 |
|
|
| View previous topic :: View next topic |
| Author |
Message |
america123_02
Joined: 04 Mar 2008
Posts: 8
|
 Posted: Tue Mar 18, 2008 4:33 pm Problem fixing this php script |
 |
|
|
I made this PHP script which allows my visitors to sned me an email with their comments. It works fine but the only problem its that their email and their comments shows up on the email i recieve but their name doesnt. Im new at this so i dont know what im doing wrong. Any help its appriciated
| Code: |
<?php
if (isset ($_POST['Submit']))
{
//$email = $_POST['email'];
$body = $_POST['comments'];
$headers = $_POST['email'];
mail("conferencistaatlilianacarrillo.com", "Web Site Comments", $body, $headers);
}
?> |
| Code: |
<p align="center" class="style33"><form actions="mail.php" method="post" name="form1" id="form1">
<p><span class="style16">Nombre</span>
<input name="name" type="text" id="name" />
</p>
<p><span class="style16">E-Mail</span>
<input name="email" type="text" id="email" />
</p>
<p class="style16">Comments</p>
<p>
<textarea name="comments" cols="50" rows="10" id="comments"></textarea>
</p>
<p>
<input type="submit" name="Submit" value="Submit" />
</p>
</form> |
|
|
rsleventhal
Joined: 19 Mar 2008
Posts: 20
|
| Posted: Wed Mar 19, 2008 4:55 am |
|
|
|
Hi america123_02,
The sender's name isn't included in the email because you're not asking for it to be, afaict:
One way, is to change how you're defining $body. You could change:
to
| Code: |
$body = $_POST['name'] . "said:\n";
$body .= $_POST['comments'] |
Or, you could use a generic 'process.php' script which takes *all* of the $_POST array and inserts it into the email in the form:
fieldname: value
like this:
| Code: |
if ( $_POST['submit'] )
{
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// In testing, if you get an Bad referer error
// comment out or remove the next three lines
if ( strpos( $_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'] ) > 7 || !strpos( $_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'] ) )
die( "Bad referer" );
$msg = "Values submitted by the user:\n";
foreach( $_POST as $key => $val )
{
if ( is_array( $val ) )
{
$msg .= "Item: $key\n";
foreach( $val as $v )
{
$v = stripslashes( $v );
$msg .= " $v\n";
}
}
else
{
$val = stripslashes( $val );
$msg .= "$key: $val\n";
}
}
$recipient = 'youremailatexample.com';
$subject = 'Some Subject';
$headers = 'From: <'.$_POST['email'] . '>' . "\r\n";
error_reporting( 0 );
mail( $recipient, $subject, $msg, $headers )
|
Be sure to use some sort of cleaning mechanism on all of your user input. Generally, I distrust *anything* that a user might input. So, if you're posting to a database, use php's built-in 'mysql_real_escape_string($_POST['someindex']). If you're just emailing, there's not much chance of a security issue, but still, I like to be safe, so something like htmlentities or stripslashes is probably a good practice.
I hope this helps a bit 
-Ray |
|
america123_02
Joined: 04 Mar 2008
Posts: 8
|
| Posted: Wed Mar 19, 2008 12:11 pm |
|
|
|
| Thanks for the help. Apreciate it |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
 |
|
|
|
|
|
|
Forum Home
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
