New to php, can't get a form to email data?

[ChrisCCPHP]

I copied a template and changed as necessary for my form.

php is working on the site/domain, I've managed to get a simpler version to run properly.

 

The names have been changed to protect the innocent.

Any help would be greatly appreciated.

 

<?php 

if(isset($_POST['submit'])){

    $to = "me@mydomain.com"; // this is my Email address

    $from = $_POST['email']; // this is the sender's Email address

    $name = $_POST['name'];

    $email = $_POST['email'];

    $address = $_POST['address'];

    $city = $_POST['city'];

    $state_province = $_POST['state_province'];

    $country = $_POST['country'];

    $zippost = $_POST['zippost'];

    $tel = $_POST['tel'];

    $Product_1__Qty = $_POST['Product_1__Qty'];

    $Product_2__Qty = $_POST['Product_2__Qty'];

    $Product_3__Qty = $_POST['Product_3__Qty'];

    $Product_4__Qty = $_POST['Product_4__Qty'];

 

    $subject = "Product Oder";

    $subject2 = "Copy of your Product Oder";

    $message = $name . " " . $company . " Ordered the following:" . "\n\n" . $_POST['message'];

    $message2 = "Here is a copy of your message " . $name . "\n\n" . $_POST['message'];

 

    $headers = "From:" . $from;

    $headers2 = "From:" . $to;

    mail($to,$subject,$message,$headers,$name,$company,$tel,$address,$city,$state_province,$country,$zippost, $Product_1__Qty,$Product_2__Qty, $Product_3__Qty,$Product_4__Qty); //emails form data

    

//mail($from,$subject2,$message2,$headers2, $name,$company,$tel,$address,$city,$state_province,$country,$zippost, $Product_1__Qty,$Product_2__Qty, $Product_3__Qty,$Product_4__Qty); // sends a copy of form data to the sender

 

{

 

 

header("Location:http://www.mydomain.com");//  Redirect

}

    }

    

?>

 

 

<!doctype html>

<html>

<head>

<meta charset="UTF-8">

<title>Untitled Document</title>

<style type="text/css">

body,td,th {

font-family: "Lucida Grande", "Lucida Sans Unicode", "Lucida Sans", "DejaVu Sans", Verdana, sans-serif;

font-size: 12px;

color: #1A6F84;

}

body {

 

Form continues here….

[mac_gyver]

in order to successfully use the php mail() function (or any of the php functions), you must make use of the documentation for that function. you cannot simply make up, guess, or assume what to do.

 

the mail() function takes at most 5 parameters. the first three parameters - to, subject, and message, are required. the 4th parameter, additional_headers, is generally required since most php installations don't have a default from email address set up or it isn't a valid email address for your account/domain. the 5th parameter, additional_parameters, is rarely used.

 

your use of the mail() function would be throwing php errors about the number of parameters. when larning php, developing php code, or debugging php code, you should have php's error_reporting set to E_ALL and display_errors set to ON to get php to help you by reporting and displaying all the errors it detects. you would also want to temporarily comment out any header() redirects since php also has a setting that's turned on by default, that would prevent you from seeing anything your code or php outputs prior to the redirect.

 

all of those variables, $name,$company,$tel,$address,$city, ... should be going into producing the message parameter, in the $message variable.

 

lastly, these emails are NOT being sent from the person who is filling in the form data. they are being sent from the mail server at your web hosting. the From: mail header must be an email address with a domain that is directly tied to your web hosting or if the domain is not hosted at the same address as your mail server, you must have an SPF DNS record where the domain is hosted at, that says your sending mail server is authorized to send emails for that domain. in either case, you should have a proper SPF DNS record that the receiving mail server can use to verify that the sending mail server matches where the email says it is coming From:.

 

you can put the entered name/email in a Reply-to: header, if you want the ability to hit the reply button in a mail client and use that name/email as the reply to address.

 

if you are doing this for real, you must validate that all the external data is of the expected format and doesn't contain things like valid mail headers, in order to prevent mail header injection, particularly for any values you are putting into the additional_header parameter.

Edited January 14, 2016 by mac_gyver

[ChrisCCPHP]

Thank you for you help mac_gyver

I will do more reading before attempting another script.

 

Are you saying I cannot use the php mail() function because my form exceeds the maximum 5 parameters, or are you saying there is a way to return the additional parameters in the message parameter?

[ginerjm]

He's saying that all those data fields you put in your mail call are incorrect. All that data should be part of your "message" not added in to the function call(which won't work as you are doing it).

 

I don't know what you mean by "a way to return the additional parameters".

[BuildMyWeb]

you should probably read up on php FUNCTIONS.  when a function is declared, it is set with a number of parameters.  some required, some optional.  when you call the function, as you are doing in your script with

mail();

, you can only call with all required parameters.  you have the option to use or not use "optional" parameters.

 

http://php.net/manual/en/functions.arguments.php

 

try this:

mail($to,$subject,$message,$headers);

Edited January 15, 2016 by BuildMyWeb

[ChrisCCPHP]

Thank you all for your help. 

I think I understand, but please let me know if this is not correct.

All the additional form fields should be in the $message variable?

 

So it should look something like this:

 

$message = "address " . $_POST['address'] . "\n" . "city " . $_POST['city'] . "\n" . "state_province" . $_POST['state_province'] . "\n" . "country" . $_POST['country'] . "\n" . "zippost" . $_POST['zippost'] . "\n" . "tel " . $_POST['tel'] . "\n" . "brochure_1 " . $_POST['brochure_1'] . "\n" . "brochure_2 " . $_POST['brochure_2'] . "\n". "brochure_3 " . $_POST['brochure_3'] . "\n" . "brochure_4 " . $_POST['brochure_4'] . "\n"  ;

Edited January 15, 2016 by ChrisCCPHP

[ginerjm]

That is the idea, yes. BUT - you need to validate all of the POST fields to be sure that they are valid answers and that they are not filled with malicious data. Consequently, they will probably not be $_POST values afterwards, but local vars that you have created as part of your checking process.

 

The mantra of all programmers is "never trust user input". That means you have to check if the answer is what you expect. If a field asks for a Yes or No answer, you have to check and make sure that it is Yes or No. Same with a phone number - check that it is numeric and has the right number of digits.

 

Do some reading on validation and filtering of data input. Check the manual for "types of filters".

[ChrisCCPHP]

Thanks ginerjm

I'll do some reading this weekend and see if I can get working Monday.