Jova wiki   tid   Login/Logout

Page History: PHP-mailer technical information

Compare Page Revisions

Compare revision 13 12 11 10 9 8 7 6 5 4 3 2 1 0 to revision Current 13 12 11 10 9 8 7 6 5 4 3 2 1 0

List of revisions

« Older Revision - Back to Page History - Newer Revision »

Page Revision: 2011/04/15 16:30

Recipients

One frequent question we receive is "how to go about having different recipients receiving the same form". One example question is from "Gregg":


In short, this user wants to send the person who filled in the form an e-mail. This is pretty simple to do. Using the sample form as an example (form.html), all you need to do is edit the file:

/_lib/form.config.php

The following two lines:

 $_POST['replyEmailOnSuccess']     = 'form.replyemailsuccess.html';
$_POST['subjectEmailOnSuccess']   = 'Email Submission succeeded';

Then create a file:

/_lib/form.replyemailsuccess.html

that looks similar to the form itself. A pattern of how to do this is in the file
/_lib/replyemailsuccess.html

and a few notes on this:
Have a look at the sample we include with the software. You will notice that there are no form tags, no input fields (or other form elements). In place, we have place holders - for example "{thanksMessage}". It looks for a form variable named "thanksMessage" and will do the string replacement automatically on the form submission. You can replace all the form variables with these place holders to get the form data the user typed in into the success reply email.


Another example is a human resources employment application form. You may want to direct the form to different location managers based on a location drop down in the form. Here's how you accomplish that: Let's say you have a form called employmentapplication.html with a location drop down field containing two choices: New York (which returns NY) and Texas (which returns TX). We'll assume the field name is "location". In your /_lib/employmentapplication.config.php file, insert code that looks like:

 switch ( $_POST['Location'] ) {
    case "NY":
      $_POST['recipient'] = "nymanager@yourdomain.com";
      break;
    case "TX":
      $_POST['recipient'] = "txmanager@yourdomain.com";
      break;
    default:
      $_POST['recipient'] = "hrmanager@yourdomain.com";
}

That's it. Then based on the location selected by the user, the appropriate HR manager will receive the form submitted.

About sanitizing form data

In PHPMailer-FE version 4.0.5, we added the ability to sanitize or clean up user-submitted form data.

The file responsible for this is: _lib/inc.sanitize.php

This script is not entirely of our making. The core of the script is authored by someone else, and we have no idea who. We have modified this script to function with PHPMailer-FE.

In essence, it will "clean-up" or sanitize the data users type into the form.

The specific functionality is (in no specific order):

• will remove hex values
• will stop directory traversal
• will stop MySQL injections and MySQL comments
• will stop base64 encoding
• will remove null characters
• will do basic HTML entities checks and conversion
• will convert all tabs to spaces
• will convert all PHP tags to safe HTML entities
• will convert all XML tags to safe HTML entities
• will convert all Javascript (and other script) tags to safe HTML entities
• will compact all exploded words
• will remove all Javascript (and other scripts) from links and images
• will sanitize all bad HTML code
• will sanitize all bad script code
  

Essentially, if enabled, it will eliminiate and/or minimize the impact of hacker access to forms to generate cross site scripting attacks, database injection or attacks, and javascript/vbscript (etc) malicious use.

The sanitize utility is not intended to be used for data validation or formatting.