail1.php script

If you go tp the Contact.html page and click 'Submit' it is suppose to link to the Pages/Confirmation.html page, as specifed in the sendmail1.php script in the 'header' line

But when I click 'Submit', I'm taken to this page http://www.unusuallyinspired.com/Pages/sendmail1.php
with the message:

Warning: Cannot modify header information - headers already sent by (output started at /home/unusual9/public_html/Pages/sendmail1.php:9) in /home/unusual9/public_html/Pages/sendmail1.php on line 22

Here is the code for the PHP:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
</body><?php
$name = $_REQUEST['name'] ;
$email = $_REQUEST['email'] ;
$cemail = $_REQUEST['cemail'] ;
$phone = $_REQUEST['phone'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
mail( "lucyhandesign@gmail.com", "Subject: $subject ",
"Name: $name\nEmail: $email\nConfirm Email: $cemail\nPhone: $phone\nSubject: $subject\nMessage: $message\n",
"From: $name <$email>" );

header( "Location: http://www.unusuallyinspired.com/Pages/Con...tion.html" );
?>
</html>



line 22 is: header( "Location: http://www.unusuallyinspired.com/Pages/Con...tion.html" );

What does this mean and how do I make it direct to the Confirmation.html page?

Thanks, I am all very new to this and help/suggestions would be greatly appreciated!


Lucy

[Brian Chandler]

You want to redirect to a different page to show, with the php header() call lower down the program, but you have already started sending an html document with the first few lines (doctype etc). This triggers php to send the standard headers, and start outputting html. You can't then send any more headers.

If you want a php program to send http headers using header(), there must be nothing before the first '<?php' (not even space).

Probably you can just delete the html document beginning.

Incidentally, this script is totally open to abuse, including spam relaying. You need to check/sanitize all of the user inputs carefully.

[lullabell]

You want to redirect to a different page to show, with the php header() call lower down the program, but you have already started sending an html document with the first few lines (doctype etc). This triggers php to send the standard headers, and start outputting html. You can't then send any more headers.

If you want a php program to send http headers using header(), there must be nothing before the first '<?php' (not even space).

Probably you can just delete the html document beginning.

Incidentally, this script is totally open to abuse, including spam relaying. You need to check/sanitize all of the user inputs carefully.

Hi Brian,
Thanks so much!I did as you suggested and its now working well


Is there any way I can prevent spamming?


Cheers,
Lucy

[Brian Chandler]

Is there any way I can prevent spamming?

Basically instead of *assuming* that $_REQUEST['subject'] is a genuine subject, you have to be prepared for it to be anything. For example

CODE

spam
cc: victim@somewhere.else

Now the message, which may be junk, will also be sent *by you* to the victim. And there will be 25,000 of these messages, and *you* will get complaints.

So you need to check that subject and other bits that go in the mail header do not contain newline characters to allow fake headers to be inserted.

Perhaps there is a tutorial on this somewhere...?