HTML Form to PHP Email Headache

Report · Sep 02, 2010

Hey folks, looking for a little guidance. I've searched the internet for php form examples and everything I try is crap. I have three forms on site each using form.php in the action line. Wen I test them, I get the email, but none of the content is being posted to the email. What am I doing wrong?

Here is my html form (my php is below that):

<td colspan="2"><p>
<input type="text" value="Name:" onfocus="if(this.value=='Name:'){this.value=''}" onblur="if(this.value==''){this.value='Name:'}" />
   </td>

</tr>
<tr>


<td colspan="2"><p>
<input type="text" value="Email Address:" onfocus="if(this.value=='Email Address:'){this.value=''}" onblur="if(this.value==''){this.value='Email Address:'}" />
</td>
</tr>
    <tr>

<td colspan="2"><p>
<input type="text" value="Address:" onfocus="if(this.value=='Address:'){this.value=''}" onblur="if(this.value==''){this.value='Address:'}" />
</td>
</tr>
<tr>

<td colspan="2"><p>
<input type="text" value="City:" onfocus="if(this.value=='City:'){this.value=''}" onblur="if(this.value==''){this.value='City:'}" />
</td>
</tr>
<tr>

<td colspan="2"><p>
<input type="text" value="State:" (ex. MI):" onfocus="if(this.value=='State:'){this.value=''}" onblur="if(this.value==''){this.value='State:'}" />
</td>

</tr>
<tr>

<td colspan="2"><p>
<input type="text" value="Zip Code:" onfocus="if(this.value=='Zip Code:'){this.value=''}" onblur="if(this.value==''){this.value='Phone:'}" /></td>
<input type="text" value="Phone:" onfocus="if(this.value=='Phone:'){this.value=''}" onblur="if(this.value==''){this.value='Phone:'}" /> </td>
</tr>
<tr>

</tr>
<tr>

<td colspan="2"><p>Areas Of Interest</td>
   </tr>

<tr>

<td colspan="2"> <input type="checkbox" name="Areas of Interest" value="Fundraising" checked="checked" class="checkbox" />Fundraising
<input type="checkbox" name="Areas of Interest" value="Mentoring" class="checkbox" /> Mentoring
<input type="checkbox" name="Areas of Interest" value="Web/Graphics" class="checkbox" />Web/Graphics<br><p>
<p><input type="checkbox" name="Areas of Interest" value="Events" class="checkbox" />Events
   <input type="checkbox" name="Areas of Interest" value="Administrative" class="checkbox" />Administrative
   <input type="checkbox" name="Areas of Interest" value="Other" class="checkbox"/>
   Other (use space below)
</tr>
<td colspan="2"><p>
<input type="text" value="Other:" onfocus="if(this.value=='Other:'){this.value=''}" onblur="if(this.value==''){this.value='Other:'}" />
</td><p>
<textarea name="textarea" cols="60" rows="5">Comments:</textarea>
<div align="left" class="col-2">
<td width="193">
<div class="link"><a href="form2.php" onclick="document.getElementById("contacts-form").submit()">submit</a></div><p></form>
</div>

PHP

<?php
$goto_after_mail = "thanks2.html";

$from_mail = $_REQUEST['from_email'];
$from_name = $_REQUEST['from_name']; // use both value's on your form
$header = "From: \"$from_mail\" <$from_name>\r\n";
$header .= "MIME-Version: 1.0\r\n";
$header .= "Mailer: Olaf's formmail version 1.10\r\n";
$header .= "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n";
$subject = "Please Add me to your Volunteer List" .date("m-d-Y"); //your mailsubject incl. current date
foreach ($_REQUEST as $key => $val) {
    if ($key != "from_email" && $key != "from_name") { //skip, this values are already in the header
        $body .= $key . " : " . $val . "\r\n";
    }
}
mail("volunteer@haynesproject.org", $subject, $body, $header);
header("Location: ".$goto_after_mail);
?>

Report · Sep 02, 2010

one of your problems is that some of your form fields do not have 'name' attributes.

Report · Sep 02, 2010

Yes you should name your fields. Not only an id. I use the same method as yourself. Just more specific, but sure to work. It requires the fields to be named. Script below-

<?php

$to = ". . . . ."; // Recipient

$subject = ". . . . ."; // Subject

$email = ". . . . ." ; // "From" email

$. . . . . . . = ". . . . ." ; // Add the values after the "$" then enter the name of each field as it is on your form after the equal. Add more values ($) beneath this one if you submit more than one field

$ex = array();

$ex[] = $_POST['Submit']; // This excludes the submit button so it does not show on your mail

foreach ($_POST as $key => $value) //Defines the values

{

if (!is_array($value))

{

$message .= "\n".$key." : ".$value;

}

else

{

foreach ($_POST[$key] as $itemvalue)

{

$message .= "\n".$key." : ".$itemvalue;

}

$headers = "From: '$email'";

$sent = mail($to, $subject, $message, $headers) ;

if(!empty($message)&&!empty($email))

{

header("Location: . . . . . ."); //Here you enter the page to go to after submission (Redirect)

exit;

print "Your mail was sent successfully"; }

else

{print "We encountered an error sending your mail"; }

?>

This form is ready for use. You only need to fill in the details where I indicated with ". . . . . .".

Good luck and let me know how it goes

RG

Report · Sep 02, 2010

It'll go bad because there's nothing in the script to prevent email header injection attack. That's one of the other problems I didn't mention in the first reply.

Report · Sep 02, 2010

How do I solve that then? I'm also new to PHP and just put together that script from tutorials etc. Used it only as test but it works. Obviously there should be security measures. Can you suggest anything? This answer is for me as well

Report · Sep 02, 2010

I did a google search for php mail injection just now and the first result explains it in detail along with solutions for prevention.

http://www.thesitewizard.com/php/protect-script-from-email-injection.shtml

Report · Sep 02, 2010

Awesome. Thanks

Report · Sep 04, 2010

Hi,

I put together another PHP form to mail processing script.

<?php $est_name = $_POST['est_name']; $province = $_POST['province']; $near_city = $_POST['near_city']; $accomm_type = $_POST['accomm_type']; $norm_price_range = $_POST['norm_price_range']; $first_name = $_POST['first_name']; $surname = $_POST['surname']; $website = $_POST['website']; $email = $_POST['email']; $landline = $_POST['landline']; $cell = $_POST['cell']; $discount_from = $_POST['discount_from']; $discount_to = $_POST['discount_to']; $book_period = $_POST['book_period']; $to = '.....'; //Recipient email $subject = '.....'; //Email subject $message = "Establishment Name: $est_name\n" . //Message body

"Province: $province\n" . "Nearest City/Town: $near_city\n" . "Accommodation Type: $accomm_type\n" . "Normal Price Range: $norm_price_range\n" . "First Name: $first_name\n" . "Surname: $surname\n" . "Website Address: $website\n" . "Email Address: $email\n" . "Tel: Landline: $landline\n" . "Tel: Cell: $cell\n" . "Discount Offered: $discount_from% to $discount_to%\n" . "Period Applying For: $book_period\n" ; if ( preg_match( "/[\r\n]/", $first_name ) || preg_match( "/[\r\n]/", $email ) ) { die ("We encountered an error sending your mail"); } mail($to, $subject, $message, 'From:' . $email); if(!empty($message)&&!empty($email)) { header("Location:....."); //Redirect Page exit; print "Your mail was sent successfully"; } else {print "We encountered an error sending your mail"; } ?>

Much much more user friendly and I added the security function, tested it and it works.

Hope this helps better than the first one I posted. I'm still learning but making progress fast.

Reandré