Properly written php code?

Hello! I asked to verify my code it is correct. The objective of this code is sending email on mail. People need to input some data, and clicking the button "place order", data should be sent to a specific email. I unfortunately can't test it on local! I was also confused by the fact that you get errors for not filling in the fields, even though I tried to register...
59d4b98aecd52797911340.png
<div class="contact">
 <div class="wrapper">
 <div class="contact-title" id="about">subscribe now and get a free consultation!</div>
 <form action method="post" class="form">
 <input type="text" placeholder="Your name" name="name" value="<?=$_POST['name']?>">
 <span style="color:red"><?=$err['name']?></span>
 <input type="email" placeholder="Your email" name="email" value="<?=$_POST['e-mail']?>">
 <span style="color:red"><?=$err['email']?></span>
 <input type="text" placeholder="Your Skype" name="skype" value="<?=$_POST['skype']?>">
 <textarea name="sms-id" cols="30" rows="10" placeholder="message" value="<?=$_POST['sms']?>"></textarea>
 <span style="color:red"><?=$err['sms']?></span>
the <div>
 <input type="submit" value="Leave request">
</div>
</form>
</div>
 </div>

if(isset($_POST['submit'])){
 $to = 'some email';
 $subject = 'New message';
 $name = $_POST['name'];
 $email = $_POST['e-mail'];
 $skype = $_POST['skype'];
 $sms = $_POST['sms'];
 $error = false;
 $err = array('email' => ", 'name' => ", 'sms' => ");

 if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)){
 $err['email'] = 'You have entered is not valid email';
 $error = true;
}
 if (empty($name)){
 $err['name'] = 'You did not enter a name';
 $error = true;
}
 if (empty($sms)){
 $err['name'] = 'You did not enter a message';
 $error = true;
}

if(!$error){
 $subject = "=?utf-8?B?".base64_encode($subject)."?=";
 $headers = "From: $from\r\nReply-to: $from\r\nContent-type:text/plain; charset=utf-8\r\n";
 mail($to, $subject, $sms, $headers);
}

 }
June 14th 19 at 20:01
1 answer
June 14th 19 at 20:03
  1. In the form of injection possible
  2. $_POST['submit'] does not exist
  3. Not check that the index exists $_POST['skype'], etc.
  4. $from does not exist, do not use $email
  5. The letter is formed non-kosher (no splitting of long header, not enough headers, etc.). It is better to use the library
  6. Unreliable mail server, spoofing the return address, etc. - most likely to spam and blocking mail servers
  7. No spam (multiple form submission bot)

Etc.
Do you have a template? In addition to the points 2 and 3, I unfortunately don't know how else to correct. - pearl_McCullough commented on June 14th 19 at 20:06
,

1. You will need to escape the data in the value attributes
2. For input type="submit" add name="submit"
3. isset()
4 - 7. Use an existing library for sending mail. Not difficult to learn and use for example this https://swiftmailer.symfony.com/

And Yes, the "pure" PHP is now rare write - use frameworks (Yii, Laravel, Symphony ...) - to solve at once many problems. - Henriette_Ernser commented on June 14th 19 at 20:09
7. captcha - Jerad_Padbe commented on June 14th 19 at 20:12
I don't know how to put captcha... - pearl_McCullough commented on June 14th 19 at 20:15
Bad code in a word - Lizzie.Altenwerth commented on June 14th 19 at 20:18
, Show off your! - pearl_McCullough commented on June 14th 19 at 20:21

Find more questions by tags PHP