Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8

Thread: Mail Problems

  1. #1
    Regular Coder
    Join Date
    Oct 2002
    Posts
    144
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Question Mail Problems

    Hi Guys,

    I have a problems trying to configure a mail script. I have a form with four fields: name="email", name="First", name="Datefrom". name="Dateto".

    The mail sending script is as follows:
    [CODE]<?php

    $email = $_POST["email"];

    $myname = "Lewis Villa Menorca";
    $mymail = "";

    $subject = "Reservation Confirmation";
    $body = "Dear $_POST["First"]. This is to confirm your reservation
    at the Lewis Villa in Menorca for the following dates:

    Notice how I can continue typing right on the next line!";

    $headers = "Content-Type: text/plain; charset=us-ascii\nFrom: $myname <$mymail>\nReply-To: <$mymail>\nReturn-Path: <$mymail>\nX-Mailer: PHP";

    if ($email != "") { mail($email,$subject,$body,$headers); }

    ?>[CODE]

    Within the code I have included in the $body the $Post_First. This produces an error.

    My question is: How do I insert code to use the First, Datefrom and Dateto fields from the form?

    The Dingbat
    Last edited by Dingbat; 08-30-2009 at 02:44 PM.

  • #2
    Regular Coder bacterozoid's Avatar
    Join Date
    Jun 2002
    Location
    USA
    Posts
    490
    Thanks
    24
    Thanked 35 Times in 35 Posts
    While you can do this:

    PHP Code:
    $var "something $anotherVar something else"
    You cannot do this

    PHP Code:
    $var "something $_POST['var'] something else"
    In the case of using something like $_GET or $_POST, or even multi-dimensional arrays, try surrounding the variable in curly braces { } or concatenating the strings together, like so:

    PHP Code:
    $var "something {$_POST['var']} something else";
    $var "something " $_POST['var'] . " something else"

  • #3
    Regular Coder
    Join Date
    Oct 2002
    Posts
    144
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hi bacterozoid,

    Thanks for your response.

    Are you saying that I could do some thing like:

    $body = $var = "Dear {$_POST['First']}
    $var = "something {$_POST['Datefrom']}

    ect.

  • #4
    Regular Coder bacterozoid's Avatar
    Join Date
    Jun 2002
    Location
    USA
    Posts
    490
    Thanks
    24
    Thanked 35 Times in 35 Posts
    To clean up what I think you mean, you could do this:

    PHP Code:
    $body "Dear {$_POST['First']}, thank you for contacting us. This message was sent on {$_POST['Datefrom']}"

  • Users who have thanked bacterozoid for this post:

    Dingbat (08-28-2009)

  • #5
    Regular Coder
    Join Date
    Oct 2002
    Posts
    144
    Thanks
    12
    Thanked 0 Times in 0 Posts
    bacterozoid,

    Your last response worked just great. Just what I wanted.

    Regards,

    The Dingbat

  • #6
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Are you checking the form inputs before using them? If you aren't, you are opening yourself up to an email injection attack.
    OracleGuy

  • #7
    Regular Coder
    Join Date
    Oct 2002
    Posts
    144
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hi oracleguy,

    Thanks for the warning. This form will be used only by the Administrator and is behind a protected area.

    However, because my user level is low I would appreciate an explanation how I could prevent an email injection attack.

    The Dingbat.

  • #8
    Regular Coder
    Join Date
    Jul 2003
    Posts
    117
    Thanks
    0
    Thanked 17 Times in 17 Posts
    Dingbat,
    this is the code i normally use to validate against
    injection attacks

    PHP Code:
    function IsInjected($str)
    {
      
    $injections = array('(\n+)',
                  
    '(\r+)',
                  
    '(\t+)',
                  
    '(%0A+)',
                  
    '(%0D+)',
                  
    '(%08+)',
                  
    '(%09+)'
                  
    );
      
    $inject join('|'$injections);
      
    $inject "/$inject/i";
      if(
    preg_match($inject,$str))
        {
        return 
    true;
      }
      else
        {
        return 
    false;
      }



  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •