PHP Script not sending all form info

the mail() function

Moderators: macek, egami, gesf

joanne77
New php-forum User
New php-forum User
Posts: 1
Joined: Wed Oct 03, 2012 4:21 pm

PHP Script not sending all form info

Postby joanne77 » Wed Oct 03, 2012 4:31 pm

Hi all,

I am trying to create a contact form for our website. I cannot get the php script to send all of the information gathered in the form to the email address. All I get is the comments and nothing else.

Here is the html:

Code: Select all

<form action="send_mail.php" method="post">
         <p><strong>Name:</strong><br>
            <input type="text" name="name" size="30" maxlength="30" />
         </p>
         <p><strong>Phone No.</strong><br>
            <input type="text" name="phone" size="30" maxlength="30" />
         </p>
         <p><strong>Address:</strong></p>
            <p><textarea name="address" cols="30" rows="4">Enter your address here if you require an appointment </textarea>
         </p>
         <p><strong>Email Address:</strong><br>
         <input type="text" name="email" value="" maxlength="50" />
         </p>
         </td>
         <td>
         <p><strong>Prefered Method of Contact:</strong><br>
         <input type="checkbox" name="contact_method" value="email" />Email
         <input type="checkbox" name="contact_method" value="phone" />Phone
         <input type="checkbox" name="contact_method" value="no_preference" />No Preference
         </p>
         <p><strong>Prefered Appointment Day:</strong><br>
         <input type="checkbox" name="prefered_day" value="monday" />Monday
         <input type="checkbox" name="prefered_day" value="tuesday" />Tuesday
         <input type="checkbox" name="prefered_day" value="wednesday" />Wednesday<br>
         <input type="checkbox" name="prefered_day" value="thursday" />Thursday
         <input type="checkbox" name="prefered_day" value="friday" />Friday
         <input type="checkbox" name="prefered_day" value="saturday" />Saturday<br>
         <input type="checkbox" name="prefered_day" value="any_day" />Any Day
         </p>
         <p><strong>Comments:</strong></p>
            <p><textarea name="comments" cols="30" rows="4">Enquiry or Description of I.T Problem</textarea></p>
         <p>
         <input type="reset" value="Reset" />
         <input type="submit" value="Submit" /></p>   
         </form>


The php script is:

Code: Select all

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "email@domain.com";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "contact_us.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$name = $_REQUEST['name'] ;
$phone_number = $_REQUEST['phone_number'] ;
$address = $_REQUEST['address'] ;
$email_address = $_REQUEST['email_address'] ;
$contact_method = $_REQUEST['contact_method'] ;
$prefered_day = $_REQUEST['prefered_day'] ;
$comments = $_REQUEST['comments'] ;
/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
   $injections = array('(\n+)',
   '(\r+)',
   '(\t+)',
   '(%0A+)',
   '(%0D+)',
   '(%08+)',
   '(%09+)'
   );
   $inject = join('|', $injections);
   $inject = "/$inject/i";
   if(preg_match($inject,$str)) {
      return true;
   }
   else {
      return false;
   }
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($comments)) {
header( "Location: $error_page" );
}

// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Feedback Form Results",
   $comments; "From: $email_address" );
header( "Location: $thankyou_page" );
}
?>


I know that it has something to do with the //If we passed all previous tests.... script at the end, but no amount of googling gives me an answer!!

Your help will be gratefully received.

Joanne

seandisanti
php-forum Fan User
php-forum Fan User
Posts: 838
Joined: Mon Oct 01, 2012 12:32 pm

Re: PHP Script not sending all form info

Postby seandisanti » Thu Oct 04, 2012 10:18 am

Try to avoid using $_REQUEST, because it opens your code up to injection. If I modify the url of the page to add custom GET fields and name them the same as your post fields, I can feed your script values that you don't want it to to evaluate.

That has nothing to do with your problem, but it will help you avoid other problems in the future.

Your php is doing way more than it needs to. Your injection testing can be removed completely by using POST data instead of REQUEST, and you may want to check your referrer, but I didn't write that code. The only field you're asking for in the current code is comments. Here's your code with the extraneous checks removed, and a $content variable built of html line breaks and your values. You may want to add labels prior to the values, but I'll let you figure that one out if it's the case. ;)

Code: Select all

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "email@domain.com";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "contact_us.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$name = $_POST['name'] ;
$phone_number = $_POST['phone_number'] ;
$address = $_POST['address'] ;
$email_address = $_POST['email_address'] ;
$contact_method = $_POST['contact_method'] ;
$prefered_day = $_POST['prefered_day'] ;
$comments = $_POST['comments'] ;

$content = '<html>'.$name . '<br />' . $phone_number
         . '<br />' . $address . '<br>' .$contact_method
         . '<br />' . $prefered_day . '<br />' . $comments . '</html>'

if (empty($email_address) || empty($comments)) {
   header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Feedback Form Results",
   $content; "From: $email_address" );
header( "Location: $thankyou_page" );
}
?>


Return to “PHP coding => Mail”

Who is online

Users browsing this forum: No registered users and 0 guests

cron