View Full Version : Mail Problems

08-28-2009, 08:45 PM
Hi Guys,

I have a problems trying to configure a mail script. I have a form with four fields: name="email", name="First", name="Datefrom". name="Dateto".

The mail sending script is as follows:

$email = $_POST["email"];

$myname = "Lewis Villa Menorca";
$mymail = "";

$subject = "Reservation Confirmation";
$body = "Dear $_POST["First"]. This is to confirm your reservation
at the Lewis Villa in Menorca for the following dates:

Notice how I can continue typing right on the next line!";

$headers = "Content-Type: text/plain; charset=us-ascii\nFrom: $myname <$mymail>\nReply-To: <$mymail>\nReturn-Path: <$mymail>\nX-Mailer: PHP";

if ($email != "") { mail($email,$subject,$body,$headers); }


Within the code I have included in the $body the $Post_First. This produces an error.

My question is: How do I insert code to use the First, Datefrom and Dateto fields from the form?

The Dingbat :o

08-28-2009, 08:56 PM
While you can do this:

$var = "something $anotherVar something else";

You cannot do this

$var = "something $_POST['var'] something else";

In the case of using something like $_GET or $_POST, or even multi-dimensional arrays, try surrounding the variable in curly braces { } or concatenating the strings together, like so:

$var = "something {$_POST['var']} something else";
$var = "something " . $_POST['var'] . " something else";

08-28-2009, 09:10 PM
Hi bacterozoid,

Thanks for your response.

Are you saying that I could do some thing like:

$body = $var = "Dear {$_POST['First']}
$var = "something {$_POST['Datefrom']}


08-28-2009, 09:13 PM
To clean up what I think you mean, you could do this:

$body = "Dear {$_POST['First']}, thank you for contacting us. This message was sent on {$_POST['Datefrom']}";

08-28-2009, 09:21 PM

Your last response worked just great. Just what I wanted.


The Dingbat :D:thumbsup:

08-28-2009, 10:19 PM
Are you checking the form inputs before using them? If you aren't, you are opening yourself up to an email injection attack.

08-29-2009, 12:25 AM
Hi oracleguy,

Thanks for the warning. This form will be used only by the Administrator and is behind a protected area.

However, because my user level is low I would appreciate an explanation how I could prevent an email injection attack.

The Dingbat. :o

08-29-2009, 06:44 AM
this is the code i normally use to validate against
injection attacks

function IsInjected($str)
$injections = array('(\n+)',
$inject = join('|', $injections);
$inject = "/$inject/i";
return true;
return false;