Re: [PHP] Having trouble with a form to mail script.
2009/3/21 Linda Stark : > > > I’m not sure if I am > in the right forum but thought I would give this a shot… > Sure, you are > > I just > created a new mail form in Dreamweaver for a web site. I’m > working on a form to mail script that I started after reading a few on line > tutorials, and can’t seem to get right. When I run > this little test script (named sendmail2.php) from the tutorial, on my server, > just to make sure PHP is working OK for web email forms: > > > > $email = $_REQUEST['email'] ; > > $message = $_REQUEST['message'] ; > > mail( "h...@mydomain.com", "Feedback Form Results", > > $message, "From: $email" ); > I didn't dig through all the answers, but I felt that it might be useful to mention, that you should avoid using mail() with unfiltered user-input. Especially the additional headers you're passing to mail() as the fourth parameter can be exploited to send spam with your form. Please filter your variables and discard CR, LF from the vars passed to the header. See http://www.google.de/search?q=mail()+header+injection byebye, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Having trouble with a form to mail script.
On Mar 22, 2009, at 12:46 PM, Linda Stark wrote: what you guys thought about the PHPMailer-FE from http://phpmailer.codeworxtech.com/index.php?pg=phpmailerfe I'm not familiar with this. You might want to check with your web provider. I'm with Pair and they make security recommendations for code and pre-made scripts. if you want to accept html mail, use this script, but he does not recommend it because when browsers are configured to not accept html mail there should also be a text alternative anyway. That would depend on what the form is for. If the results are only going to a few people, and they accept HTML, it shouldn't be a problem. It is safer that way too, so your form can't be used to send off email to everywhere. There's an awful lot of variables to consider. This is a good start: http://shiflett.org/blog/2005/dec/essential-php-security-forms-and-urls -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Having trouble with a form to mail script.
> From: dane...@bluerodeo.com > To: nads...@live.com > Subject: Re: [PHP] Having trouble with a form to mail script. > Date: Sat, 21 Mar 2009 09:43:25 -0700 > > > On Mar 21, 2009, at 3:47 AM, Linda Stark wrote: >>>> >> $email = $_REQUEST['email'] ; >> >> $message = $_REQUEST['message'] ; >> >> mail( "h...@mydomain.com", "Feedback Form Results", >> >> $message, "From: $email" ); >> >> header( "Location: http://www.mydomain.com/thankyou.html"; >> ); >> >> ?> >> The email is >> received, but with a blank return email address and an empty >> message. None of >> the comments or form values get through - just a blank email sent to >> my >> address. Can anyone point me in the right direction – what am I >> doing wrong? > > The PHP code above is only looking for values named "email" and > "message". Your new form has values with many more different names. > So you'll need to update your code in incorporate them. For example, > one of your new forms values is "emailAddress", so your php code will > need something like: > > $email_address = $REQUEST['emailAddress']; > > A second problem is that the code above is only sending back the > contents of "message". But you will need to send back more. So you > may want to create a variable called "$contents", which includes all > the new fields on your longer form. Something like: > > $content = "Message: $message "; > $content .= "Email: $emailAddress" ; > > Then update: > > mail( "h...@mydomain.com", "Feedback Form Results", $message, "From: > $email" ); > > with: > > mail( "h...@mydomain.com", "Feedback Form Results", $content, "From: > $email" ); > > But keep in mind, this is a very simple form, and does not account for > many security measures and corrections. This will only mail you > whatever the person initially inputs. It does not check for things > like whether an email address was entered and it is wide open for spam. > > If you are doing the form yourself in order to study PHP, you may want > to do some google searches on creating a secure web form. If you are > building the form in order to get a quick working form, you may want > to look into using a pre-made script with more advanced functionality. Thanks so much for all your helpful advice yesterday and today, I read every response and I'm working on the script with your suggestions. Actually I bought a couple of php books too. Actually DG, I'm glad you brought up the security issue, because yesterday I researched some pre made mail form scripts, I was wondering what you guys thought about the PHPMailer-FE from http://phpmailer.codeworxtech.com/index.php?pg=phpmailerfe I'm think for now I should use a pre made and secure script while I learn php and then maybe some time in the future I'll write my own when I feel Confident. The site claims it is a secure and regularly updated script, do you guys agree? Apparently in 2007 there was a security vulnerability in the script and they went a long time without patching it… Another point - I bought the book – “The Essential Guide to Dreamweaver CS4 with CSS, Ajax, and PHP” by Powers and in it the author claims that if you want to accept html mail, use this script, but he does not recommend it because when browsers are configured to not accept html mail there should also be a text alternative anyway. He goes through a good tutorial on how to create a form mail script for text only and includes the code snippets and claims it is a secure script. What do you think would be better? Use his code from his book? Or use PHPMailer-FE? Or would you recommend a different script than that that accepts only non html mail? I was also looking at the forms-to-go code generator which is a drag and drop application which you can drop your form into and it creates your php – does that application write secure code, or am I better off staying away from it and going with a well written secure script? I don't really care about file and photo uploads right now, as long as I can get a basic email via the web form that’s all I need for now... _ Express your personality in color! Preview and select themes for Hotmail®. http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=TXT_MSGTX_WL_HM_express_032009#colortheme -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Having trouble with a form to mail script.
> Hi there, > Well, after reading the post about "so called experts" and licensing > programming, I > can say that I sure am not licensed or even remotely close to a novice PHP > programmer, just a ‘lil ole PHP beginner trying to get my web page set up and > learn a few things. I’m not sure if I am > in the right forum but thought I would give this a shot… > > I just > created a new mail form in Dreamweaver for a web site. I’m > working on a form to mail script that I started after reading a few on line > tutorials, and can’t seem to get right. When I run > this little test script (named sendmail2.php) from the tutorial, on my server, > just to make sure PHP is working OK for web email forms: > > $email = $_REQUEST['email'] ; > > $message = $_REQUEST['message'] ; > > mail( "h...@mydomain.com", "Feedback Form Results", > > $message, "From: $email" ); > > header( "Location: http://www.mydomain.com/thankyou.html"; > ); > > ?> > > > > Which takes > input from the following testmail.html page form: > > > > action="sendmail2.php"> > > Email: /> > > Message: > > cols="40"> > > > > > > > > It works > great, I get the senders email address and comment sent to my email address – > account. > But the form > I want to use my final design from Dreamweaver, is: > > name="formEmail" method="post" > action="sendmail2.php"> > > > > Account Info: > > User Name: > > id="emailAddress" tabindex="10" /> > > > > Password > > tabindex="20" /> > > > > Confirm Password: > > id="confirm" tabindex="30" /> > > > > > > > > Personal Info > > > > First Name: > > id="firstname" tabindex="40" /> > > > > > > Last Name: > > id="lastname" tabindex="50" /> > > > > > > What state do you live > in? > > tabindex="60"> > > Alabama > > Indiana > > selected="selected">Michigan > > Ohio > > > > > > How long have u been sawing? > > > > value="newbie" id="WoodLength_0" tabindex="70" > /> > > 0-2 years > > > > > > value="novice" id="WoodLength_1" tabindex="80" > /> > > 3-5 years > > > > > > value="expert" id="WoodLength_2" > tabindex="90"/> > > 6 plus years > > What tools do you use most often? > > > > id="shop" tabindex="100" /> > > Shopping > > > > id="tools" tabindex="120" /> > > Tools > > > > id="saws" tabindex="130" /> > > Saws > > > > > > Additional Comments > > > > cols="50" rows="10" > tabindex="140"> > > > > id="Submit" value="Join Mail List" tabindex="160" > /> > > > > > > > > > > …and when I > use it with the associated sendmail2.php script: > > > > > > > > $emailAddress = $_REQUEST['emailAddress'] ; > > $pwd = $_REQUEST['pwd'] ; > > $confirm = $_REQUEST['confirm'] ; > > $firstname = $_REQUEST['firstname'] ; > > $lastname = $_REQUEST['lastname'] ; > > $region = $_REQUEST['region'] ; > > $WoodLength = $_REQUEST['WoodLength'] ; > > $shop = $_REQUEST['shop'] ; > > $tools = $_REQUEST['tools'] ; > > $saws = $_REQUEST['saws'] ; > > $Comments = $_REQUEST['Comments'] ; > > mail( "h...@mydomain.com", "Feedback Form Results", > > $message, "From: $email" ); > > header( "Location: http://www.mydomain.com/thankyou.html"; > ); > > ?> > > > > The email is > received, but with a blank return email address and an empty message. None of > the comments or form values get through - just a blank email sent to my > address. Can anyone point me in the right direction – what am I doing wrong? > > > > Note: That > password field is not really a login password, I just wanted to use it for > testing purposes. > > > Do I have to > refrence the type and id attributes in the php script as well? > > > > Thanks for > any input. hi Linda, change some parameters to the mail function: mail( "h...@mydomain.com", "Feedback Form Results", $comments, "From: $emailAddress" ); if you want to include the other inputs, just concatenate them into $comments. Virgil http://www.jampmark.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Having trouble with a form to mail script.
2009/3/21 Linda Stark : > > > > > > > > > > Hi there, > > > > Well, after reading the post about "so called experts" and licensing > programming, I > can say that I sure am not licensed or even remotely close to a novice PHP > programmer, just a ‘lil ole PHP beginner trying to get my web page set up and > learn a few things. I’m not sure if I am > in the right forum but thought I would give this a shot… > > > I just > created a new mail form in Dreamweaver for a web site. I’m > working on a form to mail script that I started after reading a few on line > tutorials, and can’t seem to get right. When I run > this little test script (named sendmail2.php) from the tutorial, on my server, > just to make sure PHP is working OK for web email forms: > > > > > $email = $_REQUEST['email'] ; > > $message = $_REQUEST['message'] ; > > mail( "h...@mydomain.com", "Feedback Form Results", > > $message, "From: $email" ); > > header( "Location: http://www.mydomain.com/thankyou.html"; > ); > > ?> > > > > Which takes > input from the following testmail.html page form: > > > > action="sendmail2.php"> > > Email: /> > > Message: > > cols="40"> > > > > > > > > It works > great, I get the senders email address and comment sent to my email address – > account. > But the form > I want to use my final design from Dreamweaver, is: > > > > > > > > name="formEmail" method="post" > action="sendmail2.php"> > > > > Account Info: > > User Name: > > id="emailAddress" tabindex="10" /> > > > > Password > > tabindex="20" /> > > > > Confirm Password: > > id="confirm" tabindex="30" /> > > > > > > > > Personal Info > > > > First Name: > > id="firstname" tabindex="40" /> > > > > > > Last Name: > > id="lastname" tabindex="50" /> > > > > > > What state do you live > in? > > tabindex="60"> > > Alabama > > Indiana > > selected="selected">Michigan > > Ohio > > > > > > How long have u been sawing? > > > > value="newbie" id="WoodLength_0" tabindex="70" > /> > > 0-2 years > > > > > > value="novice" id="WoodLength_1" tabindex="80" > /> > > 3-5 years > > > > > > value="expert" id="WoodLength_2" > tabindex="90"/> > > 6 plus years > > What tools do you use most often? > > > > id="shop" tabindex="100" /> > > Shopping > > > > id="tools" tabindex="120" /> > > Tools > > > > id="saws" tabindex="130" /> > > Saws > > > > > > Additional Comments > > > > cols="50" rows="10" > tabindex="140"> > > > > id="Submit" value="Join Mail List" tabindex="160" > /> > > > > > > > > > > …and when I > use it with the associated sendmail2.php script: > > > > > > > > $emailAddress = $_REQUEST['emailAddress'] ; > > $pwd = $_REQUEST['pwd'] ; > > $confirm = $_REQUEST['confirm'] ; > > $firstname = $_REQUEST['firstname'] ; > > $lastname = $_REQUEST['lastname'] ; > > $region = $_REQUEST['region'] ; > > $WoodLength = $_REQUEST['WoodLength'] ; > > $shop = $_REQUEST['shop'] ; > > $tools = $_REQUEST['tools'] ; > > $saws = $_REQUEST['saws'] ; > > $Comments = $_REQUEST['Comments'] ; > > mail( "h...@mydomain.com", "Feedback Form Results", > > $message, "From: $email" ); > > header( "Location: http://www.mydomain.com/thankyou.html"; > ); > > ?> > > > > The email is > received, but with a blank return email address and an empty message. None of > the comments or form values get through - just a blank email sent to my > address. Can anyone point me in the right direction – what am I doing wrong? > > > > Note: That > password field is not really a login password, I just wanted to use it for > testing purposes. > > > Do I have to > refrence the type and id attributes in the php script as well? > > > > Thanks for > any input. > > > > It looks like you are not using the same variable names in all the places that you want to use a variable. For one thing, $email is not set, but $emailAddress is. That should be enough to get you started. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
