Send To A Friend (php)

They have: 18 posts

Joined: Mar 2006

this is a combination of codes from 2 different sources, i was hoping to create a better one unfortunately a very bad one was the result.

i get this error when i sumbit the form
Method Not Allowed
The requested method POST is not allowed for the URL /sendtofriend.html.

<?php
<p>You can use this form to send the current page to a friend.<br>
Please note that your IP address is recorded so anyone who spams this form will get banned from the entire site.</p>


$sendto= \"[friendemail]\";<br>
$sitename = \"\";
$siteurl = \"http://\";
$emailsubject=\"feedback\";
$thankyou=\"Your message has been sent to your friend(s),  please wait to be forwarded to the Homepage\";

$ip = $_SERVER[REMOTE_ADDR];

$message  = \"Hey [friendsname]<br><br>\";
$message .= \"[comments]<br><br>\";
$message .= \"This email was sent via the Send to a Friend page on $sitename,<br>
             we have no control over what is sent. If you have been sent <br>
            multiple messages (spam) or anything completely unrelated to <br>
            the page URL that was supposed to be sent to you, please forward<br>
            this email along to an admin where necessary action will be taken.<br><br>\";
$message .= \"This email was sent from a computer whose IP address was: <b>$ip</b><br>\";



if (
$submit) {

   if (
$visitorName <= \"\")
      
$message=\"Please enter your name.\";
   else if (
$visitorEmail <= \"\")
      
$message=\"Please enter your email address.\";
   else if (
$comments <= \"\")
     
$comments=\"The visitor did not comment.\";
   if (
$message)
      echo (
$message);
   else {
      mail(\"
$sendto\",
      \"
$emailsubject\",
      \"rnName:
$visitorNamernEmail: $visitorEmailrnComments:rn$comments\",
      \"From:
$visitorName <$visitorEmail>\");
      echo (\"<br><br>    
$thankyou\");
      die();
   }
}
?>

filip2mp Newbie Webmaster at

Busy's picture

He has: 6,151 posts

Joined: May 2001

Is the above code in sendtofriend.html ? if so, is .html phased to php (via htaccess)
If thats ok can you show us the tag please.
Withouit the whole code, bits like $visitorNamernEmail: $visitorEmailrnComments:rn$comments might make sense, it doesn't look right but it could be. is :rn meant to be a new line? new line is \n\r

The above code looks like it will work, but ideally everything from the form needs to be $_POST['variablename'] and the <= does not catch aa or just a in all fields.
$visitorName should be checked to minimum value of 2 or 3 (some Asian names can be short), $visitorEmail should be checked it is an email, contain letters and or numbers then a @ then minimum 2 then a . then minimum 3 or 2 and . and 2
for emails I personally check for 3 things:
$_POST['email'] = trim($_POST['email']);
if(strlen($_POST['email'])<5)
if(empty($_POST['email']))
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$",$_POST['email']))

The comments at minimum should check there is no code being submitted, remove html tags or convert them to ascii
strip_tags($thereinput)
htmlspecialchars($thereinput);
htmlentities($thereinput, ENT_QUOTES);
strtr($thereinput, array('(' => '(', ')' => ')'));
addslashes($thereinput);
ereg_replace("%","\\%",$thereinput);

are a few methods, each doing different things

The $sendto should also check that it is just one email address (just check there is only one @), this can stop BBC injections - your form being used by spam bots.
Depends how far you want to go, you could also check the form has been sent from your domain (cuts out spam bot usage)

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.