Im trying to sent a message which contains the post values of a form. I dont think im putting them together right as its only sending the first POST value (make).
$message = $_POST['make'];
$_POST['model'];
$_POST['Street'];
$_POST['towncity'];
is this the correct way to put them together so that all 4 of them send?
Regards
Ross
There are many ways you can format this message. I encourage you to read this page of the PHP Documentation.
You can for example, concatenate all the values together (one on each line).
$message = $_POST['make'] . "\n"
. $_POST['model'] . "\n"
. $_POST['Street'] . "\n"
. $_POST['towncity'];
No, I don't think that would work!
Try:
$message= $_POST['make'] . $_POST['model'] . $_POST['Street'] . $_POST['towncity'];
But this would cause it to write everything in one line. I would suggest this:
$message="Make: " . $_POST['make'] . "\n Model: " . $_POST['model']; // etc...
Or if it's a HTML coded email, change \n to
$message = $_POST['make'] . $_POST['model'] . $_POST['Street'] . $_POST['towncity'];
BUT!
don't send values in the same form as they are posted. It's dangerous, and you might get exploited. Either make sure the content is properly cleaned, or even better, use library like Swift Mailer or PHPMailer.
Try this:
$message = $_POST['make'] . $_POST['model'] . $_POST['Street'] . $_POST['towncity'];
But be careful! Check for some dangerous php and mysql codes in the first place to make your code unhurt.
Use the concatenate operator. A semi-colon signifies the end of that current block of code. The concatenate strings the variables together:
$message = $_POST['make']
.$_POST['model']
.$_POST['Street']
.$_POST['towncity'];
Using $_POST values is very insecure however. Take a look at this example for a basic tutorial on how to protect against attacks and injections.
Related
With a simple form, i have a field for users to input a date - when the fields are posted into my txt file i need them to be sorted by the date field, cant figure out a way to sort them by the date field, any ideas?
PHP Code:
if(isset($_POST['field1']) && isset($_POST['field2']) && isset($_POST['field3'])) {
$data = 'REQUEST - ' . $_POST['field1'] . ' - ' . $_POST['field2'] . ' - ' . $_POST['field3'] . "\n";
$ret = file_put_contents('mydata.txt', $data, FILE_APPEND | LOCK_EX);}
You're writing to the file in append mode, which only adds to the data already in the file. You're going to have to read the file back in,
add the data in sorted order, then re-write the entire file.
Using a database would probably be a simpler way to handle this.
I've have this bit in my processor.php file...
session_start();
$_SESSION['address'] = $_POST['field_2'];
$_SESSION['name'] = $_POST['field_1'];
Those variables are being passed to another page and pre-filling inputs on a second form like this...
<input type="hidden" name="Name" value="<?php echo $_SESSION['name']?>">
<input name="Address" type="text" value="<?php echo $_SESSION['address']?>">
Then that form is being submitted to email...
mail($to, $subject,"Form data:
Name: " . $_POST['Name'] . "
Property Address: " . $_POST['Address'] . "
More Fields ", $headers
);
The email comes through successfully with the pre-filled "Property Address" but "Name" is blank. Why is the hidden input not passing the variable for $_POST['Name']?
While it seemed like the hidden field was the problem, it was not. Every thing was working except for the second line here.
mail($to, $subject,"Form data:
Name: " . $_POST['Name'] . "
Email: " . $_POST['Email'] . "
Property Address: " . $_POST['Address'] . "
Lots More Fields ", $headers);
The whole `mail()' function bit was a copy-and-paste snip-it from the web into Sublime Text. The syntax was perfect, but I eventually found that there was an invisible non-ASCII character in the Name line left over from the copy paste from web snip-it operation. I checked if anyone else ever had a similar problem like this and immediately found this FileUtils.mv throwing Invalid char \302 and \255 exception
The moral of the story is that saving time by using snipits may not always save you time. I should have enabled "draw_white_space" in Sublime Text and I would have probably caught it a lot sooner.
As Fred -ii- pointed out the message body arguments all would have been better concatenated as a $message variable. Whose advice I've now followed.
At step 2, check in the generated HTML code if the "value" attribute have the correct value.
Also, instead of using at step 3 $_POST['Name'] , use $_REQUEST['Name']. With this, it will work if POST or GET request.
Can anyone see an error with the following line of code from a CodeIgniter controller script - it's part of an email script.
The "\n" do not appear as new lines in the email - just the "\n" raw code itself:
$this->email->message($_POST['name']
. " \n" . $_POST['email'] . " \n" . $_POST['message']);
They are enclosed in double-quotes, so I don't see what the issue would be...
I have done the same thing you are trying to do (Successfully) like this:
$msg="
Name: ".$this->input->post('name')."
Email: ".$this->input->post('email')."
Message: ".$this->input->post('message');
$this->email->message($msg);
Hope it helped you. If there is any problem, Comment.
In my PHP contact form script,
I'm using _POST to submit a PHP variable containing quotation marks that have to be escaped, and upon arrival, its value becomes the value of the $formSubject variable in the form, and has its slashes removed with stripslashes.
Here are excerpts from the form showing the $formSubject variable, as well as the headers.
<input type="text" name="formSubject" id="formSubject" value="<?php if(isset($_POST['formSubject'])) echo stripslashes($_POST['formSubject']);?>" />
if (($resp->is_valid) && (!isset($hasError))) {
$emailTo = 'yourEmail#address.com';
$subject = 'A new message from: ' . $formAuthor . ' | ' . $formSubject;
$body = "Email: $formEmail \n\nContent: $formContent \n\n$formAuthor";
$headers = 'From: <'.$formEmail.'>' . "\r\n" . 'Reply-To: ' . $formEmail . "\r\n" . 'Return-Path: ' . $formEmail;
Since I've started using stripslashes on the echoed variable, the subject is correct on the form's page, but once the email arrives, ASCII in subject is not parsing correctly.
THIS IS A \'SUBJECT\'
should be:
THIS IS A 'SUBJECT'
Is this a matter of declaring the correct encoding? This only happened when I started using stripslashes so does stripslashes disregard encoding? I read about an attribute to use on <form> for setting UTF-8, but that didn't work. Is there a fix specific to stripslashes, or is there an overall change I'd have to make for the script encoding?
Can anyone tell me what the issue is?
Thank you for your assistance.
I hope I'm missing something pretty basic here but: An empty form is getting submitted randomly, sometimes 3-8 times a day, then none for a few days and so on.
The empty submits always email with the subject as "[Website Contact Form]." Even though there is no validation in my php, in the html code the subject is chosen from a drop-down menu with the default as "General Enquiry." Notice in the php code below, there is no way for a human to submit an empty form with the above subject line, that is, it would always be "[Website Contact Form]General Enquiry" if I press submit without entering anything.
I have contact.html call this contact.php file:
<?
$email = 'info#mail.com';
$mailadd = $_POST['email'];
$headers = 'From: ' . $_POST['email'] . "\r\n";
$name = $_POST['name'];
$subject = '[Website Contact Form] ' . $_POST['subject'];
$message = 'Message sent from: ' . $name . '. Email: ' . $mailadd . '. Organization: ' . $_POST['company'] . '. Phone: ' . $_POST['phone'] . '. ';
$message .= 'Message: ';
$message .= $_POST['message'];
if (mail($email,$subject,$message, $headers)) {
echo "<p>Thank You! We'll get back to you shortly.</p>";
}
else {
echo "<p>Error...</p>";
}
?>
I use this code for many websites, but have never encountered this issue. Is there something so obviously wrong with this code that I'm missing? Any help would be greatly appreciated!
I suspect that you may not be checking that these variables are set before you send the email. Someone requesting contact.php directly (without any form data) may produce the results you have described. If this is the case, the following code should work like a charm:
<?php
if (isset($_POST['submit']) {
// form code
}
else {
// The form was not submitted, do nothing
}
?>
Even if that's not that case, such a simple check is always good practice.
Furthermore, you should always validate any user input just as a good habit. You don't want your server flooding your inbox with emails. I suggest using regexs to validate the input provided and possibly use a captcha service (such as ReCaptcha).
If you've been using this code and it's been working fine then I'd check what variables you changed with this case for example your submit form.
Try out your form with all common possibilities and see if it works. And empty Subject will give your form the subject "[Website Contact Form]". Check that your script actually get's the post variables and your form submits the right variables. Your dropdown might have an option with value of "" and the innerHTML "General Enquiry". The value is what will get submitted.
It's good to check inputs server-side as well
<?php
if(isset($_POST['subject'],$_POST['email'])){
}
?>