Home › Forums › Back End › nice and easy contact form $EmailFrom = ""; query › Reply To: nice and easy contact form $EmailFrom = ""; query
Shouldn’t the other parties email address be showing in here??
Not necessarily. $EmailFrom
is meant to be an email address from your domain (even a fake, “no-reply” address). It is being used in the email From
header, which has two major implications if using the user’s email address:
- You would need to validate the user’s input (i.e., make sure it is a single, valid email address), otherwise you would run the risk of header injection. This is a very, very common way for a simple contact form to be hijacked and used as a spam server, which will cause you all kinds of trouble. Note that Chris’ example does not include validation of any kind, which he points out in his comments. Look at using the
filter_var
function. -
You would need to add a
Sender
header with an email address that belongs to your domain. Otherwise, it is likely that the email will be discarded as spam during delivery, because theFrom
address and the domain don’t match.
All in all, I would suggest not making these changes: just use the form as intended. If you’re set on it, however, you’d need to keep the above points in mind.