...

View Full Version : Mail Problems



Dingbat
08-28-2009, 07:45 PM
Hi Guys,

I have a problems trying to configure a mail script. I have a form with four fields: name="email", name="First", name="Datefrom". name="Dateto".

The mail sending script is as follows:
[CODE]<?php

$email = $_POST["email"];

$myname = "Lewis Villa Menorca";
$mymail = "";

$subject = "Reservation Confirmation";
$body = "Dear $_POST["First"]. This is to confirm your reservation
at the Lewis Villa in Menorca for the following dates:

Notice how I can continue typing right on the next line!";

$headers = "Content-Type: text/plain; charset=us-ascii\nFrom: $myname <$mymail>\nReply-To: <$mymail>\nReturn-Path: <$mymail>\nX-Mailer: PHP";

if ($email != "") { mail($email,$subject,$body,$headers); }

?>[CODE]

Within the code I have included in the $body the $Post_First. This produces an error.

My question is: How do I insert code to use the First, Datefrom and Dateto fields from the form?

The Dingbat :o

bacterozoid
08-28-2009, 07:56 PM
While you can do this:


$var = "something $anotherVar something else";

You cannot do this


$var = "something $_POST['var'] something else";

In the case of using something like $_GET or $_POST, or even multi-dimensional arrays, try surrounding the variable in curly braces { } or concatenating the strings together, like so:


$var = "something {$_POST['var']} something else";
$var = "something " . $_POST['var'] . " something else";

Dingbat
08-28-2009, 08:10 PM
Hi bacterozoid,

Thanks for your response.

Are you saying that I could do some thing like:

$body = $var = "Dear {$_POST['First']}
$var = "something {$_POST['Datefrom']}

ect.

bacterozoid
08-28-2009, 08:13 PM
To clean up what I think you mean, you could do this:


$body = "Dear {$_POST['First']}, thank you for contacting us. This message was sent on {$_POST['Datefrom']}";

Dingbat
08-28-2009, 08:21 PM
bacterozoid,

Your last response worked just great. Just what I wanted.

Regards,

The Dingbat :D:thumbsup:

oracleguy
08-28-2009, 09:19 PM
Are you checking the form inputs before using them? If you aren't, you are opening yourself up to an email injection attack.

Dingbat
08-28-2009, 11:25 PM
Hi oracleguy,

Thanks for the warning. This form will be used only by the Administrator and is behind a protected area.

However, because my user level is low I would appreciate an explanation how I could prevent an email injection attack.

The Dingbat. :o

prasanthmj
08-29-2009, 05:44 AM
Dingbat,
this is the code i normally use to validate against
injection attacks


function IsInjected($str)
{
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum