Formular Überprüfung

  • Hallo Leute, versuche schon seit einiger Zeit mein Formular hinzubekommen leider ohne Erfolg und ich hab auch keine Nerven mehr dafür, hoffe dass Ihr mir weiterhelfen könnt.


    PHP
    <span class="syntaxhtml"><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><br /><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de"><br /><br /><head><br />    <title>Kontakt</title><br /><br />    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-2" /><br />    <meta name="description" content="Kontaktformular" /><br />    <meta name="author" content="Otto Huml" /><br />    <meta name="keywords" content="Kontaktformular,BHKWPartner" /><br /><br />    <link href="formular.css" type="text/css" rel="stylesheet" /><br /></head><br /><br /><body><br />    <span class="syntaxdefault"><?php<br /><br />    $empfaenger </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">"mustermann@t-online.de"</span><span class="syntaxkeyword">;</span><span class="syntaxdefault"> </span><span class="syntaxcomment">//Mailadresse<br /></span><span class="syntaxdefault">    $absender   </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'email'</span><span class="syntaxkeyword">];<br /></span><span class="syntaxdefault">    $betreff    </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">"Kontakt"</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">    $mailtext   </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'vorname'</span><span class="syntaxkeyword">].</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'nachname'</span><span class="syntaxkeyword">].</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'strasse'</span><span class="syntaxkeyword">].</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'plz'</span><span class="syntaxkeyword">].</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'ort'</span><span class="syntaxkeyword">].</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'tel'</span><span class="syntaxkeyword">].</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'nachricht'</span><span class="syntaxkeyword">];<br /></span><span class="syntaxdefault">    $antwortan  </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">"mustermann@t-online.de"</span><span class="syntaxkeyword">;<br /><br /></span><span class="syntaxdefault">      if</span><span class="syntaxkeyword">(isset(</span><span class="syntaxdefault">$HTTP_POST_VARS</span><span class="syntaxkeyword">))<br /></span><span class="syntaxdefault">        </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">        if </span><span class="syntaxkeyword">(empty(</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'vorname'</span><span class="syntaxkeyword">])</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">==</span><span class="syntaxdefault"> TRUE</span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault">         </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">             echo </span><span class="syntaxstring">"Hallo"</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">         </span><span class="syntaxkeyword">}<br /><br /><br /></span><span class="syntaxdefault">      echo </span><span class="syntaxstring">'<br />    <form method="POST" action="index.php" enctype="text/plain"><br />    <input type="hidden" name="check" value="1" /><br />    <p class="unten">Vorname*:</p><br />    <input type="text" class="feld" name="vorname" value="'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'vorname'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">Nachname*:</p><br />    <input type="text" class="feld" name="nachname" value="'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'nachname'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">'"  maxlength="50" /><br />    <p class="unten">Stra&szlig;e*:</p><br />    <input type="text" class="feld" name="strasse" value="'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'strasse'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">PLZ*:</p><br />    <input type="text" class="feld" name="plz" value="'</span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'plz'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">Ort*:</p><br />    <input type="text" class="feld" name="ort" value="'</span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'ort'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">Telefon*:</p><br />    <input type="text" class="feld" name="tel" value="'</span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'tel'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">E-Mail*:</p><br />    <input type="text" class="feld" name="email" value="'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'email'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">'"  maxlength="50" /><br />    <p class="unten">Nachricht:</p><br />    <textarea class="feld" name="nachricht" rows="2" cols="15" value="'</span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'nachricht'</span><span class="syntaxkeyword">].</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "/><br />    </textarea><br />    <input type="submit" class="absenden" name="absenden" value="absenden" /><br />    </form>'</span><span class="syntaxkeyword">;<br /><br /></span><span class="syntaxdefault">    ?><br /></span></body><br /></html></span>
  • Darf man Fragen was das darstellen soll? :P


    Also Tipp 1: Wir überprüfen Variabeln,.. gaaaaaanz oben, vor dem Doctype.
    Wieso? Dann haben wir die Möglichkeit noch Headerzu verwenden, oder sonst mit den Daten in der Seite selbst zu arbeiten.
    Tipp 2: Wir reinigen und überprüfen unsere Variabeln bevor wir sie Verarbeiten.
    Zum Bereinigen verwende ich meist folgenden Code:

    PHP
    <span class="syntaxdefault"></span><span class="syntaxkeyword">foreach(</span><span class="syntaxdefault">$_POST as $key </span><span class="syntaxkeyword">=></span><span class="syntaxdefault"> $value</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">    $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxdefault">$key</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> nl2br</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">htmlentities</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">trim</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$value</span><span class="syntaxkeyword">)));<br />}</span><span class="syntaxdefault"> </span>


    (Durch das nl2br auf alle POST's, schützen wir uns auch direkt mal vor Mail-Injektion)
    Tipp 3: Wir verwenden eine Variabel um zwischen Formular und bestätigt zu switschen.
    Ich benutzte meistens folgenden Aufbau (kein fertiger Code!):

    PHP
    <span class="syntaxhtml"><span class="syntaxdefault"><?php<br /><br /></span><span class="syntaxcomment">/*** ÜBERPRÜFUNG DER VARIABELN, wenn versendet ***/<br /></span><span class="syntaxkeyword">if(</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'action'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">!=</span><span class="syntaxdefault"> </span><span class="syntaxstring">""</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">    </span><span class="syntaxcomment">// action ist mein Submit-Button<br /><br /></span><span class="syntaxdefault">    </span><span class="syntaxcomment">// Bereinigen der Variabeln, z.B. mit dem Code von oben<br /></span><span class="syntaxdefault">    foreach</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_POST as $key </span><span class="syntaxkeyword">=></span><span class="syntaxdefault"> $value</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">        $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxdefault">$key</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> nl2br</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">htmlentities</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">trim</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$value</span><span class="syntaxkeyword">)));<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}</span><span class="syntaxdefault"> <br /><br />    </span><span class="syntaxcomment">// überprüfung auf existienz, richtig,.. meistens reicht hierfür<br /></span><span class="syntaxdefault">    if</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'name'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">!=</span><span class="syntaxdefault"> </span><span class="syntaxstring">""</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">        $fromName </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'name'</span><span class="syntaxkeyword">];<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}</span><span class="syntaxdefault"> else </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">       </span><span class="syntaxcomment">// Wenn das ein Pflichtfeld ist sagen wir einer Variabel bescheid, dass die Email nicht raus darf<br /></span><span class="syntaxdefault">       $noMail </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> true</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}<br /><br /></span><span class="syntaxdefault">    if</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">filter_var</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'email'</span><span class="syntaxkeyword">],</span><span class="syntaxdefault"> FILTER_VALIDATE_EMAIL</span><span class="syntaxkeyword">)</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">!==</span><span class="syntaxdefault"> false</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">        </span><span class="syntaxcomment">// Wenn der filter nicht fehlschlägt..0<br /></span><span class="syntaxdefault">        $fromMail </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'email'</span><span class="syntaxkeyword">];<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}</span><span class="syntaxdefault"> else </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">        $noMail </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> true</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">        </span><span class="syntaxcomment">// Ansonsten wie oben. Hier könnte man übrigens auch einen "persönlichen Fehler" definieren, anstelle des Allgemeinen unten.<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}<br /><br /></span><span class="syntaxdefault">    </span><span class="syntaxcomment">// [...]<br /><br /></span><span class="syntaxdefault">    if</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$noMail </span><span class="syntaxkeyword">!==</span><span class="syntaxdefault"> true</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">        $ready </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> mail</span><span class="syntaxkeyword">(...);<br /></span><span class="syntaxdefault">        </span><span class="syntaxcomment">// mail gibt bei Erfolg true zurück, sollte etwas passiert sein haben wir hier false<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}<br />}<br /><br /><br /></span><span class="syntaxcomment">/*** Ausgabe des jeweiligen Contents ***/<br /></span><span class="syntaxkeyword">if(</span><span class="syntaxdefault">$ready </span><span class="syntaxkeyword">!==</span><span class="syntaxdefault"> true</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">    if</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$ready </span><span class="syntaxkeyword">===</span><span class="syntaxdefault"> false</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">        </span><span class="syntaxcomment">// Hier gab mail() dann false zurück :/<br /></span><span class="syntaxdefault">        $sendError </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">'Unerwarteter Fehler beim Versenden der Mail.'</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}<br /></span><span class="syntaxdefault">    if</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$noMail </span><span class="syntaxkeyword">===</span><span class="syntaxdefault"> true</span><span class="syntaxkeyword">){<br /></span><span class="syntaxdefault">        $inputError </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">'Bitte fühlen Sie alle Felder ordnugnsgemäß aus.'</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}<br /><br /></span><span class="syntaxdefault">    $content </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">'<br />        <form><br />            ...<br />        </form><br />    '</span><span class="syntaxkeyword">;<br />}</span><span class="syntaxdefault"> else </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">    $content </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">'Vielen Dank..'</span><span class="syntaxkeyword">;<br />}<br /><br /></span><span class="syntaxdefault">?><br /></span><!DOCTYPE html><br />[...]</span>


    Sollte dir hoffentlich doch erst mal helfen.
    Achte bitte auf meine Kommentare im Code!
    (Theoretisch könntest auch direkt mit den Post-Variabeln arbeiten anstatt diese einer anderen Variabel zu zu weisen.
    würde dann

    PHP
    <span class="syntaxdefault"></span><span class="syntaxkeyword">if(</span><span class="syntaxdefault">$_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'name'</span><span class="syntaxkeyword">] == </span><span class="syntaxstring">""</span><span class="syntaxkeyword">){<br />    </span><span class="syntaxdefault">$noMail </span><span class="syntaxkeyword">= </span><span class="syntaxdefault">true</span><span class="syntaxkeyword">;<br />} </span><span class="syntaxdefault"></span>

    verwenden :)


    Mit Freundlichen Grüßen
    Dustin

  • Hallo Sarkkan,


    Zitat

    (Durch das nl2br auf alle POST's, schützen wir uns auch direkt mal vor Mail-Injektion)


    Da habe ich meine Zweifel. nl2br() wirkt nur bei "\n", aber nicht bei %OA.
    Beispiel:

    PHP
    <?php
    	echo nl2br("foo ist nicht%0A bar");
    ?>


    Ausgabe: foo ist nicht%0A bar


    Damit dürfte die Email injection immer noch funktionieren, siehe hier:
    <!-- m --><a class="postlink" href="http://www.w3schools.com/php/php_secure_mail.asp">http://www.w3schools.com/php/php_secure_mail.asp</a><!-- m -->


    Falls Du ein Formular online hast würde ich es gerne mal testen. :)


    MfG

  • Habs nochmal versucht, bekomme aber die Fehlermeldung schon wenn ich dass Formular aufrufe, was ist mein Fehler oder ist der Aufbau überhaupt richtig?


    PHP
    <span class="syntaxhtml"><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><br /><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de"><br /><br /><head><br />    <title>Kontakt</title><br /><br />    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-2" /><br />    <meta name="description" content="Kontaktformular" /><br />    <meta name="author" content="Otto Huml" /><br />    <meta name="keywords" content="Kontaktformular,BHKWPartner" /><br /><br />    <link href="formular.css" type="text/css" rel="stylesheet" /><br /></head><br /><br /><body><br />    <span class="syntaxdefault"><?php<br /><br />      $Empfaenger </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">"mustermann@t-online.de"</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">      if</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'submit'</span><span class="syntaxkeyword">]){<br /></span><span class="syntaxdefault">      if</span><span class="syntaxkeyword">(empty(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'vorname'</span><span class="syntaxkeyword">])</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> empty</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'nachname'</span><span class="syntaxkeyword">])<br /></span><span class="syntaxdefault">       </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> empty</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'strasse'</span><span class="syntaxkeyword">])</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> empty</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'plz'</span><span class="syntaxkeyword">])<br /></span><span class="syntaxdefault">       </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> empty</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'ort'</span><span class="syntaxkeyword">])</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> empty</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'tel'</span><span class="syntaxkeyword">])<br /></span><span class="syntaxdefault">       </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> empty</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'tel'</span><span class="syntaxkeyword">])</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> empty</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'email'</span><span class="syntaxkeyword">]))<br /></span><span class="syntaxdefault">       </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">        echo</span><span class="syntaxstring">"Bitte gehen Sie <a href=\"javascript:history.back();\"><br />        zur&uuml;ck</a> und f&uuml;llen Sie alle Felder aus"</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">        </span><span class="syntaxkeyword">}<br /></span><span class="syntaxdefault">      else</span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">        $Mailnachricht</span><span class="syntaxkeyword">=</span><span class="syntaxstring">"Sie haben eine Anfrage über ihr<br />        Kontaktformular erhalten:\n\n"</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">        while</span><span class="syntaxkeyword">(list(</span><span class="syntaxdefault">$Formularfeld</span><span class="syntaxkeyword">,</span><span class="syntaxdefault"> $Wert</span><span class="syntaxkeyword">)=</span><span class="syntaxdefault">each</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">))<br /></span><span class="syntaxdefault">        </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">          if</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$Formularfeld</span><span class="syntaxkeyword">!=</span><span class="syntaxstring">"submit"</span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault">          </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">            $Mailnachricht </span><span class="syntaxkeyword">.=</span><span class="syntaxdefault"> $Formularfeld</span><span class="syntaxkeyword">.</span><span class="syntaxstring">": "</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">$Wert</span><span class="syntaxkeyword">.</span><span class="syntaxstring">"\n"</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">          </span><span class="syntaxkeyword">}<br /></span><span class="syntaxdefault">        </span><span class="syntaxkeyword">}<br /></span><span class="syntaxdefault">        $Mailnachricht </span><span class="syntaxkeyword">.=</span><span class="syntaxdefault"> </span><span class="syntaxstring">"\nDatum/Zeit: "</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">        $Mailnachricht </span><span class="syntaxkeyword">.=</span><span class="syntaxdefault"> date</span><span class="syntaxkeyword">(</span><span class="syntaxstring">"d.m.Y H:i:s"</span><span class="syntaxkeyword">);<br /></span><span class="syntaxdefault">        $Mailbetreff </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">"Kontakt: "</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">        $Mailbetreff </span><span class="syntaxkeyword">.=</span><span class="syntaxdefault"> $_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'Betreff'</span><span class="syntaxkeyword">];<br /></span><span class="syntaxdefault">        mail</span><span class="syntaxkeyword">(</span><span class="syntaxdefault">$Empfaenger</span><span class="syntaxkeyword">,</span><span class="syntaxdefault"> $Mailbetreff</span><span class="syntaxkeyword">,</span><span class="syntaxdefault"> $Mailnachricht</span><span class="syntaxkeyword">,</span><span class="syntaxdefault"> </span><span class="syntaxstring">"From: "<br /></span><span class="syntaxdefault">        </span><span class="syntaxkeyword">.</span><span class="syntaxdefault">$_REQUEST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'email'</span><span class="syntaxkeyword">]);<br /></span><span class="syntaxdefault">        echo </span><span class="syntaxstring">"Wir danken f&uuml;r Ihre Anfrage, wir werden uns so bald wie m&ouml;glich bei Ihnen melden. :        \n"</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">$Mailnachricht</span><span class="syntaxkeyword">;</span><span class="syntaxdefault">      </span><span class="syntaxkeyword">}<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}<br /></span><span class="syntaxdefault">    else<br />    </span><span class="syntaxkeyword">{<br /></span><span class="syntaxdefault">      echo</span><span class="syntaxstring">"Ein Fehler ist aufgetreten. Bitte gehen Sie auf diese<br />      <a href=\"index.php\">Seite</a>."</span><span class="syntaxkeyword">;<br /></span><span class="syntaxdefault">    </span><span class="syntaxkeyword">}<br /><br /><br /><br /><br /></span><span class="syntaxdefault">      echo </span><span class="syntaxstring">'<br />    <form method="POST" action="index.php" enctype="text/plain"><br />    <input type="hidden" name="check" value="1" /><br />    <p class="unten">Vorname*:</p><br />    <input type="text" class="feld" name="vorname" value="'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'vorname'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">Nachname*:</p><br />    <input type="text" class="feld" name="nachname" value="'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'nachname'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">'"  maxlength="50" /><br />    <p class="unten">Stra&szlig;e*:</p><br />    <input type="text" class="feld" name="strasse" value="'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'strasse'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">PLZ*:</p><br />    <input type="text" class="feld" name="plz" value="'</span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'plz'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">Ort*:</p><br />    <input type="text" class="feld" name="ort" value="'</span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'ort'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">Telefon*:</p><br />    <input type="text" class="feld" name="tel" value="'</span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'tel'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "  maxlength="50" /><br />    <p class="unten">E-Mail*:</p><br />    <input type="text" class="feld" name="email" value="'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'email'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> </span><span class="syntaxstring">'"  maxlength="50" /><br />    <p class="unten">Nachricht:</p><br />    <textarea class="feld" name="nachricht" rows="2" cols="15" value="'</span><span class="syntaxkeyword">.</span><span class="syntaxdefault"> $_POST</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'nachricht'</span><span class="syntaxkeyword">].</span><span class="syntaxdefault"> </span><span class="syntaxstring">' "/><br />    </textarea><br />    <input type="submit" class="absenden" name="absenden" value="absenden" /><br />    </form>'</span><span class="syntaxkeyword">;<br /><br /></span><span class="syntaxdefault">    ?><br /></span></body><br /></html></span>

  • Wie wird den das %0A bei dem Server beziehungsweise Skript ankommen? :)
    Ich meine.. es ist ziemlich nervig, dass ich wenn ich mit Request-Variabeln arbeite diese meistens noch Encoden muss.. oder etwa nicht? :wink:
    Vergiss nicht, du schickst a@b.de%0Ac@d.com an den Server, der macht daraus aber
    <!-- e --><a href="mailto:a@b.de">a@b.de</a><!-- e -->
    <!-- e --><a href="mailto:c@d.com">c@d.com</a><!-- e -->
    und da haben wir unser \n :D


    hume:
    Hume, halte dich doch enger an meinen Aufbau >-<
    Und versuch doch mal deinen Code anständig zu strukturieren.

  • Hallo Sarkkan,



    stimmt.


    Müsste es eigentlich nicht reichen wenn wir nur

    Code
    $email = filter_var($email, FILTER_SANITIZE_EMAIL);
    if(filter_var($email, FILTER_VALIDATE_EMAIL))
    {
      // email ist sauber und valide
    }

    schreiben?


    MfG

  • Naja.. mehr oder weniger.. auf was willst du die Sachen anwenden?
    Außer auf die E-Mail finde ich den Rest nutzlos.. denn du fragst seltenst nur nach einem INT.. :/
    Und ich finde es auch ziemlich übertrieben alles zu überprüfen, allein schon der Freiheit des Users wegen.
    Habe z.B. angefangen mehrere Felder zusammen zu fassen.. der Benutzer ist dann nicht so eingeschränkt und verunsichert.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!