In my PHP contact form script,
I'm using _POST to submit a PHP variable containing quotation marks that have to be escaped, and upon arrival, its value becomes the value of the $formSubject variable in the form, and has its slashes removed with stripslashes.
Here are excerpts from the form showing the $formSubject variable, as well as the headers.
<input type="text" name="formSubject" id="formSubject" value="<?php if(isset($_POST['formSubject'])) echo stripslashes($_POST['formSubject']);?>" />
if (($resp->is_valid) && (!isset($hasError))) {
$emailTo = 'yourEmail#address.com';
$subject = 'A new message from: ' . $formAuthor . ' | ' . $formSubject;
$body = "Email: $formEmail \n\nContent: $formContent \n\n$formAuthor";
$headers = 'From: <'.$formEmail.'>' . "\r\n" . 'Reply-To: ' . $formEmail . "\r\n" . 'Return-Path: ' . $formEmail;
Since I've started using stripslashes on the echoed variable, the subject is correct on the form's page, but once the email arrives, ASCII in subject is not parsing correctly.
THIS IS A \'SUBJECT\'
should be:
THIS IS A 'SUBJECT'
Is this a matter of declaring the correct encoding? This only happened when I started using stripslashes so does stripslashes disregard encoding? I read about an attribute to use on <form> for setting UTF-8, but that didn't work. Is there a fix specific to stripslashes, or is there an overall change I'd have to make for the script encoding?
Can anyone tell me what the issue is?
Thank you for your assistance.
Related
I have a questionnaire form on the web. After filling in this form, I send it to me by email, using the PHP function mail(). The form body and the data it contains, including the private message are displayed correctly on gmail.com. The problem, however, occurs in the header of the email itself. Some characters are displayed incorrectly.
Here is a sample header:
$headers = "Content-Type:text/html; charset=utf-8\r\n";
$headers .= "From:" .$email . "\r\n";
$headers .= "Reply:" . $email . "\r\n";
$headers .= "X-Mailer: PHP/". phpversion() . "\r\n" ;
Required display of email subject:
Nový dotaz -- námět, od Fořt Petr <p.fort1990#gmail.com>
Simultaneous displaying of the subject:
Nový dotaz -- námÄ☒t od: FoÅ☒t Petr <p.fort1990#gmail.com>
The squared times symbol is more like a rectangle.
Is anything wrong? Or where should I look for a mistake?
I'm not sure \r\n works on all platforms
see : Which line break in php mail header, \r\n or \n?
instead
("xxx\r\n\yyy");
use
Header('xxx');
Header('yyy');
or use PHP_EOL, not "\r\n"
Problem solved. My hosting provider uses different character encoding for the headers - I can't explain why, but the following php function will do it all.
function recode_to_utf8 ($text, $encoding = "utf-8")
{
return "=?$encoding?Q?" . imap_8bit($text) . "?=";
}
And now all you have to do is send an email using the mail () method in combination with the method defined above recode_to_utf8(). Like this:
mail(recode_to_utf8($mail_to), recode_to_utf8($subject), recode_to_utf8($message), recode_to_utf8($headers));
I hope it helps others if they have the same problem as me.
I have a contact form and I would like to add the name of the sender when I receive a message from the form.
The variable name is filtered like this:
$newname = htmlspecialchars($name, ENT_QUOTES);
then
mail($to, 'from: ' . $name, $body, $headers);
but my subject show &, <... instead of & or apostrophes
I did try this from other questions:
mail($to, 'from: ' . "=?UTF-8?B?" . base64_encode($name) . "?=", $body, $headers);
but no luck ...
If I remove the htmlspecialchars() of course it works, but I would like to keep it for protection
EDIT
This is not a duplicate.
Thanks, it's good to know that subject doesn't need to be escaped, but this is not a duplicate because I would like to know how can escape it and still correctly display in the subject (with no ' or &). The
=?iso-8859-1?q?this=20is=20some=20text?=
solution proposed in that answer, makes things even worst in my case, with more weird characters... So, my question still is, why
"=?UTF-8?B?" . base64_encode($name) . "?=",
is not working in my case?
Thanks!
I am creating my own contact form and sending all the inputs through variable to the mail function
But there is one error in it......my code is like this in the below...
$from = $_POST["from"];
// sender
$name = $_POST["name"];
$subject = $_POST["subject"];
$message = $_POST["message"];
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
$phone = $_POST["phone"];
$mytour = $_POST["select1"];
$howmany = $_POST["select2"];
$arrival = $_POST["arrival"];
$departure = $_POST["departure"];
$accommodation = $_POST["select3"];
$company = $_POST["company"];
// send mail
$messagecontent = "Name:$name , " . "Email:$from ," . "Nature of Enquiry:$subject ," . "Message:$message ," . "Phone No:$phone, " . "My Tour Wish List: $mytour, " . "How many days do you have available:$howmany, " . "Arrival Date:$arrival ," . "Departure Date:$departure ," . "My Preferred Accommodation:$accommodation, " . "Company Name:$company ,";
// $messagewithbreak=str_replace(',',', <br/>;',$messagecontent); // code replaces all your commas with , and a <br> tag
mail("abc#gmail.com", " Contact form Filled", "$messagewithbreak", "From: $from\n");
echo "Thank you for sending us feedback";
}
But when I receive it in the my email...there is not break tag <br> tag...and it receives as....
Name: , Email:abc#gmail.com ,Nature of Enquiry:none ,Message:none ,Phone No:none,My Tour Wish List: Heritage Tour of Kells,How many days do you have available:Half a Day, Arrival Date:2014-09-10 ,Departure Date:2014-09-10 ,My Preferred Accommodation:Hostel,Company Name:none
But I want it to view proper in the email.... as that is not the professional way... to see the email moreover it is difficult to read the email like this.....
what should I do please help me on it....
I will really appreciate your help.
Please answer my question nothing is helping me out here.I have tried..the methods given to me by jenz and rakesh but still the form when receive in the email shows as the paragraph without line breaks....it is getting frustrating
why you concat message string again and again. Also remove double quotes from variables in mail()
$messagecontent="Name:$name , Email:$from , Nature of Enquiry:$subject , Message:$message , Phone No:$phone, My Tour Wish List: $mytour, How many days do you have available:$howmany, Arrival Date:$arrival , Departure Date:$departure , My Preferred Accommodation:$accommodation, Company Name:$company ,";
$messagewithbreak=str_replace(',',',<br>',$messagecontent);
mail("abc#gmail.com"," Contact form Filled", $messagewithbreak, $from);
Properly add formatting to your message. Any HTML tags placed inside double quotes will be converted to the tag when you echo it. So you just need to add <br> in proper places inside the message content. Also all PHP variables inside double quotes will get replaced by its value. So no need of appending each string with double quotes.
$messagecontent="Name:$name <br> Email:$from <br>Nature of Enquiry:$subject
<br>Message:$message<br>Phone No:$phone<br>
My Tour Wish List: $mytour<br>How many days do you have available:$howmany<br> Arrival Date:$arrival <br> Departure Date:$departure <br> My Preferred
Accommodation:$accommodation<br>Company Name:$company ";
To send HTML email you have to add headers which is optional by default where we pass Content-Type type declaration telling mail services that parse this email as HTML.
$headers = "From: " . strip_tags($from) . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
and pass $headers in mail() like,
mail("abc#gmail.com", " Contact form Filled", $messagecontent, $headers);
You are trying to use HTML in a plain text email. If all you want to do is have line breaks, then use \n instead of the br tag.
If you want to use HTML in an email you must add a content-type header. See the PHP mail docs for an example.
// send mail
$messagecontent = "Name:$name \n ";
$messagecontent.= "Email:$from \n";
$messagecontent.= "Nature of Enquiry:$subject \n";
............
...............
Set all the variables like that.
My Problem:
I have a Contact Form that gets sent to an email address. It normally works fine, but the form will not send if spaces are included in the 'Email' Text Field (where the person sending the mail would enter their email). If any other form has spaces the form will still send.
I know spaces aren't allowed in email addresses, but if the message is sent with spaces in the email field, users are still taken to a different page stating the message has been sent, when it actually hasn't. So if someone accidentally puts a space while entering the email, the website will not send the form but it will say it did.
Here's how I have it set up:
On the form the email field is automatically populated by what the user has stored as their User Account email. This variable is then passed using POST to a different page 'wl_process.php' where the fields are sent to an email address. However, even though it automatically fills the email field in for The User, they may want to have their response sent back to a different email.
What I'm trying to do, and not to do:
I'm not sure why including spaces would stop the mail from being sent. I want it to send the form even if spaces are included. I'm looking for a PHP tag or method where all spaces are stripped from the text field. I'm not sure if that exists. I think another solution may be to check for spaces in the email, and if spaces are there have something pop-up and say "Invalid Email Entered, please try again." But ideally, I just want it to send the email. And also, if anyone knows why it's doing this, that would be very beneficial for future use.
Additional Info
Keep in mind that the form works perfectly until spaces are entered into the Email field. If spaces are entered in any of the other fields, the form will still send!
Also: $var_email is pulled from a <? include?> that is located at the top of the page. The include has some $_SESSION information, and also the MYSQLI call that grabs the email out of the databse and turns into a PHP variable. I doubt this has anything to do with the problem though. My problem is the spaces will stop the mail from being sent.
What Doesn't Matter
My naming conventions. Don't get thrown off and think my variable named $email is ever treated like an Email Address in any manner. It could be renamed anything. It is only a variable and text-field here, being posted then Emailed.
My Code
Page 1 (Where the form is)
<div class="form_box">
...
<div class="field clearfix">
<label>Email <span>*</span></label>
<input id="element_1_email" name="element_1_email" value="<? echo $var_email;?>" size="30" class="validate[optional]" type="text" onClick="(this).value=''"/>
</div>
Page 2 (Where the data is sent and mailed out)
<?
$name = $_POST['element_0_name'];
$email = $_POST['element_1_email'];
$company = $_POST['element_2_company'];
$date = $_POST['element_3_date'];
$comment = $_POST['element_4_comment'];
$list = $_POST['element_5_list'];
$email_to = "contact#website.com";
$email_subject = "Online Form";
$email_message = "\n\n";
function clean_string($string) {
$bad = array ("content-type", "bcc:", "to:", "cc:", "href");
return str_replace($bad, "",$string);
}
$email_message .= '<div style="font-family:Arial, Helvetica, sans-serif;padding-left: 90px;font-weight: 100;font-size: 14px;color: #2a2a2a;"><table width="1070px" height="685px;"border="0" cellspacing="0" background="http://www.website/image.jpg">
<tr>
<td style="vertical-align:top;padding-left:88px;">
<h2 style="padding-top:150px;padding-left:90px;">Form Information:</h2>';
$email_message .= "Name: ".clean_string($name)."<br>";
$email_message .= "Email: " .clean_string($email). "<br>";
$email_message .= "Company: " .clean_string($company). "<br>";
$email_message .= "Date Required: " .clean_string($date). "<br>";
$email_message .= "Comment: " .clean_string($comment). "<br>";
$email_message .= '<u>List Of Things:<style> tr:nth-child(2n) {background-color:#d6d6d6;}</style> </u><br><table cellspacing="0" style="margin-top:10px;min-width:390px;border:1px solid #cccccc;">' .clean_string($list). '</table>';
$email_message .= "</div>";
$headers = 'From: '.$email."\r\n".
'Reply-To: '. $email."\r\n" .
'X-Mailer: PHP/' .phpversion();
$headers .= "MIME-Version:1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
#mail($email_to, $email_subject, $email_message, $headers);
//
?>
Why not just strip out the spaces from the $_POST variable on Page 2?
Change this
$email = $_POST['element_1_email'];
to this
$email = str_replace(' ','',$_POST['element_1_email']);
----------- UPDATE -----------
Your message is failing because of this code in your $headers variable:
$headers = 'From: '.$email."\r\n".'Reply-To: '. $email."\r\n" .
You are using $email here which did not go through your clean_string function (where you could also remove the spaces by adding a space to the $bad array), so essentially you are trying to send the email to whatever was received in $_POST['element_1_email'] without any sort of clean up or email validation.
Im trying to sent a message which contains the post values of a form. I dont think im putting them together right as its only sending the first POST value (make).
$message = $_POST['make'];
$_POST['model'];
$_POST['Street'];
$_POST['towncity'];
is this the correct way to put them together so that all 4 of them send?
Regards
Ross
There are many ways you can format this message. I encourage you to read this page of the PHP Documentation.
You can for example, concatenate all the values together (one on each line).
$message = $_POST['make'] . "\n"
. $_POST['model'] . "\n"
. $_POST['Street'] . "\n"
. $_POST['towncity'];
No, I don't think that would work!
Try:
$message= $_POST['make'] . $_POST['model'] . $_POST['Street'] . $_POST['towncity'];
But this would cause it to write everything in one line. I would suggest this:
$message="Make: " . $_POST['make'] . "\n Model: " . $_POST['model']; // etc...
Or if it's a HTML coded email, change \n to
$message = $_POST['make'] . $_POST['model'] . $_POST['Street'] . $_POST['towncity'];
BUT!
don't send values in the same form as they are posted. It's dangerous, and you might get exploited. Either make sure the content is properly cleaned, or even better, use library like Swift Mailer or PHPMailer.
Try this:
$message = $_POST['make'] . $_POST['model'] . $_POST['Street'] . $_POST['towncity'];
But be careful! Check for some dangerous php and mysql codes in the first place to make your code unhurt.
Use the concatenate operator. A semi-colon signifies the end of that current block of code. The concatenate strings the variables together:
$message = $_POST['make']
.$_POST['model']
.$_POST['Street']
.$_POST['towncity'];
Using $_POST values is very insecure however. Take a look at this example for a basic tutorial on how to protect against attacks and injections.