PHP Script not sending all form info

the mail() function

Moderators: egami, macek, gesf

Post Reply
seandisanti
php-forum Fan User
php-forum Fan User
Posts: 973
Joined: Mon Oct 01, 2012 12:32 pm

Thu Oct 04, 2012 10:18 am

Try to avoid using $_REQUEST, because it opens your code up to injection. If I modify the url of the page to add custom GET fields and name them the same as your post fields, I can feed your script values that you don't want it to to evaluate.

That has nothing to do with your problem, but it will help you avoid other problems in the future.

Your php is doing way more than it needs to. Your injection testing can be removed completely by using POST data instead of REQUEST, and you may want to check your referrer, but I didn't write that code. The only field you're asking for in the current code is comments. Here's your code with the extraneous checks removed, and a $content variable built of html line breaks and your values. You may want to add labels prior to the values, but I'll let you figure that one out if it's the case. ;)

Code: Select all

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "email@domain.com";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "contact_us.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$name = $_POST['name'] ;
$phone_number = $_POST['phone_number'] ;
$address = $_POST['address'] ;
$email_address = $_POST['email_address'] ;
$contact_method = $_POST['contact_method'] ;
$prefered_day = $_POST['prefered_day'] ;
$comments = $_POST['comments'] ;

$content = '<html>'.$name . '<br />' . $phone_number 
			. '<br />' . $address . '<br>' .$contact_method 
			. '<br />' . $prefered_day . '<br />' . $comments . '</html>'

if (empty($email_address) || empty($comments)) {
	header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Feedback Form Results",
   $content; "From: $email_address" );
header( "Location: $thankyou_page" );
}
?>

Post Reply