[SOLVED] Form to Mail problems

[php_31337]

Hi,

I'm writing a form-to-mail script and I'm having some trouble with it. It's a very large form, employment application, and I wanted to have users fill in all the fields and then submit it and have it sent to my e-mail using the mail() function. I understand how do a simple form-to-mail script where the user just enters his email, name, and comment, but how would i use the mail() function when there are many variables being passed? I even tried just making a huge string which included the whole form and escaped the string ?> and added $HTTP_POST_VARS then <?php and went back. That failed miserably.

 

Should I make a huge array with all the variables assigned and pass it through the mail() function that way?

 

Thanks,

Randy

[mrdamien]

I even tried just making a huge string which included the whole form and escaped the string ?> and added $HTTP_POST_VARS then <?php and went back.

I dont get what you did.

 

If you just make a huge strring, and send it as the comment, all of the info will be in the body of the email.

[redarrow]

use normal html as the message......

[php_31337]

I even tried just making a huge string which included the whole form and escaped the string ?> and added $HTTP_POST_VARS then <?php and went back.

 

Sorry, I knew that might be a little unclear. I made a huge string leaving all the HTML exactly the same, for example $my_string = " ?> <form>Hi welcome to form <input> <?php ";, etc. except I changed the <input type="text" name="variable" size="35"> and replaced it by going back into PHP <?php and displaying the variable $HTTP_POST_VARS['variable'];

 

When I executed the function I got an error back. Any help would be greatly appreciated. thanks.

[akitchin]

i'm not sure i understand the question exactly, but i'll make an attempt to answer.  you can mail any kind of string, assembled however you please (provided syntax is correct), using mail().  i have a feeling your question is regarding how to construct the string itself, and that's where it's entirely up to you.  if you want it to be nicely formatted, use some HTML.  otherwise, simple string manipulation is all you need:

 

$body = "You have received an online application.  Below are the details:

Name: {$_POST['name']}
Etc.: {$_POST['etc']}

Please reply directly to the user, as this is an automated e-mail (GENERATED COMPLETELY OUT OF THIN AIR, DAVID BLAYNE STYLE!).";

mail($to, $from, $body, $headers);

 

i can't guarantee that's the correct order of parameters in mail().  have a look online for a form-to-mail tutorial if you're still not totally clear on the basics.

[kenrbnsn]

What was the error?

 

Also, don't use $HTTP_POST_VARS, use $_POST.

 

If you want a quick way of see what's posted, you can do this:

<?php
$body = print_r($_POST,true);
mail($to,$subject,$body,$headers);
?>

 

Fill in your $to, $subject, and $headers.

 

Ken

[php_31337]

Thanks guys,

The error was unexpected T_VAR on line 76 //where the string starts

I'm going to use better string manipulation hoping this will work. I'll reply with a result. Thanks again.

[php_31337]

Well, the form works correctly. The only problems I have now are that the html isn't outputted as html in my Email program and I need to do some research on security so that a malicious hacker doesn't try and run scripts in the form. Any suggestions on where to start for security?

 

Thanks again guys.

[akitchin]

just nix everything they input - they can't possibly be inputting "helpful" HTML, can they?  keep all the HTML that you put into the string hard-coded and you should be okay.  generally speaking, clients will only display HTML as HTML if the headers indicate that it is an HTML e-mail:

 

$headers .= "Content-type: text/html; charset=iso-8859-1\n";

[php_31337]

How do I safeguard myself against the input? Should I check every var to make sure they aren't malicious?