3 Replies Latest reply on Sep 17, 2007 3:04 PM by Newsgroup_User

    Help with a PHP processing form

    lynnegeek2
      I wrote a little processing program to retreive information from an online form. I'm posting below. Is there another way to retrieve the info for the "Do you own your own home" question. Also does anyone know what I can do to obtain mulitiple answers to a question. For instance from a drop down menu I may have where you are able to select several items. Not sure how to code to retreive that info for the processing program. Any help would be greatly appreciated.

      <?php
      $to = "addmyemailaddresshere";

      //Form Subject
      $subject = "Someone is requesting additional franchising information";

      //Contact and Personal Information
      $body =
      "
      Name: $name
      Email Address: $emailaddress
      Mailing Address: $address
      City: $city
      State: $state
      Zip Code: $zipcode
      Country: $country
      Day Phone: $dayphone
      Evening Phone: $eveningphone
      Mobile Phone: $mobilephone

      Best time to contact: $contacttime

      Liquid Capital Available to Invest: $liquidcapital
      How soon would you like to start a new business?: $startbusiness
      What is your estimated net worth?: $networth
      Do you own your own home?: $yes
      Do you own your own home?: $no
      What type of franchise are you interested in?: $franchisetype
      What motivates you to own your own business?: $desire

      ";

      //Email Address of Sender
      $headers = "From: " . $_POST['emailaddress'] . "\n";
      mail($to,$subject,$body,$headers);
      ?>
        • 1. Re: Help with a PHP processing form
          Level 7
          lynnegeek2 wrote:
          > I wrote a little processing program to retreive information from an online
          > form.

          Your script relies on register_globals being enabled on the web server.
          This is both insecure and liable to break at any moment. The default
          setting for register_globals has off since 2002, and it is due to be
          removed completely from future versions of PHP.

          Instead of using ordinary variables such as $name, you should use the
          $_POST version like this:

          $body = "
          Name: $_POST[name]\n
          Email Address: $_POST[emailaddress]\n
          Mailing Address: $_POST[address]\n
          // and so on
          ";

          Normally, the name of $_POST array elements should be in quotes, but you
          need to leave them out here, because they're in a double-quoted string.
          The \n at the end of each line will insert a new line, preventing
          everything from bunching up.

          > Is there another way to retrieve the info for the "Do
          > you own your own home" question.

          Use radio buttons:

          <input type="radio" name="ownHome" value="yes" />Yes
          <input type="radio" name="ownHome" value="no" checked="checked" />No

          You can then get the value as $_POST[ownHome].

          > Also does anyone know what I can do to obtain
          > mulitiple answers to a question. For instance from a drop down menu I may have
          > where you are able to select several items.

          Use the PHP implode() function to join the values. Let's say your
          multiple choice menu is called "multichoice":

          $body = "
          // other form fields
          Do you own your own home?: $POST[ownHome]\n
          Multiple choices: ";
          if (isset($_POST['multichoice')) {
          $body .= implode(',', $_POST['multichoice');
          } else {
          $body .= "Nothing selected\n";
          }

          > //Email Address of Sender
          > $headers = "From: " . $_POST['emailaddress'] . "\n";
          > mail($to,$subject,$body,$headers);

          Inserting the email address into the headers like this is extremely
          insecure, and lays your site open to email header injection, which could
          turn your site into a spam relay.

          Do a Google search for email header injection to find some common
          solutions. (I also give detailed advice in my books.) Unless you are
          reasonably proficient at PHP, the safest way is to leave out the fourth
          argument ($headers) to mail().

          --
          David Powers, Adobe Community Expert
          Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
          Author, "PHP Solutions" (friends of ED)
          http://foundationphp.com/
          • 2. Re: Help with a PHP processing form
            lynnegeek2 Level 1
            So I'm going to change the $body part of this, but does the following stay the same?

            <?php
            $to = "addmyemailaddresshere";

            //Form Subject
            $subject = "Someone is requesting additional franchising information";

            and

            //Email Address of Sender
            $headers = "From: " . $_POST['emailaddress'] . "\n";
            mail($to,$subject,$body,$headers);
            ?>

            • 3. Re: Help with a PHP processing form
              Level 7
              lynnegeek2 wrote:
              > So I'm going to change the $body part of this, but does the following stay the
              > same?
              >
              > <?php
              > $to = "addmyemailaddresshere";
              >
              > //Form Subject
              > $subject = "Someone is requesting additional franchising information";

              Those do.

              > //Email Address of Sender
              > $headers = "From: " . $_POST['emailaddress'] . "\n";
              > mail($to,$subject,$body,$headers);

              Re-read my original post. This section will turn your site into a spam
              relay. Google the web for solutions to prevent email header injection
              (or see either of the two books listed in my sig). If you don't have the
              skill to implement one of those solutions, drop the $headers. Just use this:

              mail($to, $subject, $body);

              --
              David Powers, Adobe Community Expert
              Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
              Author, "PHP Solutions" (friends of ED)
              http://foundationphp.com/