Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Need help on simple send mail php script

8

835153

Guest
Original poster
Aug 5, 2013
116
1
I can get the following script to work but it only seems to work with two items from my form.

My form has 9 fields but the script only works when I ask it to send me two of the fields. If i ask it to send me submitted info from 3 or more fields the script doesnt work.

In the last bit of the script I can swap the first two variables to any of the nine and it works but any more than 2 and it stops working.

Really with PHP I have no clue what I'm doing as its all trial and error but this has stumped me?! :confused:

Code: 
<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "myemailaddress";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "http://www.somewhere.com";
$error_page = "http://www.somewhere.com";
$thankyou_page = "http://www.somewhere.com";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$persons_name = $_REQUEST['persons_name'] ;
$email_address = $_REQUEST['email_address'] ;
$phone_number = $_REQUEST['phone_number'] ;
$website = $_REQUEST['website'] ;
$requirements = $_REQUEST['requirements'] ;
$referal = $_REQUEST['referal'] ;
$budget = $_REQUEST['budget'] ;
$deadline = $_REQUEST['deadline'] ;
$furtherinfo = $_REQUEST['furtherinfo'] ;

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
	$injections = array('(\n+)',
	'(\r+)',
	'(\t+)',
	'(%0A+)',
	'(%0D+)',
	'(%08+)',
	'(%09+)'
	);
	$inject = join('|', $injections);
	$inject = "/$inject/i";
	if(preg_match($inject,$str)) {
		return true;
	}
	else {
		return false;
	}
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($persons_name) || empty($email_address)) {
header( "Location: $error_page" );
}

// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Feedback Form Results",
  $persons_name, $website, $phone_number, $email_address, $requirements, $budget, $deadline, $furtherinfo, $referal, "From: $email_address" );
header( "Location: $thankyou_page" );
}
?>
 
Last edited:
960design

960design

macrumors 68040
Apr 17, 2012
3,698
1,565
Destin, FL
Fantastic! You'll find that alot of the code is incorrect. If you wouldn't mind please post the correction so that future web surfers may find your problem and solution in the same thread.
 
8

835153

Guest
Original poster
Aug 5, 2013
116
1
In the following bit it was missing a " before $person_name, and also one at the end of $referal,

Adding these made the script work with all nine fields. Still strange how it worked with the first two though. You would think it would either work with all or none. :confused:

Anyhoo, full script is below so someone else can use and amend it.

Code: 
<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "enter your email address here";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "url of webpage that form resides on";
$error_page = "url of error page";
$thankyou_page = "url of thanks page";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$persons_name = $_REQUEST['persons_name'] ;
$email_address = $_REQUEST['email_address'] ;
$phone_number = $_REQUEST['phone_number'] ;
$website = $_REQUEST['website'] ;
$requirements = $_REQUEST['requirements'] ;
$referal = $_REQUEST['referal'] ;
$budget = $_REQUEST['budget'] ;
$deadline = $_REQUEST['deadline'] ;
$furtherinfo = $_REQUEST['furtherinfo'] ;

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
	$injections = array('(\n+)',
	'(\r+)',
	'(\t+)',
	'(%0A+)',
	'(%0D+)',
	'(%08+)',
	'(%09+)'
	);
	$inject = join('|', $injections);
	$inject = "/$inject/i";
	if(preg_match($inject,$str)) {
		return true;
	}
	else {
		return false;
	}
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($persons_name) || empty($email_address) || empty($phone_number) || empty($website) || empty($requirements) || empty($referal) || empty($budget) || empty($deadline) || empty($furtherinfo)) {
header( "Location: $error_page" );
}

// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Quote request", 

"$persons_name,

$email_address,

$phone_number,

$website,

$requirements,

$referal,

$budget,

$deadline,

$furtherinfo", 

"From: $email_address" );
header( "Location: $thankyou_page" );
}
?>
 
SrWebDeveloper

SrWebDeveloper

macrumors 68000
Dec 7, 2007
1,871
3
Alexandria, VA, USA
Not so strange. The mail function accepts 4 parameters, $persons_name was treated as the third (message body) and $email_address as the fourth (optional additional headers) and ignored the rest. BTW, this kind of mistake is the most common in development (any language) - leaving off one character in a key position can result in pure chaos. Been there, done that.

On a side note, change $_REQUEST to $_POST or $_GET as a best practice because the latter two are explicit whereas the first can come from varied sources ($_POST, $_GET and even $_COOKIE) in many PHP configurations. This makes issues tough to trace, and can lead to, well, even more pure chaos. :eek:

:p
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom