Topic awaiting preservation: PHP-Email the contents of the form. (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=30669" title="Pages that link to Topic awaiting preservation: PHP-Email the contents of the form. (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: PHP-Email the contents of the form. <span class="small">(Page 1 of 1)</span>\$

sumap29 Neurotic (0) Inmate Newly admitted From: Insane since: Jun 2006	posted 11-21-2008 19:20 I have a prob with receiving the contents of the form by email. I m not receiving any error, however, I m not able to see any contents entered in the form except the titles such as: Company Name: <blank> Course Title: <blank> Please help, not sure why the email i receive have no data in it except the titles. thanks so much. code attached below: ------------------------connection.php---------------------------------------------------------------- <?php $dbuser='xxxx'; $dbpass='xxxx'; $link=mysql_connect('000.000.000.000, $dbuser, $dbpass); if ( ! $link) die ("Could not connect db"); $db=mysql_select_db("db_name",$link) or die ("Could not select db : ".mysql_error()); ?> -------------------------------------------------- <?php include("connection.php"); $msg.="Course Title :\t$HTTP_POST_VARS[subcategory]<br>"; $msg.="Title :\t$HTTP_POST_VARS[title].<br>"; $msg.="Name :\t$HTTP_POST_VARS[name]<br>"; $msg.="Company :\t$HTTP_POST_VARS[company]<br>"; $msg.="Job Title :\t$HTTP_POST_VARS[jobtitle]<br>"; $msg.="Company Address:\t$HTTP_POST_VARS[address]<br>"; $msg.="Country :\t$HTTP_POST_VARS[country]<br>"; $msg.="Post Code :\t$HTTP_POST_VARS[postcode]<br>"; $msg.="Telephone :\t$HTTP_POST_VARS[tel]<br>"; $msg.="Fax :\t$HTTP_POST_VARS[fax]<br>"; $msg.="E-mail :\t$HTTP_POST_VARS[email]<br>"; $msg.="Start Date of the Course :\t$HTTP_POST_VARS[input1]<br>"; $msg.="Duration :\t$HTTP_POST_VARS[duration] Days<br>"; $msg.="Location :\t$HTTP_POST_VARS[location]<br>"; $msg.="Number of delegates:\t$HTTP_POST_VARS[delegates]<br>"; $msg.="Delegate Names:\t$HTTP_POST_VARS[delegatename]<br>"; $msg.="Invoice :\t$HTTP_POST_VARS[Enquiry]<br>"; $msg.="Comments :\t$HTTP_POST_VARS[comments]<br>"; $to="xxx@domain.com"; $subject= "Online Course Booking for Courses: ".$HTTP_POST_VARS['subcategory'] ; $headers .= "Reply-To: ".$HTTP_POST_VARS['email']; $headers="MIME-Version: 1.0\r\n"; $headers.="Content-type: text/html; charset=iso-8859-1\r\n"; $headers.="From:".$HTTP_POST_VARS['email']; mail($to,$subject,$msg,$headers) ?>
twItch^ Maniac (V) Mad Scientist From: Denver, CO, USA Insane since: Aug 2000	posted 11-21-2008 20:49 Well, there's nothing there that would kick an error except for the mail() command, but since it's successfully sending it, it's not giving you any feedback as to why it's coming up blank. You might want to throw an if() clause in front of the whole thing... code: if($_POST){ and see if anything gets sent at all. For what it's worth, it's best practice to use $_POST['value'] instead of $HTTP_POST_VARS[value], but I can't imagine that would be the main reason it's not working. Check your <form> tag to make sure it's method is "post" and not "get"... and make sure it's stepping through this code after a submit has been clicked... But without seeing the entirety of all the code that is affected by this, can't really diagnose. -S
Nathus Bipolar (III) Inmate From: Minnesota Insane since: Aug 2003	posted 11-21-2008 21:36 what version of PHP are you using? I don't believe that PHP5 has HTTP_POST_VARS any longer. You should use $_POST instead.
sumap29 Obsessive-Compulsive (I) Inmate From: Insane since: Jun 2006	posted 11-22-2008 07:41 Thank you so much, I m not sure what is happening now, I m not receiving the email. I click on submit, and there is no email.
sumap29 Obsessive-Compulsive (I) Inmate From: Insane since: Jun 2006	posted 11-22-2008 08:21 Hello, Now I m receiving emails, however it does not contain the info. Course: <blank> like before.. I tried using $_POST, but no luck, My form looks like this: form.php ---------------- <form name="metal" method="post" action="booking_form.php" onSubmit="return frm_Validate()"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="50%" valign="top"><table width="100%" border="0" cellpadding="4" cellspacing="1" class="text12black"> <tr> <td colspan="2" bgcolor="#A7A9AC"><strong class="a11g"><font color="#FFFFFF">Company Details</font></strong></td> </tr> <tr> <td class="a11g style32">Title:</td> <td><select name="title" id="title"> <option value="select">Please Select</option> <option value="Mr" >Mr</option> <option value="Miss" >Miss</option> <option value="Mrs" >Mrs</option> <option value="Ms" >Ms</option> <option value="Dr" >Dr</option> <option value=" " >Other</option> </select></td> </tr> ---- ----- ---- <tr> <td height="31" align="center"><input name="Submit" type="image" id="Submit" src="images/send.jpg" width="59" height="20" border="0"></td> <td align="center"> </td> </tr>
sumap29 Obsessive-Compulsive (I) Inmate From: Insane since: Jun 2006	posted 11-22-2008 08:50 Heyyyy thanks a ton,, its working perfect,, i added the "if($_POST){" bravo!!!
Tyberius Prime Maniac (V) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 11-24-2008 09:53 code: $headers .= "Reply-To: ".$HTTP_POST_VARS['email']; $headers="MIME-Version: 1.0\r\n"; $headers.="Content-type: text/html; charset=iso-8859-1\r\n"; $headers.="From:".$HTTP_POST_VARS['email']; This is both wrong (since you're adding to an unset variable in line 1, and overwrite the variable in line 2), and a security hole that you need to fix. The last line allows an attacker to easily enter another "\r\n", a bunch of other target e-mail adresses and, after another two "\r\n", the body of their spam message. This attack is called 'header injection', and you should investigate it a bit before your script is seized. so long, and happy learning, ->Tyberius Prime
twItch^ Maniac (V) Mad Scientist From: Denver, CO, USA Insane since: Aug 2000	posted 11-25-2008 15:47 Cannot stress enough what Tyberius Prime said; header injection totally sucks. Make sure you clean up that loophole, and investigate any other possible injection attacks; google around for easy to fix things, and make sure your site is secure. You don't want to be the target of an attack. -S
Skaarjj Maniac (V) Mad Scientist From: :morF Insane since: May 2000	posted 11-27-2008 11:57 Yeah, don't rely on the javascript validator. That's so easy to get around it's not funny.

Topic awaiting preservation: PHP-Email the contents of the form. (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=30669" title="Pages that link to Topic awaiting preservation: PHP-Email the contents of the form. (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: PHP-Email the contents of the form. <span class="small">(Page 1 of 1)</span>\$

sumap29
Neurotic (0) Inmate
Newly admitted

From:
Insane since: Jun 2006

posted 11-21-2008 19:20

I have a prob with receiving the contents of the form by email.
I m not receiving any error, however, I m not able to see any contents entered in the form except the titles such as:

Company Name: <blank>
Course Title: <blank>

Please help, not sure why the email i receive have no data in it except the titles.

thanks so much.

code attached below:
------------------------connection.php----------------------------------------------------------------
<?php

$dbuser='xxxx'; $dbpass='xxxx';
$link=mysql_connect('000.000.000.000, $dbuser, $dbpass);
if ( ! $link)
die ("Could not connect db");
$db=mysql_select_db("db_name",$link)
or die ("Could not select db : ".mysql_error());

?>
--------------------------------------------------

<?php include("connection.php");

$msg.="Course Title :\t$HTTP_POST_VARS[subcategory]<br>";
$msg.="Title :\t$HTTP_POST_VARS[title].<br>";
$msg.="Name :\t$HTTP_POST_VARS[name]<br>";
$msg.="Company :\t$HTTP_POST_VARS[company]<br>";
$msg.="Job Title :\t$HTTP_POST_VARS[jobtitle]<br>";
$msg.="Company Address:\t$HTTP_POST_VARS[address]<br>";
$msg.="Country :\t$HTTP_POST_VARS[country]<br>";
$msg.="Post Code :\t$HTTP_POST_VARS[postcode]<br>";
$msg.="Telephone :\t$HTTP_POST_VARS[tel]<br>";
$msg.="Fax :\t$HTTP_POST_VARS[fax]<br>";
$msg.="E-mail :\t$HTTP_POST_VARS[email]<br>";
$msg.="Start Date of the Course :\t$HTTP_POST_VARS[input1]<br>";
$msg.="Duration :\t$HTTP_POST_VARS[duration] Days<br>";
$msg.="Location :\t$HTTP_POST_VARS[location]<br>";
$msg.="Number of delegates:\t$HTTP_POST_VARS[delegates]<br>";
$msg.="Delegate Names:\t$HTTP_POST_VARS[delegatename]<br>";
$msg.="Invoice :\t$HTTP_POST_VARS[Enquiry]<br>";
$msg.="Comments :\t$HTTP_POST_VARS[comments]<br>";

$to="xxx@domain.com";

$subject= "Online Course Booking for Courses: ".$HTTP_POST_VARS['subcategory'] ;
$headers .= "Reply-To: ".$HTTP_POST_VARS['email'];
$headers="MIME-Version: 1.0\r\n";
$headers.="Content-type: text/html; charset=iso-8859-1\r\n";
$headers.="From:".$HTTP_POST_VARS['email'];

mail($to,$subject,$msg,$headers)
?>

twItch^
Maniac (V) Mad Scientist

From: Denver, CO, USA
Insane since: Aug 2000

posted 11-21-2008 20:49

Well, there's nothing there that would kick an error except for the mail() command, but since it's successfully sending it, it's not giving you any feedback as to why it's coming up blank.

You might want to throw an if() clause in front of the whole thing...

code:

if($_POST){

and see if anything gets sent at all. For what it's worth, it's best practice to use $_POST['value'] instead of $HTTP_POST_VARS[value], but I can't imagine that would be the main reason it's not working.

Check your <form> tag to make sure it's method is "post" and not "get"... and make sure it's stepping through this code after a submit has been clicked...

But without seeing the entirety of all the code that is affected by this, can't really diagnose.

-S

Nathus
Bipolar (III) Inmate

From: Minnesota
Insane since: Aug 2003

posted 11-21-2008 21:36

what version of PHP are you using? I don't believe that PHP5 has HTTP_POST_VARS any longer. You should use $_POST instead.

sumap29
Obsessive-Compulsive (I) Inmate

From:
Insane since: Jun 2006

posted 11-22-2008 07:41

Thank you so much,

I m not sure what is happening now, I m not receiving the email.
I click on submit, and there is no email.

sumap29
Obsessive-Compulsive (I) Inmate

From:
Insane since: Jun 2006

posted 11-22-2008 08:21

Hello,

Now I m receiving emails, however it does not contain the info.
Course: <blank> like before..
I tried using $_POST, but no luck,

My form looks like this:

form.php
----------------

<form name="metal" method="post" action="booking_form.php" onSubmit="return frm_Validate()">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="50%" valign="top"><table width="100%" border="0" cellpadding="4" cellspacing="1" class="text12black">
<tr>
<td colspan="2" bgcolor="#A7A9AC"><strong class="a11g"><font color="#FFFFFF">Company
Details</font></strong></td>
</tr>
<tr>
<td class="a11g style32">Title:</td>
<td><select name="title" id="title">
<option value="select">Please Select</option>
<option value="Mr" >Mr</option>
<option value="Miss" >Miss</option>
<option value="Mrs" >Mrs</option>
<option value="Ms" >Ms</option>
<option value="Dr" >Dr</option>
<option value=" " >Other</option>

</select></td>
</tr>
----

-----
----
<tr>
<td height="31" align="center"><input name="Submit" type="image" id="Submit" src="images/send.jpg" width="59" height="20" border="0"></td>
<td align="center"> </td>
</tr>

sumap29
Obsessive-Compulsive (I) Inmate

From:
Insane since: Jun 2006

posted 11-22-2008 08:50

Heyyyy
thanks a ton,,
its working perfect,,

i added the "if($_POST){"

bravo!!!

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 11-24-2008 09:53

code:

$headers .= "Reply-To: ".$HTTP_POST_VARS['email']; 
$headers="MIME-Version: 1.0\r\n"; 
$headers.="Content-type: text/html; charset=iso-8859-1\r\n"; 
$headers.="From:".$HTTP_POST_VARS['email'];

This is both wrong (since you're adding to an unset variable in line 1, and overwrite the variable in line 2),
and a security hole that you need to fix.
The last line allows an attacker to easily enter another "\r\n", a bunch of other target e-mail adresses
and, after another two "\r\n", the body of their spam message.
This attack is called 'header injection', and you should investigate it a bit before your script is seized.

so long,
and happy learning,

->Tyberius Prime

twItch^
Maniac (V) Mad Scientist

From: Denver, CO, USA
Insane since: Aug 2000

posted 11-25-2008 15:47

Cannot stress enough what Tyberius Prime said; header injection totally sucks. Make sure you clean up that loophole, and investigate any other possible injection attacks; google around for easy to fix things, and make sure your site is secure. You don't want to be the target of an attack.

-S

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted 11-27-2008 11:57

Yeah, don't rely on the javascript validator. That's so easy to get around it's not funny.