mail() - malformed header?

[markspec87]

I made a post about my signup script which looks like:

[code]<?php
include("config.php");

mysql_select_db($dbname)
or die ("Could not select database because ".mysql_error());
// check if the username is taken
$check = "select id from users where username = '".$_POST['username']."';";
$qry = mysql_query($check) or die ("Could not match data because

".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows != 0) {
echo "Sorry, that username $username is already taken.<br>";
echo "<a href=/signup.php>Try again</a>";
exit;
} else {

$t= time();
// insert the data

$insert = mysql_query("insert into users values ('".$_POST['username']."',
'".$_POST['password']."','','1', '".$_POST['avatar']."',

'".$_POST['email']."', '0','$t',

'".$_POST['age']."', '".$_POST['location']."', '".$_POST['clan']."',

'".$_POST['website']."',

'".$_POST['about']."')")
or die("Could not insert data because ".mysql_error());


$to = $_POST['email'];

$url='http://www.mysite.com/activate.php?hash='.md5($_POST['password']).'&s

tamp='.base64_encode($t);


$subject = "Account Activation";
$message = "Hello! This is a simple email message.";
$from = "[email protected]";
$headers = "From: $from";
mail($to,$subject,$message,$headers);

echo "Your user account has been created!<br>";
echo "An activation email has been sent to " .$_POST['email']. "<BR>";

}
?>[/code]

However when i submit it, i get the error:

[quote]Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.[/quote]

ive tried commenting out areas and it works fine if i dont call the mail() function.

I looked in my server logs and ive found:

[quote][Sat Nov 25 17:29:58 2006] [error] [client 82.153.230.227] malformed header from script. Bad header=/home/sites/mysite.com/dea: processsignup.php, referer: http://www.mysite.com/signup.php[/quote]

Does anyone know whats wrong? I cant find anything thats wrong with my current script. The onlyu thought i have is that the email string isnt being passed properly (if im correct the mail() function requires a valid [email protected] address)

Any thoughts?

[tomfmason]

You should sanitize all data before making an sql query. For simplicity I use this

[code=php:0]
if ( get_magic_quotes_gpc() ) {
  $_POST = array_map('stripslashes', $_POST);
}
$_POST = array_map('mysql_real_escape_string', $_POST);
[/code]

There are more complex ways of sanitizing the data but this should work for now.

Now as far as the mail... I will give you a working example..

[code=php:0]
$to = "[email protected]";
$knownsender = "[email protected]"; //this should be an email address that is known to the
//server
$subject = 'Your subject';
$message = "Your html message here";
$headers = "FROM: $knownsender\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: multipart/alternative;\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "Content-Transfer-Encoding: 7bit";
$headers .= "\r\n";
 
if (mail($to, $subject, $message, $headers)) {
echo "The message was sent...";
}else{
echo "There was an error";
}
[/code]


Good Luck,
Tom