{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 在下西门庆 的问题《PHP contact form sending email every time the page》','https://www.manongdao.com/q-1121590.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
PHP contact form sends email every time the page is refreshed. If user sends his message once and refreshes again, the same message is sent again. This happens every time the page is refreshed.
Here is my code form the form:
if (isset($_POST['submit'])) {
if ($_POST['email'] == '' || $_FILES['file_upload'] == '' || $_POST["fname"] == '' || $_POST["lname"] == '' || $_POST["message"] == '') {
echo '<p class="red-info">Please Fill All The Fields</p>';
} else {
$from_email = $_POST['email']; //from mail, it is mandatory with some hosts
$recipient_email = 'myemail@gmail.com'; //recipient email (most cases it is your personal email)
//Capture POST data from HTML form and Sanitize them,
$sender_fname = filter_var($_POST["fname"], FILTER_SANITIZE_STRING); //sender name
$sender_lname = filter_var($_POST["fname"], FILTER_SANITIZE_STRING); //sender name
$sender_phone_1 = filter_var($_POST["phone_1"], FILTER_SANITIZE_STRING); //sender name
$sender_phone_2 = filter_var($_POST["phone_2"], FILTER_SANITIZE_STRING); //sender name
$sender_phone_3 = filter_var($_POST["phone_3"], FILTER_SANITIZE_STRING); //sender name
$sender_phone = $sender_phone_1 . ' ' . $sender_phone_2 . ' ' . $sender_phone_3; //sender name
$reply_to_email = filter_var($_POST["email"], FILTER_SANITIZE_STRING); //sender email used in "reply-to" header
$subject = 'Contact Form'; //get subject from HTML form
$message = filter_var($_POST["message"], FILTER_SANITIZE_STRING); //message
/* //don't forget to validate empty fields
if(strlen($sender_name)<1){
die('Name is too short or empty!');
}
*/
//Get uploaded file data
$file_tmp_name = $_FILES['file_upload']['tmp_name'];
$file_name = $_FILES['file_upload']['name'];
$file_size = $_FILES['file_upload']['size'];
$file_type = $_FILES['file_upload']['type'];
$file_error = $_FILES['file_upload']['error'];
if ($file_error > 0) {
die('Upload error or No files uploaded');
}
//read from the uploaded file & base64_encode content for the mail
$handle = fopen($file_tmp_name, "r");
$content = fread($handle, $file_size);
fclose($handle);
$encoded_content = chunk_split(base64_encode($content));
$boundary = md5("sanwebe");
//header
$headers = "MIME-Version: 1.0\r\n";
$headers .= "From:" . $from_email . "\r\n";
$headers .= "Reply-To: " . $reply_to_email . "" . "\r\n";
$headers .= "Content-Type: multipart/mixed; boundary = $boundary\r\n\r\n";
//plain text
$body = "--$boundary\r\n";
$body .= "Content-Type: text/plain; charset=ISO-8859-1\r\n";
$body .= "Content-Transfer-Encoding: base64\r\n\r\n";
$body .= "<br />First Name:" . $sender_fname;
$body .= "<br />Last Name:" . $sender_lname;
$body .= "<br />Phone:" . $sender_phone;
$body .= "<br />Message:";
$body .= chunk_split(base64_encode($message));
//attachment
$body .= "--$boundary\r\n";
$body .= "Content-Type: $file_type; name=" . $file_name . "\r\n";
$body .= "Content-Disposition: attachment; filename=" . $file_name . "\r\n";
$body .= "Content-Transfer-Encoding: base64\r\n";
$body .= "X-Attachment-Id: " . rand(1000, 99999) . "\r\n\r\n";
$body .= $encoded_content;
$sentMail = mail($recipient_email, $subject, $body, $headers);
if (isset($sentMail)) //output success or failure messages
{
echo '<p class="green-info">Your Email Has Been Submitted!We will contact soon.</p>';
echo "<script>document.contact.reset();</script>";
header("location: contect.php");
} else {
die('Could not send mail! Please check your PHP mail configuration.');
}
}
}
$sender_lname = filter_var($_POST["fname"], FILTER_SANITIZE_STRING);Should be,$sender_lname = filter_var($_POST["lname"], FILTER_SANITIZE_STRING);If you are refreshing a browser, they tend to cache the last POST request. You may be asked if you want to re-submit form data. Try adding a hidden field with a hash value for a token.
<input type="hidden" name="token" value="someHashValue">Implement sessions to compare the submitted token against the one stored in
$_SESSION.Use a good hashing function to create the token. I would steer clear of
md5andsha1.Basically...
Also, be wary of using the file name (
$file_name = $_FILES['file_upload']['name'];) supplied by the browser in your code. Most would say find a way not to use it, but if you do, you still need to filter and validate it in some way. Re-naming the file might be appropriate. Checking the file size is a good idea, too. Don't rely too heavily on thephp.inion the file size bit. If file type matters, you can even try to inspect the file before accepting it.Lastly, when you get there, if you are going to use PHP filter functions, it may be a good idea to use
filter_input_array()withINPUT_POSTfor your POST data. For the$_FILESsuperglobal, I made a separate routine just for validating it (but, you cannot usefilter_input_array()for that). Good luck! You are on your way!It sends form every time because you didn't follow some of the good practices of web programming.
First of all, after receiving data from submitted form you should redirect user to the new page to change request type to
GETand to prevent next submission.The next thing is that you should use
CSRF tokento prevent two situations: double submission andCSRFattacks.