Skip navigation
1BigTimeBookie
Currently Being Moderated

PHP script sends the email, without data

Nov 8, 2013 3:41 PM

Tags: #dreamweaver_cs5 #php_script

Thanks in advance for your help.

 

I am new to Dreamweaver CS5 and decided to add a form.  Mailto wasn't going to work, so PHP was the answer. 

 

*** $form content line is my latest stab at correcting the form. 

 

My site:  www.LifeAfterPharma.com

 

Here is the script I created:

 

 

<?php

 

 

$name = $_POST['name'];

$email = $_POST['email'];

$phone = $_POST['phone'];

$to = "abcd@icloud.com";

$subject = "LAP Info Request";

$message = $_POST['HIP HIP HOORAH'];

$formcontent= $_POST[" Name: $name \nPhone: $phone \nEmail: $email"];

mail ($to, $subject, $message, $formcontent);

 

 

echo "Thank you!  Your request has been sent! Use your browsers BACK button to return to the site. ";

 

?>

 

HTML

 

<form action="LAP_form.php" method="post" enctype="text/plain">

Name:<br>

<input type="text" name="name" value="your name"><br>

E-mail:<br>

<input type="text" name="email" value="your email"><br>

Cell Phone:<br>

<input type="text" name="phone" value="area code + number"><br><br>

<input type="submit" name="Submit" id="submit" value="Submit">

<input type="reset" name="Reset" id="reset" value="Reset">

</form>

 

 

Please take a look and tell me what I'm doing wrong.  I'd appreciate your help and insight. 

 

I have researched this as much as I know how but much of what I have found in books is unintellgible to me and when it comes to the reply form, the php script usually includes stuff I'm not interested in such as validation, CAPTCHA etc and I am unable to tease out my issue.

 

I've also checked with my hosting service - Godaddy and all is well there. 

 

I'm on DW CS5 on a Macbook Pro - Lion

 
Replies
  • Currently Being Moderated
    Nov 8, 2013 7:04 PM   in reply to 1BigTimeBookie

    The $POST[] array contains key/values pairs passed in by the posted form. So here:

     

    $name = $_POST['name'];

    $email = $_POST['email'];

    $phone = $_POST['phone'];

     

    you referencing the value by its key name and assigning it to a php variable. That's fine.

     

    However, these assignments don't make sense:

     

    $message = $_POST['HIP HIP HOORAH'];

    $formcontent= $_POST[" Name: $name \nPhone: $phone \nEmail: $email"];

     

    because there is no element in the array with those names. Those values were not passed from the form. So just remove "$_POST" and the square brackets from the above and it should work. One serious problem to be aware of is that your form/script is vulnerable to a header injection attack. You should try to find a script that will protect against this type of attack.

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 9, 2013 5:54 AM   in reply to bregent

    bregent wrote:

     

    One serious problem to be aware of is that your form/script is vulnerable to a header injection attack. You should try to find a script that will protect against this type of attack.

    This should help with that issue: http://foundationphp.com/tutorials/email.php.

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 9, 2013 2:05 PM   in reply to 1BigTimeBookie

    Yes, you need to insert this.

     

    Essentially, what is going on is that your form is sending a bunch of stuff to POST and you now need to recover it for php to work with it.

     

    So here's what you do:

     

    <?php

     

    // time to gather everything up so php can actuall work with it:

     

    $name = $_POST['name'];

    $email = $_POST['email'];

    $phone = $_POST['phone'];

     

    // now let's work with it, shall we?

     

    if(empty($name) || empty($email) || empty($phone)) {

    echo "<h2>Use your Back button - fill in all fields, No message was sent.</h2>\n";

    die ("Use back! ! ");

    }

    // all fields are required, if they left anything blank, we won't accept the form.

     

    if(!$email == "" && (!strstr($email,"@") || !strstr($email,".")))

    {

    echo "<h2>Use Back - Enter valid e-mail</h2>\n";

    $badinput = "<h2>Your message was NOT submitted</h2>\n";

    echo $badinput;

    die ("Go back! ! ");

    }

    // we're checking to see if the email is valid.

     

    if ($email) {

            $to = 'abcd@icloud.com'; // where you want to send the mail

            $from: $email ($email)\n // this puts their email into the from blank for an email.

            $subject = 'LAP Info Request';

            $message = 'From: ' . $_POST['name'] . "\r\n\r\n";

            $message .= 'Comments: ' . $_POST['comments'];

            $headers = "From: $from\r\nReply-to: $email";

            $sent = mail($to, $subject, $message, $headers);

            if ($sent) {

                $result = 'Thank you!  Your request has been sent! Use your browsers BACK button to return to the site.';

            }

        } else {

            $result = 'Sorry, there was a problem.';

        }

    }

    ?>

     

     

    That should work.

     

    -Mark

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 9, 2013 2:32 PM   in reply to mhollis55

    mhollis55 wrote:

     

    That should work.

    Yes, it will. It will also expose the site to email header injection. Please read my article before trying to offer bad advice (however well intentioned) to others: http://foundationphp.com/tutorials/email.php.

     

    Putting unfiltered user input into email headers is EXTREMELY INSECURE.

     
    |
    Mark as:
  • Currently Being Moderated
    Nov 9, 2013 2:55 PM   in reply to 1BigTimeBookie

    >Do I need to insert this?

     

    >$name = $_POST['name'];

    >$email = $_POST['email'];

    >$phone = $_POST['phone'];

     

    Not necessarily. You can directly reference the POST array variable anywhere within your script. But usually you assign them first to a simple variable, especially if you are going to be referencing a posted variable more than once (for validation, sanitizing, etc) ,  because it's easier to write "$name" than "$_POST['name']" .

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points