I'm not php savvy, can someone please provide a good strong code that I can use tailored for my form to prevent injections into my script? I would need to know exactly where to insert this code within my existing code.
My code is below. I left off the opening and ending php tags so all of the code would be visible.
$name=addslashes($_POST['name']);
$email=addslashes($_POST['email']);
$website=addslashes($_POST['website']);
$services=addslashes($_POST['services']);
$comments=addslashes($_POST['message']);
// you can specify which email you want your contact form to be emailed to here
$toemail = "email#domainname.com"; $subject = "Creative Design Consultation Request";
$headers = "MIME-Version: 1.0\n" ."From: \"".$name."\" <".$email.">\n" ."Content-type: text/html; charset=iso-8859-1\n";
$body = "Name: ".$name."\n"
."Email: ".$email."\n"
."Website: ".$website."\n"
."Services: ".$services."\n"
."Comments:\n".$comments;
mail($toemail, $subject, $body, $headers);
echo "Thank you for submitting your request";
This might be what you're looking for:
Sanitize filters php
Related
I'm trying to figure out how to include custom PHP strings in the message of the PHP mail function.
I have a user registration area on my website. Once a user signs up, I want to email them a success message, such as "Welcome to The site...." I want to include their name in the email, so I would need to pull the value from the field where they entered their name. I will be pulling over field values as well, but this is just an example.
I have:
$name = $conn->real_escape_string($_POST['name']);
$email = 'myemail#gmail.com'
$subject = 'Welcome!'
$message = '<HTML><body><p>Thank you for signing up' .$name. 'We are so glad that you are here</body></html>';
mail($email,$subject,$message);
What am I doing wrong?
add header in your mail like this
$headers = "From: myemail#gmail.com\r\n";
$headers .= "CC: myemail#gmail.com\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=UTF-8\r\n";
mail($email, $subject, $message, $headers);
I am trying to include a link in an email that is being generated by php. I have looked at the examples on here that I can find, but I still can't get mine to work and need some assistance. Here is what I have:
//send email when pricing specs are done
$to = $email;
$subject = "Final Check In";
$headers = "From: Warehouse#bookcellaronline.com" . "\r\n" .
"CC: micahpartnerships#gmail.com,lreyes#bookcellaronline.com,jimd#bookcellaronline.com";
$body = "Greetings " .$name."!\nWe have completed checking in your latest shipment of books.\nCheck-In date was: " .$finaldate."\n
We checked in " .$count." books.\nA total of " .$notListed." books are not listed yet and have been set aside to be researched.\nComments: ".$comments. "\n
You will now be able to review your shipment details here : '<a href = http:www.bookcellaronline.com/bcos/advances/buyertotal.php>Check In Details</a>'. Use the Check-In date from above.\n
This is an automated email - do not reply to this email. If you have any questions or concerns, please contact your Manager or Abbie.\n";
$body = wordwrap($body,70);
mail($to, $subject, $body, $headers);
I am obviously missing something but I am not sure what it is.
Thanks
at first set headers for the content to be HTML
example :
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
Then add the link like this
Check In Details
First of all: don't use mail() function. Use a specific class like PHPMailer().
Really. Don't do it.
Missing // here:
<a href = http://www.bookcellaronline.com
PHP mail sending problem when using a tag, it doesn't come to new line.
HERE is my code having same problem
$subject = 'Watch Out Our Colorful Web Design Presentation';
$headers = "From: " . $email . " \r\n";
$headers .= "Reply-To: ". $email . "\r\n";
$headers .= "Bcc: test#test.com\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$message = "Watch Out Our Colorful Web Design Presentation.\r\n";
$message .= "<a href='http://www.stackoverflow.com'>CLICK HERE</a>\r\n";
mail($to, $subject, $message, $headers);
Mail send successfully but having problem in \r\n. It doesn't take new line. I tried br tag too. But it goes in junk mail.
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
You're sending a HTML email. This means that you should be using HTML instead of newlines. To avoid having your emails placed in the junk folder, you should read some of the many Stackoverflow topics on the subject.
You have to use <br> tag for new line.
You can't use \n for new line for html printing.
https://bugs.php.net/bug.php?id=9542
As others have said, you need to be using HTML line breaks <br /> if you are sending an e-mail with Content-Type: text/html. The newlines/carriage returns will be interpreted in the source of the message as line breaks but they will probably not be rendered as HTML.
When sending e-mail from PHP I would always suggest using an e-mail class rather than PHP's native mail functions.
I tend to use SwiftMailer. It has the advantage that all mail headers are sanitized and escaped to avoid header injection exploits that could potentially fire out spam through your script. Also it's easier to use a variety of e-mail transports. There's also a great decorator plugin which can send thousands of messages with customised strings, useful for doing things like "Dear {first_name} {surname}" or customised unsubscribe/tracking links.
Here's some sample code for SwiftMailer just in case you are interested...
// START SWIFTMAILER
require_once($swiftmailer_path);
$swift_transport = Swift_SendmailTransport::newInstance($sendmail_cmd);
$swift = Swift_Mailer::newInstance($swift_transport);
$swift_msg = Swift_Message::newInstance($swift_transport);
$swift_msg->setMaxLineLength(150);
$swift_msg->setFrom( array('NoReply#domain.com' => 'MyWebsiteName'));
$swift_msg->addTo($user);
$swift_msg->setSubject($subject);
$swift_msg->setBody($msg_html, 'text/html');
$swift_msg->addPart($msg_txt, 'text/plain');
// SEND E-MAIL
if ($swift_result = $swift->send($swift_msg)) {
// SENT SUCCESSFULLY
} else {
// ERROR - E-MAIL NOT SENT
}
I have a simple php email script where I wish to include an image at the bottom. When I add the image tags like below the email just shows <img src="http://domain.com/images/logo.png" /> instead of the actual image. Any ideas why?
<?PHP
$email = $_POST["emailaddress"];
$to = "you#youremail.com";
$subject = "New Email Address for Mailing List";
$headers = "From: $email\n";
$headers .= "Content-type: text/html\r\n";
$message = "A visitor to your site has sent the following email address to be added to your mailing list.\n
Email Address: $email";
$user = "$email";
$usersubject = "Thank You";
$userheaders = "From: info#domain.com\n";
$usermessage =
"
Thank you for joining our mailing list.
We hope to see you very soon!
Address 1
Address 2
<img src=\"http://domain.com/images/logo.png\" />
";
mail($to,$subject,$message,$headers);
mail($user,$usersubject,$usermessage,$userheaders);
$fh = fopen("email.xml", "a");
fwrite($fh, "$email\r\n");
fclose($fh);
?>
You're not passing the Content-Type header with the right message. $headers does contain the right header, but it is sent with a plain text message, whereas $userheaders does not contain the Content-Type header, but the message associated with it does contain some HTML
Replace
$userheaders = "From: info#domain.com\n";
with
$userheaders = "From: info#domain.com\r\n";
$userheaders = "Content-type: text/html\r\n";
and it should work perfectly
This is a word press plugin but if you delete everything BUT the XmailBaby class it should work for you nicely.
That code is a nice piece of work that sends emails very good.
It is just a basic version but it should be enough for you.
Take a look through the code, you might find it interesting.
http://plugins.svn.wordpress.org/xmail-the-right-way/trunk/xmail.php
You need to specify html headers. Rather than do this yourself, you can use a well-established method that supports sending HTML emails, such as PHPMailer:
http://phpmailer.worxware.com/
My .swf is a game. When the game ends, the player can see a textual game report. This game report is generated in a Dynamic Textfield. The player can send the report by e-mail. It's easy to send the email with the report text, it works just like a form.
The problem is that I need to keep all the colors, bolds, formatting, etc. I don't want a plain black text with no bolds, colors or formatting. So, my simple form solution doesn't work.
I'm using this simple PHP code:
<?php
$message = $_POST["message"];
$recipient = $_POST["email"];
utf8_decode($mensagem);
$header = "MIME-Version: 1.0\r\n";
$header .= "Content-type: text/html; charset=utf-8\r\n";
$header .= "Reply-to: ".$_POST['email']."\r\n";
$header .= "From: My swf";
$subject = "Relatorio";
$msg = "<b>Report:</b> $message\n<br />";
mail($recipient, $subject, $msg, $header);
?>
A friend read something about sending the text as a ByteArray, but we don't understand how to do it. I just found lots of people sending images, but we want to send text.
Thanks!