Jump to content

Php Email Form

meesh2175

By meesh2175
in PHP Coding Help

 Share

Recommended Posts

meesh2175 Newbie

meesh2175

Posted
Posted

Hello, I have a quick question... I have an email form which works great except sometimes when I receive the form, either the Course Address, Lead Educator or Other fields have an exclamation mark (!) contained in it.

 

For example, it will look like this - Course Address: 12!3 Example Street

 

Any ideas why? See my code below:

 

<?php
if(isset($_POST['email'])) {

$email_to = "example@example.com";
$email_subject = "Form Submitted by:"." ".$_POST['name'] ." (Course Date: ". $_POST['coursedate'].")";

$date = $_POST['date']; // required
$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$address = $_POST['address']; // required
$city = $_POST['city']; // not required
$postalcode = $_POST['postalcode']; // not required
$coursename = $_POST['coursename']; // not required
$coursedate = $_POST['coursedate']; // not required
$courseloc = $_POST['courseloc']; // not required
$coursehours = $_POST['coursehours']; // not required
$mileage = $_POST['mileage']; // not required
$courseadd = $_POST['courseadd']; // not required
$educator = $_POST['educator']; // not required
$other = $_POST['other']; // not required

//ERROR MESSAGES
$error_message = "";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}

//EMAIL MESSAGE
$email_message .= "<html>";
$email_message .= "<style type='text/css'>body,td,th {font-family: Arial, Helvetica, sans-serif; font-size: 13px;}</style>";
$email_message .= "<body>";
$email_message .= "<table width='650' border='1' cellspacing='0' cellpadding='5'>";

$email_message .= "<tr>";
$email_message .= "<td colspan='2' bgcolor='#FFB300' style='font-weight: bold;'>FORM</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td width='237'>Name:</td>"."<td width='393'>".clean_string($name)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Email:</td>"."<td>".clean_string($email_from)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Mailing Address:</td>"."<td>".clean_string($address)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>City:</td>"."<td>".clean_string($city)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Postal Code:</td>"."<td>".clean_string($postalcode)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td colspan='2' bgcolor='#FFB300' style='font-weight: bold;'>COURSE INFORMATION</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Course Date:</td>"."<td>".clean_string($coursedate)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Course Name:</td>"."<td>".clean_string($coursename)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Course Location:</td>"."<td>".clean_string($courseloc)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Course Hours:</td>"."<td>".clean_string($coursehours)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Mileage (if applicable):</td>"."<td>".clean_string($mileage)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Course Address:</td>"."<td>".clean_string($courseadd)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Lead Educator:</td>"."<td>".clean_string($educator)."</td>";
$email_message .= "</tr>";

$email_message .= "<tr>";
$email_message .= "<td>Other (if applicable):</td>"."<td>".clean_string($other)."</td>";
$email_message .= "</tr>";

$email_message .= "</table><br>";
$email_message .= "<span style='font-size: 11px; font-style: italic;'>Note: This form was submitted on: ".clean_string($date).".</span>";
$email_message .= "</body>";
$email_message .= "</html>";

//HEADERS
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= 'From: example@example.com'."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/'. phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>

Link to comment
https://forums.phpfreaks.com/topic/271196-php-email-form/
Share on other sites
Christian F. Member

Christian F.

Posted
Posted (edited)

Since you've done absolutely no validation of the input, nor shown us where the data is coming from, I'm just going to have to assume that it's a mistype by the user.

 

Though, from looking at the code I can tell you one thing: Your clean_string () function is completely wasted, and doesn't do anything to keep your code safe. Not only that, but since you've failed to validate the $_POST['email'] field, it's completely open to abuse by anyone. In fact, it would be trivial for an attacker to make your script into a spam-bot, which sends their own customized message to whomever they liked. From your e-mail address.

 

That's one of the reasons you always should validate all input. In addition to making sure to use the proper output escaping methods for the external system you're sending the data to, if there are any such methods available. For e-mails there isn't, which only increases the importance of proper validation.

 

PS: Stripping content from a string is not validation. At best it can be considered sanitation/washing, and is almost always an annoyance for the user since it can (and very often do) silently introduce errors in the input data.

Edited by Christian F.
Link to comment
https://forums.phpfreaks.com/topic/271196-php-email-form/#findComment-1395193
Share on other sites
meesh2175 Newbie

meesh2175

Posted
  • Author
Posted

Since you've done absolutely no validation of the input, nor shown us where the data is coming from, I'm just going to have to assume that it's a mistype by the user.

 

Though, from looking at the code I can tell you one thing: Your clean_string () function is completely wasted, and doesn't do anything to keep your code safe. Not only that, but since you've failed to validate the $_POST['email'] field, it's completely open to abuse by anyone. In fact, it would be trivial for an attacker to make your script into a spam-bot, which sends their own customized message to whomever they liked. From your e-mail address.

 

That's one of the reasons you always should validate all input. In addition to making sure to use the proper output escaping methods for the external system you're sending the data to, if there are any such methods available. For e-mails there isn't, which only increases the importance of proper validation.

 

PS: Stripping content from a string is not validation. At best it can be considered sanitation/washing, and is almost always an annoyance for the user since it can (and very often do) silently introduce errors in the input data.

 

Holy... my apologies. I am still in the learning stages of php coding hence why I am on a forum. I know my code is not perfect but that is why I am asking for help. As for it being a mistype by the user, obviously I submitted a form myself (without mistyping anything) and it still inserts a !.

Link to comment
https://forums.phpfreaks.com/topic/271196-php-email-form/#findComment-1395199
Share on other sites
mrMarcus Member

mrMarcus

Posted
Posted (edited)

Your HTML string is too long. Try appending line-breaks to the end of each line:

 

//EMAIL MESSAGE
$email_message .= "<html>\n";
$email_message .= "<style type='text/css'>body,td,th {font-family: Arial, Helvetica, sans-serif; font-size: 13px;}</style>\n";
$email_message .= "<body>\n";
$email_message .= "<table width='650' border='1' cellspacing='0' cellpadding='5'>\n";

// and so on...

 

Alternatively, look into nl2br() with a character limitation of ~70.

 

What is happening is you HTML string is too long and is causing funky characters to be added during processing.

 

EDIT: Just noticed you're casting the email as HTML so the CR LF will not work. Either stick with Content-type: plain/text; or use the nl2br() function to truncate long lines.

Edited by mrMarcus
Link to comment
https://forums.phpfreaks.com/topic/271196-php-email-form/#findComment-1395203
Share on other sites
meesh2175 Newbie

meesh2175

Posted
  • Author
Posted

Your HTML string is too long. Try appending line-breaks to the end of each line:

 

//EMAIL MESSAGE
$email_message .= "<html>\n";
$email_message .= "<style type='text/css'>body,td,th {font-family: Arial, Helvetica, sans-serif; font-size: 13px;}</style>\n";
$email_message .= "<body>\n";
$email_message .= "<table width='650' border='1' cellspacing='0' cellpadding='5'>\n";

// and so on...

 

Alternatively, look into nl2br() with a character limitation of ~70.

 

What is happening is you HTML string is too long and is causing funky characters to be added during processing.

 

Ah makes sense... thank you so much for your help!! Much appreciated :)

Link to comment
https://forums.phpfreaks.com/topic/271196-php-email-form/#findComment-1395204
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.