Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End nice and easy contact form $EmailFrom = ""; query Reply To: nice and easy contact form $EmailFrom = ""; query

#176864
__
Participant

Shouldn’t the other parties email address be showing in here??

Not necessarily. $EmailFrom is meant to be an email address from your domain (even a fake, “no-reply” address). It is being used in the email From header, which has two major implications if using the user’s email address:

  1. You would need to validate the user’s input (i.e., make sure it is a single, valid email address), otherwise you would run the risk of header injection. This is a very, very common way for a simple contact form to be hijacked and used as a spam server, which will cause you all kinds of trouble. Note that Chris’ example does not include validation of any kind, which he points out in his comments. Look at using the filter_var function.
  2. You would need to add a Sender header with an email address that belongs to your domain. Otherwise, it is likely that the email will be discarded as spam during delivery, because the From address and the domain don’t match.

All in all, I would suggest not making these changes: just use the form as intended. If you’re set on it, however, you’d need to keep the above points in mind.