PHP receive email help

Hi there! im new to php :o , im having problem when receiving email from enquiry from i have created below. i had create the form, after user click on submit, the information will store in mysql and send a copy to email account. My problem is, in the form i had 'name','email','contact', 'subject','message' but i only receive 'message' from email,other information not receiving (no problem with mysql). i have tried few method like adding variable ...it cant works as well. hope u guys able to help me. Thank you in advance :)



<html>
<title>Login Script</title>
<body>

<?php


function insertData($msg) // <-- add rest $_post data here..
{
// Connects to your Database
mysql_connect("xxxxxx","xxxxxx","xxxxxx") or die(mysql_error());
mysql_select_db("xxxxxx_enquiry") or die(mysql_error());

// now we insert it into the database
$insert = "INSERT INTO enquiry (name, email, cont_number, subject, msg)
VALUES ('".$_POST['name']."', '".$_POST['email']."', '".$_POST['cont_number']."',
'".$_POST['subject']."','".$_POST['msg']."')";
if($add_member = mysql_query($insert))
{
sendMail(($_POST['msg']),($_POST['email']));
}
}

function sendMail($message)
{
$to = 'desmond@xxxxx.com';
$from = 'From: xxxxx.com';
mail($to, "You have a new message", $message, $from);
$message="Thank You !! <br> Form has been submitted";
}
?>



<?php
function error_bool($error, $field)
{
if($error[$field])
{
print("<td style=color:red>");
}
else
{
print("<td>");
}
}


//////////////////
function show_form() {
global $HTTP_POST_VARS, $_POST, $print_again, $error;
?>
<script type="text/javascript">
<!--
function MM_validateForm() { //v4.0
if (document.getElementById){
var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
} }
//-->
</script>


<h2 align="center"> Enquiry Form</h2>
<form action="<?php echo $_SERVER['../PHP_SELF']; ?>" method="post">
<table align="center" cellpadding="3">
<tr>
<?php error_bool($error, "name"); ?> Name </td>
<td>:<input name="name" type="text" id="name" onBlur="MM_validateForm('name','','R');return document.MM_returnValue" value="<? echo $_POST["name"]; ?>" SIZE="33"></td>
</tr>
<tr>
<?php error_bool($error, "email"); ?> Email </td>
<td>:<input name="email" type="text" id="email" onBlur="MM_validateForm('email','','RisEmail');return document.MM_returnValue" value="<? echo $_POST["email"]; ?>" SIZE="33"></td>
</tr>


<tr><td>Contact No. </td><td>

:<input name="cont_number" type="text" id="cont_number" onBlur="MM_validateForm('cont_number','','RisNum');return document.MM_returnValue" SIZE="33" maxlength="10">

</td></tr>

<tr><td>Subject </td><td>

:<input type="text" name="subject" SIZE="33" maxlength="25">

</td></tr>



<tr><td>Your Message :</td><td>

<textarea name="msg" cols="27" rows="5"
wrap="virtual"></textarea>

</td></tr>


<tr>
<td><th colspan=4 align="right">
<input type="reset" value="Clear"><input type="submit" name="Submit" value="Submit"></td>
</th><td> </td>
</tr>
</table>
</form>
<?php
}

if(isset($_POST["Submit"]))
{
check_form();
}
else
{
show_form();
}

function check_email_address($email)
{
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
{
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++)
{
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i]))
{
return false;
}
}

if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
{ // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2)
{
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++)
{
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
{
return false;
}
}
}
return true;
}


function check_form()
{
global $_POST, $error, $print_again;
$error['name'] = false;
if($_POST["name"]=="")
{
$error['name'] = true;
$print_again = true;
$message="The name field is empty<br>";
}

if(!check_email_address($_POST['email']))
{
$error['email'] = true;
$print_again = true;
$message.="Either Field Empty or Invalid Email ID <br>";
}

if($print_again)
{
show_form();
}
else
{
show_form();
insertData($_POST['msg']); // <-- call the function (add the rest of post data here.)
//$message="Thank You !! <br> Form has been submitted"; // <-- move this to the sendMail function
}
echo "$message";
}
?>

</body>
</html>

This doesn't look like a problem to me, the code only specifies to send a message:

function sendMail($message)
{
$to = 'desmond@xxxxx.com';
$from = 'From: xxxxx.com';
mail($to, "You have a new message", $message, $from);
$message="Thank You !! <br> Form has been submitted";
}

$message assignment in this function (the last line) doesn't actually do anything. The message is not passed by reference and no result is returned.
The easiest way is to modify the function to change what it will accept. I would only add the subject, body and from to it:

function sendMail($subject, $message, $replyTo = '')
{
$to = 'desmond@xxxxx.com';
$headers = 'From: ' . (empty($replyTo) ? 'xxxx.com' : $replyTo;
$subject = trim($subject);
$message = trim($message);
$subject = empty($subject) ? 'You have a new message' : $subject;
if (!mail($to, $subject, $message, $headers))
{
trigger_error('Failed to send email');
}
}

And format it as you see fit when calling:

$sMessage = sprintf("New message from %s\nSubject: %s\n, Message: %s\nCont Number: %d\n", $_POST['name'], $_POST['subject'], $_POST['message'], $_POST['cont_number']);
sendMail($_POST['subject'], $sMessage, $_POST['email']);


Also, take some time to read over mail and database security:
http://www.google.ca/search?q=php+email+prevent+injection&btnG=Search
http://www.google.ca/search?q=database+prevent+injection&btnG=Search

1) Are you aware that your script is highly vulnerable to sql injection (http://unixwiz.net/techtips/sql-injection.html) attacks?

2) Why are you passing 2 parameters to sendMail() when it has only 1 argument?


and what Fou-Lu says :)

1) Are you aware that your script is highly vulnerable to sql injection (http://unixwiz.net/techtips/sql-injection.html) attacks?

2) Why are you passing 2 parameters to sendMail() when it has only 1 argument?


and what Fou-Lu says :)


Hi there,
sorry i'm confusing, what you trying to mention is it my script is at risk ? not safe enough and easy to get attack ? (sorry, i'm poor in english and php) please point me out the error.

For passsing 2 parameters to sendMail() i'm not too sure as well, cause i'm following few tutorial and modified it, do i need to remove 1 of the sendMail() function ?

Thank you for being patient and helping me. Thx a million