I have a php contact form using POST and I want to automatically include the referring page on the form, that is the website linking to the contact form. This would normally be within my website.
For example,
www.website.com/nothere.php returns 404.php (with www.website.com/nothere.php as the address)
on the 404 page I have a link to feedback.php which is a contact form.
I want the referring URL (in this case "www.website.com/nothere.php") included on the submitted form.
I understand I can use this code:
$ref = getenv("HTTP_REFERER");
So, I added that to the php at the top of the page (here is a snippet):
$SendTo = "web@website.com";
$Subject = "Website Feedback";
$FromString = "From: ".$_POST['eaddress']."
";
$ref = getenv("HTTP_REFERER");
But how do I code the indhold so the referral is printed on the email?
$Indhold .= "Referring page: ".$_POST['$????']."
";
Can someone help with what I need to add to the above line? Or do I need to go about this in a different way?
Many thanks! Andy
Put a hidden input field into your contact form, that contains the referer:
<form ...>
...
<input type="hidden" value="<?php echo $_SERVER['HTTP_REFERER'] ?>" name="referer" />
...
</form>
Then you can access it with $_POST['referer'] when sending the email.
Well .. you can indeed use $_SERVER['HTTP_REFERER'] for this. To include it just write something like :
<input type="hidden" name="referer" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />
in your contact form.
And then, when you compose the message just do :
$Indhold .= 'Referring page: '.$_POST['referer']."
";
Before you do anything you should know that $_SERVER['HTTP_REFERER'] is set by the client. This means that it can contain anything. If you really need to know the referrer then at least make sure that it is a URL and that it does not point to just any website.
For example:
$ref = filter_input(INPUT_SERVER, 'HTTP_REFERER', FILTER_SANITIZE_URL);
if ( ! preg_match('/^http:\/\/website.com/', $ref)) {
$ref = '(Unknown URL...)';
}
If you just use HTTP_REFERER without checking it first then some bad guy can set it to a URL that installs a virus on the machine. In other words: Do not use it unless you check it.