Jump to content

Recommended Posts

I copied a template and changed as necessary for my form.

php is working on the site/domain, I've managed to get a simpler version to run properly.

 

The names have been changed to protect the innocent.

Any help would be greatly appreciated.

 

<?php 

if(isset($_POST['submit'])){

    $to = "me@mydomain.com"; // this is my Email address

    $from = $_POST['email']; // this is the sender's Email address

    $name = $_POST['name'];

    $email = $_POST['email'];

    $address = $_POST['address'];

    $city = $_POST['city'];

    $state_province = $_POST['state_province'];

    $country = $_POST['country'];

    $zippost = $_POST['zippost'];

    $tel = $_POST['tel'];

    $Product_1__Qty = $_POST['Product_1__Qty'];

    $Product_2__Qty = $_POST['Product_2__Qty'];

    $Product_3__Qty = $_POST['Product_3__Qty'];

    $Product_4__Qty = $_POST['Product_4__Qty'];

 

    $subject = "Product Oder";

    $subject2 = "Copy of your Product Oder";

    $message = $name . " " . $company . " Ordered the following:" . "\n\n" . $_POST['message'];

    $message2 = "Here is a copy of your message " . $name . "\n\n" . $_POST['message'];

 

    $headers = "From:" . $from;

    $headers2 = "From:" . $to;

    mail($to,$subject,$message,$headers,$name,$company,$tel,$address,$city,$state_province,$country,$zippost, $Product_1__Qty,$Product_2__Qty, $Product_3__Qty,$Product_4__Qty); //emails form data

    

//mail($from,$subject2,$message2,$headers2, $name,$company,$tel,$address,$city,$state_province,$country,$zippost, $Product_1__Qty,$Product_2__Qty, $Product_3__Qty,$Product_4__Qty); // sends a copy of form data to the sender

 

{

 

 

header("Location:http://www.mydomain.com");//  Redirect

}

    }

    

?>

 

 

<!doctype html>

<html>

<head>

<meta charset="UTF-8">

<title>Untitled Document</title>

<style type="text/css">

body,td,th {

font-family: "Lucida Grande", "Lucida Sans Unicode", "Lucida Sans", "DejaVu Sans", Verdana, sans-serif;

font-size: 12px;

color: #1A6F84;

}

body {

 

Form continues here….

in order to successfully use the php mail() function (or any of the php functions), you must make use of the documentation for that function. you cannot simply make up, guess, or assume what to do.

 

the mail() function takes at most 5 parameters. the first three parameters - to, subject, and message, are required. the 4th parameter, additional_headers, is generally required since most php installations don't have a default from email address set up or it isn't a valid email address for your account/domain. the 5th parameter, additional_parameters, is rarely used.

 

your use of the mail() function would be throwing php errors about the number of parameters. when larning php, developing php code, or debugging php code, you should have php's error_reporting set to E_ALL and display_errors set to ON to get php to help you by reporting and displaying all the errors it detects. you would also want to temporarily comment out any header() redirects since php also has a setting that's turned on by default, that would prevent you from seeing anything your code or php outputs prior to the redirect.

 

all of those variables, $name,$company,$tel,$address,$city, ... should be going into producing the message parameter, in the $message variable.

 

lastly, these emails are NOT being sent from the person who is filling in the form data. they are being sent from the mail server at your web hosting. the From: mail header must be an email address with a domain that is directly tied to your web hosting or if the domain is not hosted at the same address as your mail server, you must have an SPF DNS record where the domain is hosted at, that says your sending mail server is authorized to send emails for that domain. in either case, you should have a proper SPF DNS record that the receiving mail server can use to verify that the sending mail server matches where the email says it is coming From:.

 

you can put the entered name/email in a Reply-to: header, if you want the ability to hit the reply button in a mail client and use that name/email as the reply to address.

 

if you are doing this for real, you must validate that all the external data is of the expected format and doesn't contain things like valid mail headers, in order to prevent mail header injection, particularly for any values you are putting into the additional_header parameter.

Edited by mac_gyver

Thank you for you help mac_gyver


I will do more reading before attempting another script.


 


Are you saying I cannot use the php mail() function because my form exceeds the maximum 5 parameters, or are you saying there is a way to return the additional parameters in the message parameter?


He's saying that all those data fields you put in your mail call are incorrect. All that data should be part of your "message" not added in to the function call(which won't work as you are doing it).

 

I don't know what you mean by "a way to return the additional parameters".

you should probably read up on php FUNCTIONS.  when a function is declared, it is set with a number of parameters.  some required, some optional.  when you call the function, as you are doing in your script with

mail();

, you can only call with all required parameters.  you have the option to use or not use "optional" parameters.

 

http://php.net/manual/en/functions.arguments.php

 

try this:

mail($to,$subject,$message,$headers);
Edited by BuildMyWeb
Thank you all for your help. 

I think I understand, but please let me know if this is not correct.

All the additional form fields should be in the $message variable?

 

So it should look something like this:

 

$message = "address " . $_POST['address'] . "\n" . "city " . $_POST['city'] . "\n" . "state_province" . $_POST['state_province'] . "\n" . "country" . $_POST['country'] . "\n" . "zippost" . $_POST['zippost'] . "\n" . "tel " . $_POST['tel'] . "\n" . "brochure_1 " . $_POST['brochure_1'] . "\n" . "brochure_2 " . $_POST['brochure_2'] . "\n". "brochure_3 " . $_POST['brochure_3'] . "\n" . "brochure_4 " . $_POST['brochure_4'] . "\n"  ;

Edited by ChrisCCPHP

That is the idea, yes. BUT - you need to validate all of the POST fields to be sure that they are valid answers and that they are not filled with malicious data. Consequently, they will probably not be $_POST values afterwards, but local vars that you have created as part of your checking process.

 

The mantra of all programmers is "never trust user input". That means you have to check if the answer is what you expect. If a field asks for a Yes or No answer, you have to check and make sure that it is Yes or No. Same with a phone number - check that it is numeric and has the right number of digits.

 

Do some reading on validation and filtering of data input. Check the manual for "types of filters".

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.