Need help on simple send mail php script

Discussion in 'Web Design and Development' started by 835153, Sep 5, 2013.

  1. 835153, Sep 5, 2013
    Last edited: Sep 5, 2013

    Guest

    Joined:
    Aug 5, 2013
    #1
    I can get the following script to work but it only seems to work with two items from my form.

    My form has 9 fields but the script only works when I ask it to send me two of the fields. If i ask it to send me submitted info from 3 or more fields the script doesnt work.

    In the last bit of the script I can swap the first two variables to any of the nine and it works but any more than 2 and it stops working.

    Really with PHP I have no clue what I'm doing as its all trial and error but this has stumped me?! :confused:

    Code:
    <?php
    /*
    This first bit sets the email address that you want the form to be submitted to.
    You will need to change this value to a valid email address that you can access.
    */
    $webmaster_email = "myemailaddress";
    
    /*
    This bit sets the URLs of the supporting pages.
    If you change the names of any of the pages, you will need to change the values here.
    */
    $feedback_page = "http://www.somewhere.com";
    $error_page = "http://www.somewhere.com";
    $thankyou_page = "http://www.somewhere.com";
    
    /*
    This next bit loads the form field data into variables.
    If you add a form field, you will need to add it here.
    */
    $persons_name = $_REQUEST['persons_name'] ;
    $email_address = $_REQUEST['email_address'] ;
    $phone_number = $_REQUEST['phone_number'] ;
    $website = $_REQUEST['website'] ;
    $requirements = $_REQUEST['requirements'] ;
    $referal = $_REQUEST['referal'] ;
    $budget = $_REQUEST['budget'] ;
    $deadline = $_REQUEST['deadline'] ;
    $furtherinfo = $_REQUEST['furtherinfo'] ;
    
    /*
    The following function checks for email injection.
    Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
    */
    function isInjected($str) {
    	$injections = array('(\n+)',
    	'(\r+)',
    	'(\t+)',
    	'(%0A+)',
    	'(%0D+)',
    	'(%08+)',
    	'(%09+)'
    	);
    	$inject = join('|', $injections);
    	$inject = "/$inject/i";
    	if(preg_match($inject,$str)) {
    		return true;
    	}
    	else {
    		return false;
    	}
    }
    
    // If the user tries to access this script directly, redirect them to the feedback form,
    if (!isset($_REQUEST['email_address'])) {
    header( "Location: $feedback_page" );
    }
    
    // If the form fields are empty, redirect to the error page.
    elseif (empty($persons_name) || empty($email_address)) {
    header( "Location: $error_page" );
    }
    
    // If email injection is detected, redirect to the error page.
    elseif ( isInjected($email_address) ) {
    header( "Location: $error_page" );
    }
    
    // If we passed all previous tests, send the email then redirect to the thank you page.
    else {
    mail( "$webmaster_email", "Feedback Form Results",
      $persons_name, $website, $phone_number, $email_address, $requirements, $budget, $deadline, $furtherinfo, $referal, "From: $email_address" );
    header( "Location: $thankyou_page" );
    }
    ?>
     
  2. thread starter Guest

    Joined:
    Aug 5, 2013
    #2
    I've cracked it now :rolleyes:

    The example I found was not coded properly.
     
  3. macrumors 65816

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #3
    Fantastic! You'll find that alot of the code is incorrect. If you wouldn't mind please post the correction so that future web surfers may find your problem and solution in the same thread.
     
  4. thread starter Guest

    Joined:
    Aug 5, 2013
    #4
    In the following bit it was missing a " before $person_name, and also one at the end of $referal,

    Adding these made the script work with all nine fields. Still strange how it worked with the first two though. You would think it would either work with all or none. :confused:

    Anyhoo, full script is below so someone else can use and amend it.

    Code:
    <?php
    /*
    This first bit sets the email address that you want the form to be submitted to.
    You will need to change this value to a valid email address that you can access.
    */
    $webmaster_email = "enter your email address here";
    
    /*
    This bit sets the URLs of the supporting pages.
    If you change the names of any of the pages, you will need to change the values here.
    */
    $feedback_page = "url of webpage that form resides on";
    $error_page = "url of error page";
    $thankyou_page = "url of thanks page";
    
    /*
    This next bit loads the form field data into variables.
    If you add a form field, you will need to add it here.
    */
    $persons_name = $_REQUEST['persons_name'] ;
    $email_address = $_REQUEST['email_address'] ;
    $phone_number = $_REQUEST['phone_number'] ;
    $website = $_REQUEST['website'] ;
    $requirements = $_REQUEST['requirements'] ;
    $referal = $_REQUEST['referal'] ;
    $budget = $_REQUEST['budget'] ;
    $deadline = $_REQUEST['deadline'] ;
    $furtherinfo = $_REQUEST['furtherinfo'] ;
    
    /*
    The following function checks for email injection.
    Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
    */
    function isInjected($str) {
    	$injections = array('(\n+)',
    	'(\r+)',
    	'(\t+)',
    	'(%0A+)',
    	'(%0D+)',
    	'(%08+)',
    	'(%09+)'
    	);
    	$inject = join('|', $injections);
    	$inject = "/$inject/i";
    	if(preg_match($inject,$str)) {
    		return true;
    	}
    	else {
    		return false;
    	}
    }
    
    // If the user tries to access this script directly, redirect them to the feedback form,
    if (!isset($_REQUEST['email_address'])) {
    header( "Location: $feedback_page" );
    }
    
    // If the form fields are empty, redirect to the error page.
    elseif (empty($persons_name) || empty($email_address) || empty($phone_number) || empty($website) || empty($requirements) || empty($referal) || empty($budget) || empty($deadline) || empty($furtherinfo)) {
    header( "Location: $error_page" );
    }
    
    // If email injection is detected, redirect to the error page.
    elseif ( isInjected($email_address) ) {
    header( "Location: $error_page" );
    }
    
    // If we passed all previous tests, send the email then redirect to the thank you page.
    else {
    mail( "$webmaster_email", "Quote request", 
    
    "$persons_name,
    
    $email_address,
    
    $phone_number,
    
    $website,
    
    $requirements,
    
    $referal,
    
    $budget,
    
    $deadline,
    
    $furtherinfo", 
    
    "From: $email_address" );
    header( "Location: $thankyou_page" );
    }
    ?>
    
    
     
  5. macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #5
    Not so strange. The mail function accepts 4 parameters, $persons_name was treated as the third (message body) and $email_address as the fourth (optional additional headers) and ignored the rest. BTW, this kind of mistake is the most common in development (any language) - leaving off one character in a key position can result in pure chaos. Been there, done that.

    On a side note, change $_REQUEST to $_POST or $_GET as a best practice because the latter two are explicit whereas the first can come from varied sources ($_POST, $_GET and even $_COOKIE) in many PHP configurations. This makes issues tough to trace, and can lead to, well, even more pure chaos. :eek:

    :p
     

Share This Page