on 15/11/02 12:11 AM, CJ ([EMAIL PROTECTED]) wrote: > I have a "contact us" php script on my site that allows users to email > direct from the webiste. I want to be able to pass the to address and > subject line to the script so I can call teh web page from elsewhere on the > site and have it automatically choose the correct email address and subject > line. > > EG instad of using <a href=mailto:joe@;bloggs.mail.com> which requires them > to have an email client set up on the machine I want to link to > <a href=contactus.php?email=director subject=job enquiry> > The script already handles the email=director by setting a default entry in > a drop down form but I can't get it to separate the first and second > variables in the URL.
<a href="contactus.php?email=director&subject=job_enquiry"> > Also is this a big security risk as I will be echoing the 2nd variable as > the contents of a form field. Would it be possible for someone to type in > the URL with HTML/php in it that would make a mess of everything? How can I > protect against this? Would it be sufficient to just pase the 2nd variable > for non alphabetic characters and remove them? As I think I read replied by someone else, I'd have numeric IDs for both the staff AND the subject. staff 1 = [EMAIL PROTECTED] 2 = [EMAIL PROTECTED] 3 = [EMAIL PROTECTED] 4 = [EMAIL PROTECTED] subjects 1 = general enquiry 2 = technical support 3 = gambling addiction 4 = debate about red cars being faster Then your link url is a lot cleaner <a href="contactus.php?e=2&s=4"> contactus.php simply has to check an array, or sql table, or what ever, to find out what a subject id of "1" really is. To ensure extra security over text stuff, you can check to make sure sure $e and $s are both numeric (check out is_numberic(), is_int(), etc etc). You could also set defaults, so that if the $s or $e is excluded, or invalid, you can set a default. So these three links won't break the the page: <a href="contactus.php"> <a href="contactus.php?s=3"> <a href="contactus.php?e=2"> Good luck Justin French -------------------- http://Indent.com.au Web Developent & Graphic Design -------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
