Topic awaiting preservation: PHP code not working, pulling hair out $Pages that link to <a href="https://ozoneasylum.com/backlink?for=13130" title="Pages that link to Topic awaiting preservation: PHP code not working, pulling hair out" rel="nofollow" >Topic awaiting preservation: PHP code not working, pulling hair out\$

Author	Thread
Nethermind Bipolar (III) Inmate From: under the Milky Way tonight Insane since: Feb 2003	posted 04-10-2004 09:48 Hi, guys! It's been several months since I posted last, but I have read faithfully off and on. I am at my wits end (not too far a reach), and trying to make my PHP more compliant. Can anyone please give insight as to why this form isn't mailing? I get no errors, but nothing actually works: http://www.worldcrown.com/semidon/districtthanks.phps Any advice is appreciated.
Rinswind 2th Maniac (V) Inmate From: Den Haag: The Royal Residence Insane since: Jul 2000	posted 04-10-2004 10:35 Well i am not an php-guru but i noticed the php code is outside the body tags with no closing html tag. My best guess is that the browser will not do anything with code outside the body tags. Ofcourse i could be totaly wrong. ------------------------------ Do something usefull: support Justice for Pat Richard
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 04-10-2004 13:12 php code can be placed anywhere, rincewind. Could be any number of problems - from the email address passed not being valid (nice semi-open relay spam script, by the way, since you're sending to a form provided email, and not validating anything that comes in there), to the server being misconfigured. Seriously, add error_reporting(E_ALL); to your script - you want to see each warning and everything. Add some input checking. Then see what your mail() calls actually return - if they claim everything's ok, or if they say that something went wrong. so long, Tyberius Prime
norm Paranoid (IV) Inmate From: [s]underwater[/s] under-snow in Juneau Insane since: Sep 2002	posted 04-10-2004 19:41 Have you echoed your $_POST variables to make sure that they are making it from your submitting page? Or using- if (isset($_POST['whatever'])) ? All the really clever coders in my division have found that the best way to keep from pulling your hair out over this sort of frustration is to shave your head. Hey, it works for me......... /* Sure, go ahead and code in your fancy IDE. Just remember: it's all fun and games until someone puts an $i out */
falling_softly Nervous Wreck (II) Inmate From: canada Insane since: Oct 2000	posted 04-11-2004 00:10 How come you have $_POST['name'] then start doing: $_POST[$name]? Is $_POST[$name] technically correct? If the name entered is Lisa, then isn't it looking for $Lisa, rather than $name? I changed it to the $_POST[name] format , that's what I use, and it worked. [This message has been edited by falling_softly (edited 04-11-2004).]
Skaarjj Maniac (V) Mad Scientist From: :morF Insane since: May 2000	posted 04-11-2004 01:13 You're actually damn right there falling. The $_POST, $_GET, $_SESSION, etc array are all associative arrays, so the keys that point to each index's contents are words, instead of numbers. As such they have be treated like strings, so only $_POST["name"] and $_POST['name'] are correct. However, if you have auto_register turned on all the keys of the $_POST, etc arrays are automatically turned into global variables, which is a very unsecure way of doing things. So, when you're calling $_POST[$email], what it's actually doing is: Before it searches for the index you're loking for, it replaces $email with the email address you have in the script, so it doesn't end up looking for the index 'email', it instead looks for the index 'myemail@mydomain.com', and consequently can't find it. At the top of your scropt try putting the line error_reporting(E_ALL); so it brings up all the warnings your script is generating, instead of just the fatal ones. Justice 4 Pat Richard
Nethermind Bipolar (III) Inmate From: under the Milky Way tonight Insane since: Feb 2003	posted 04-11-2004 09:05 I appreciate all the advice. I had no idea that there was a security issue with the code. I have only recently learned php, and a lot of it was taught on the fly. With that said, I am trying to digest all that has been suggested here. The reason why I used a different method on the $name section was simply that it wasn't showing up on the page, and different people were giving me different advice. I was trying to see what method worked. So, I am in the middle of relearning a better way to code it, and you are witness to some sloppy coding because of it. Sorry. I will change my code to the $_POST[name] format on the variables - unless you guys recommend $_POST['name'] or $_POST["name"]. I will put error_reporting(E_ALL); at the beginning of my code to see what real errors I have, and I will research how to make my form more secure and not as open to relay spamming (which I didn't know until this moment that it was a risk). And, I think I will buy a book on php instead of trying to learn it online. Thanks, as always. I will post the results. This all happened because my php form stopped sending results, and my web host told me that they had upgraded and my forms were no longer compliant. So, I went onto another MB and the code you saw was what they suggested. Serves me right for not coming here first and taking my lumps.
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 04-11-2004 21:26 $_POST[name] will actually cause undefined constant errors. You must quote the 'name' part.
falling_softly Nervous Wreck (II) Inmate From: canada Insane since: Oct 2000	posted 04-14-2004 07:37 quote: Tyberius Prime said: $_POST[name] will actually cause undefined constant errors. You must quote the 'name' part. Are they non-fatal errors? I've never seen any errors shown on any servers I've used that on. Just curious what the difference is. I tried both the $_POST['name'] and $_POST["name"] format in his script Using something like mail($_POST['email'], $_POST['name'].", your application was sent successfully.", // works fine but mail("$_POST['email']", "$_POST['name'], your application was sent successfully.", // causes errors and "$_POST['name'], thank you for your interest in Semidon District....", // causes errors till I use $_POST[name] That's why I suggested the $_POST[name] format, it causes less trouble if you're not too familiar with how it works and how it can cause errors if used wrong. But maybe it also depends on the setup?
DmS Paranoid (IV) Inmate From: Sthlm, Sweden Insane since: Oct 2000	posted 04-14-2004 09:01 I think you've got it a bit mixed up here. example: mail("$_POST['email']", "$_POST['name'], your application was sent successfully.", // causes errors Yes it does since you have enclosed the whole $_POST[] with "", this way you are cancelling out the content that resides inside of 'email' which would be "mail@maildomain.com". The problem here isn't $_POST['email'] with or without '', it's the " " around the whole $_POST That's why this: mail($_POST['email'], $_POST['name'].", your application was sent successfully.") works fine. What TP said is taken from the manual, what you in fact are doing when you omit the '' around the key in the $_POST (actually, any associative array) is telling the script to use a constant for the key. Actually this is pretty much the same thing as looping an associative array using a variable for key. $name = "Mike"; loop... print($_POST[$name]); Since email in your case isn't a predefined constant, it's a string acting as a key in the array, you should enclose it with ' or " inside the [] Simple as that. /Dan {cell 260} -{ a vibration is a movement that doesn't know which way to go }-

Topic awaiting preservation: PHP code not working, pulling hair out\$

Author

Thread

Nethermind
Bipolar (III) Inmate

From: under the Milky Way tonight
Insane since: Feb 2003

posted 04-10-2004 09:48

Hi, guys!

It's been several months since I posted last, but I have read faithfully off and on. I am at my wits end (not too far a reach), and trying to make my PHP more compliant. Can anyone please give insight as to why this form isn't mailing? I get no errors, but nothing actually works:
http://www.worldcrown.com/semidon/districtthanks.phps

Any advice is appreciated.

Rinswind 2th
Maniac (V) Inmate

From: Den Haag: The Royal Residence
Insane since: Jul 2000

posted 04-10-2004 10:35

Well i am not an php-guru but i noticed the php code is outside the body tags with no closing html tag. My best guess is that the browser will not do anything with code outside the body tags.
Ofcourse i could be totaly wrong.

------------------------------
Do something usefull: support Justice for Pat Richard

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 04-10-2004 13:12

php code can be placed anywhere, rincewind.

Could be any number of problems - from the email address passed not being valid (nice semi-open relay spam script, by the way, since you're sending to a form provided email, and not validating anything that comes in there), to the server being misconfigured.
Seriously, add error_reporting(E_ALL); to your script - you want to see each warning and everything. Add some input checking. Then see what your mail() calls actually return - if they claim everything's ok, or if they say that something went wrong.

so long,

Tyberius Prime

norm
Paranoid (IV) Inmate

From: [s]underwater[/s] under-snow in Juneau
Insane since: Sep 2002

posted 04-10-2004 19:41

Have you echoed your $_POST variables to make sure that they are making it from your submitting page? Or using-
if (isset($_POST['whatever'])) ?

All the really clever coders in my division have found that the best way to keep from pulling your hair out over this sort of frustration is to shave your head. Hey, it works for me.........

/* Sure, go ahead and code in your fancy IDE. Just remember: it's all fun and games until someone puts an $i out */

falling_softly
Nervous Wreck (II) Inmate

From: canada
Insane since: Oct 2000

posted 04-11-2004 00:10

How come you have $_POST['name'] then start doing: $_POST[$name]?

Is $_POST[$name] technically correct? If the name entered is Lisa, then isn't it looking for $Lisa, rather than $name? I changed it to the $_POST[name] format , that's what I use, and it worked.

[This message has been edited by falling_softly (edited 04-11-2004).]

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted 04-11-2004 01:13

You're actually damn right there falling. The $_POST, $_GET, $_SESSION, etc array are all associative arrays, so the keys that point to each index's contents are words, instead of numbers. As such they have be treated like strings, so only $_POST["name"] and $_POST['name'] are correct. However, if you have auto_register turned on all the keys of the $_POST, etc arrays are automatically turned into global variables, which is a very unsecure way of doing things. So, when you're calling $_POST[$email], what it's actually doing is:

Before it searches for the index you're loking for, it replaces $email with the email address you have in the script, so it doesn't end up looking for the index 'email', it instead looks for the index 'myemail@mydomain.com', and consequently can't find it. At the top of your scropt try putting the line

error_reporting(E_ALL);

so it brings up all the warnings your script is generating, instead of just the fatal ones.

Justice 4 Pat Richard

Nethermind
Bipolar (III) Inmate

From: under the Milky Way tonight
Insane since: Feb 2003

posted 04-11-2004 09:05

I appreciate all the advice. I had no idea that there was a security issue with the code. I have only recently learned php, and a lot of it was taught on the fly. With that said, I am trying to digest all that has been suggested here.

The reason why I used a different method on the $name section was simply that it wasn't showing up on the page, and different people were giving me different advice. I was trying to see what method worked. So, I am in the middle of relearning a better way to code it, and you are witness to some sloppy coding because of it. Sorry.

I will change my code to the $_POST[name] format on the variables - unless you guys recommend $_POST['name'] or $_POST["name"]. I will put error_reporting(E_ALL); at the beginning of my code to see what real errors I have, and I will research how to make my form more secure and not as open to relay spamming (which I didn't know until this moment that it was a risk). And, I think I will buy a book on php instead of trying to learn it online.

Thanks, as always. I will post the results.

This all happened because my php form stopped sending results, and my web host told me that they had upgraded and my forms were no longer compliant. So, I went onto another MB and the code you saw was what they suggested. Serves me right for not coming here first and taking my lumps.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 04-11-2004 21:26

$_POST[name] will actually cause undefined constant errors. You must quote the 'name' part.

falling_softly
Nervous Wreck (II) Inmate

From: canada
Insane since: Oct 2000

posted 04-14-2004 07:37

quote:
Tyberius Prime said:

$_POST[name] will actually cause undefined constant errors. You must quote the 'name' part.

Are they non-fatal errors? I've never seen any errors shown on any servers I've used that on. Just curious what the difference is. I tried both the $_POST['name'] and $_POST["name"] format in his script

Using something like
mail($_POST['email'], $_POST['name'].", your application was sent successfully.", // works fine

but

mail("$_POST['email']", "$_POST['name'], your application was sent successfully.", // causes errors

and

"$_POST['name'], thank you for your interest in Semidon District....", // causes errors till I use $_POST[name]

That's why I suggested the $_POST[name] format, it causes less trouble if you're not too familiar with how it works and how it can cause errors if used wrong. But maybe it also depends on the setup?

DmS
Paranoid (IV) Inmate

From: Sthlm, Sweden
Insane since: Oct 2000

posted 04-14-2004 09:01

I think you've got it a bit mixed up here.
example:
mail("$_POST['email']", "$_POST['name'], your application was sent successfully.", // causes errors
Yes it does since you have enclosed the whole $_POST[] with "", this way you are cancelling out the content that resides inside of 'email' which would be "mail@maildomain.com". The problem here isn't $_POST['email'] with or without '', it's the " " around the whole $_POST

That's why this: mail($_POST['email'], $_POST['name'].", your application was sent successfully.") works fine.

What TP said is taken from the manual, what you in fact are doing when you omit the '' around the key in the $_POST (actually, any associative array) is telling the script to use a constant for the key.
Actually this is pretty much the same thing as looping an associative array using a variable for key.
$name = "Mike";
loop...
print($_POST[$name]);

Since email in your case isn't a predefined constant, it's a string acting as a key in the array, you should enclose it with ' or " inside the []

Simple as that.
/Dan

{cell 260}
-{ a vibration is a movement that doesn't know which way to go }-