PHP for emailed forms

from the php manual:

mail ( string to, string subject, string message [, string additional_headers [, string additional_parameters]] )

Just a starter for 10: why have you set up all your $cust_* parameters then not used them?

from the php manual:

mail ( string to, string subject, string message [, string additional_headers [, string additional_parameters]] )

Just a starter for 10: why have you set up all your $cust_* parameters then not used them?

--
I havent used them just cause I'm testing it out and want to see if I get any emails with anything. The script you sent me, where do I place that and what exactly would go in the string to area, the addt'l headers area & addt'l parameters area. Thanks for the response.

The "script" I sent is simply the function's signature as gleaned from the php manual: http://uk2.php.net/manual/en/function.mail.php

What results are you getting when you use this? Is it a totally blank email?

I am getting this error:

Parse error: parse error, unexpected '@' in /home/virtual/site127/fst/var/www/html/mail2.php on line 12

Here's the script:

<?
$cust_first_name = $_REQUEST ;
$cust_last_name = $_REQUEST ;
$cust_email = $_REQUEST ;
$cust_address = $_REQUEST ;
$cust_city = $_REQUEST ;
$cust_state = $_REQUEST ;
$cust_zip = $_REQUEST ;
$cust_phone = $_REQUEST ;
$number_of_employees = $_REQUEST ;
$cust_company_category = $_REQUEST ;
mail ( [email]info@*****.com[/email], Contact Me Please, string message [,cust_first_name, cust_last_name]] )
?>
<script>
<!--
window.location= "http://www.******.com/tiothanks.htm"
//-->
</script>
<?php
exit;?>

change your mail line to:

mail("info@***.com","Contact Me Please","This is a sample message");

forget the rest of the cust_first_name, cust_last_name, etc..

Try that and see what results you get. You should recieve an email with "This is a sample message" as the message text.

You're right - I got that message in the email

good, so everything seems to be set up ok. Now, change the "mail" line to something like:

mail("info@***.com","Contact Me Please","first name: $cust_first_name, last name: $cust_last_name, email: $cust_email");

Try again, and see what you get.

I get an email, but the email has only:

first name: , last name: , email:

Not the actual inputted name, last name, & email

In that case the script that you've shown above isn't receiving the input data properly. What does the code for your contact form look like?

Well here is what I have for the first name for example:

<INPUT TYPE="Text" NAME="row[cust_first_name]" SIZE="20" MAXLENGTH="20" VALUE="">

I'm stabbing about blindly in the dark here as I can't see the rest of the code.

Change "row[cust_first_name]" to simply "cust_first_name"

and tell me what happens.

Well when i do that...now whe i click submit on the site it doesnt go to my THANK YOU page and I dont get an email period. Here's the full script with that one change u told me to make.

<FORM action=mail2.php method=post>

<B><FONT SIZE=3>Contact Us</FONT></B><BR>
<BR>
Please complete the application below. The information you provide
helps us to best cater to your needs.

<BR>
<BR>
<B>Fields with an (*) are required.</B><BR>
<BR>

<b>1.</b> First Name
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<INPUT TYPE="Text" NAME="cust_first_name" SIZE="20" MAXLENGTH="20" VALUE="">
</FONT>
<B><FONT SIZE="+2">*</FONT></B></BLOCKQUOTE><BR>

<b>2.</b> Last Name
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<INPUT TYPE="Text" NAME="row[cust_last_name]" SIZE="20" MAXLENGTH="20" VALUE="">
</FONT>
<B><FONT SIZE="+2">*</FONT></B></BLOCKQUOTE><BR>

<b>3.</b> Email address
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<INPUT TYPE="Text" NAME="row[cust_email]" SIZE="30" MAXLENGTH="100" VALUE="">
</fONT>
<B><FONT SIZE="+2">*</FONT></B></BLOCKQUOTE><BR>

<b>4.</b> Address
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<INPUT TYPE="Text" NAME="row[cust_address]" SIZE="30" MAXLENGTH="50" VALUE="">
</FONT>
<B><FONT SIZE="+2">*</FONT></b></BLOCKQUOTE><BR>

<b>5.</b> City
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<INPUT TYPE="Text" NAME="row[cust_city]" SIZE="30" MAXLENGTH="30" VALUE="">
</fONT>
<B><FONT SIZE="+2">*</FONT></B></BLOCKQUOTE><BR>

<b>6.</b> State
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<SELECT NAME="row[cust_state]">
<OPTION VALUE="">Please Select

<OPTION VALUE="AK">Alaska
<OPTION VALUE="AL">Alabama
<OPTION VALUE="AR">Arkansas
<OPTION VALUE="AZ">Arizona
<OPTION VALUE="CA">California
<OPTION VALUE="CO">Colorado
<OPTION VALUE="CT">Connecticut
<OPTION VALUE="DC">District of Columbia
<OPTION VALUE="DE">Delaware
<OPTION VALUE="FL">Florida
<OPTION VALUE="GA">Georgia
<OPTION VALUE="HI">Hawaii
<OPTION VALUE="IA">Iowa
<OPTION VALUE="ID">Idaho
<OPTION VALUE="IL">Illinois
<OPTION VALUE="IN">Indiana
<OPTION VALUE="KS">Kansas
<OPTION VALUE="KY">Kentucky
<OPTION VALUE="LA">Louisiana
<OPTION VALUE="MA">Massachusetts
<OPTION VALUE="MD">Maryland
<OPTION VALUE="ME">Maine
<OPTION VALUE="MI">Michigan
<OPTION VALUE="MN">Minnesota
<OPTION VALUE="MO">Missouri
<OPTION VALUE="MS">Mississippi
<OPTION VALUE="MT">Montana
<OPTION VALUE="NC">North Carolina
<OPTION VALUE="ND">North Dakota
<OPTION VALUE="NE">Nebraska
<OPTION VALUE="NH">New Hampshire
<OPTION VALUE="NJ">New Jersey
<OPTION VALUE="NM">New Mexico
<OPTION VALUE="NV">Nevada
<OPTION VALUE="NY">New York
<OPTION VALUE="OH">Ohio
<OPTION VALUE="OK">Oklahoma
<OPTION VALUE="OR">Oregon
<OPTION VALUE="PA">Pennsylvania
<OPTION VALUE="RI">Rhode Island
<OPTION VALUE="SC">South Carolina
<OPTION VALUE="SD">South Dakota
<OPTION VALUE="TN">Tennessee
<OPTION VALUE="TX">Texas
<OPTION VALUE="UT">Utah
<OPTION VALUE="VA">Virginia
<OPTION VALUE="VT">Vermont
<OPTION VALUE="WA">Washington
<OPTION VALUE="WI">Wisconsin
<OPTION VALUE="WV">West Virginia
<OPTION VALUE="WY">Wyoming
</SELECT>
</FONT>
<B><FONT SIZE="+2">*</FONT></b></BLOCKQUOTE><BR>

<b>7.</b> Zip Code
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<INPUT TYPE="Text" NAME="row[cust_zip]" SIZE="10" MAXLENGTH="30" VALUE="">
</FONT>
<B><FONT SIZE="+2">*</FONT></B></BLOCKQUOTE><BR>

<b>8.</b> Phone Number
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<INPUT TYPE="Text" NAME="row[cust_phone]" SIZE="11" MAXLENGTH="30" VALUE="">
</FONT>
<B><FONT SIZE="+2">*</FONT></B></BLOCKQUOTE><BR>

<b>9.</b> Number of Employess
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<SELECT NAME="row[number_of_employees]">
<OPTION VALUE="">Please Select
<OPTION VALUE="1 to 5">1 to 5
<OPTION VALUE="6 to 10">6 to 10
<OPTION VALUE="11 to 15">11 to 15
<OPTION VALUE="16 or more">16 or more
</SELECT>
</FONT>
<B><FONT SIZE="+2">*</FONT></b></BLOCKQUOTE><BR>

<b>10.</b> Please select the one category which best describes your company.
<BR><BR><BLOCKQUOTE>
<FONT SIZE="+0">
<SELECT NAME="row[cust_company_category]">
<OPTION VALUE="">Please Select
<OPTION VALUE="Advertising / Public Relations">Advertising / Public Relations
<OPTION VALUE="Children's related Educational / Entertainment">Children's related Educational / Entertainment
<OPTION VALUE="Computers / System / Data Processing">Computers / System / Data Processing
<OPTION VALUE="Computers / WWW / Internet">Computers / WWW / Internet
<OPTION VALUE="Direct Marketing">Direct Marketing
<OPTION VALUE="Educational Services">Educational Services
<OPTION VALUE="Entertainment">Entertainment
<OPTION VALUE="Financial Services">Financial Services
<OPTION VALUE="Manufacturing / Production">Manufacturing / Production
<OPTION VALUE="Nonprofit / Associations">Nonprofit / Associations
<OPTION VALUE="Professional (medical, legal, accounting, etc.)">Professional (medical, legal, accounting, etc.)
<OPTION VALUE="Publishing / Communications">Publishing / Communications
<OPTION VALUE="Retail">Retail
<OPTION VALUE="Services Business">Services Business
<OPTION VALUE="Software">Software
<OPTION VALUE="Sports / Fitness / Health">Sports / Fitness / Health
<OPTION VALUE="Other">Other
</SELECT>
</FONT>
</BLOCKQUOTE><BR>

<INPUT TYPE="submit">
<INPUT TYPE="reset">

</FORM>
</FONT> </TD>
</TR>
</TABLE>
</CENTER>
<P><CENTER><font face="Arial, Geneva" size="-2">1225 FRANKLIN AVENUE • SUITE 325 • GARDEN CITY • NEW YORK • 11530
</font></CENTER> </TD>
</TR>
</TABLE>
</CENTER>
</BODY>
</HTML>

WAIT - WHAT YOU TOLD ME TO DO MAKES IT WORK....i WAS MISTAKEN BEFORE....NOW DO I SWITCH EVERYTHING ELSE???

It works - I appreciate your help. Just 2 questions:

1) How can I have it so that in the email, instead of me getting something that looks like this:

First Name: Joe, Last Name: Hall, etc

Look like this:

First Name: -----
Last Name: ---

2) Also, I set some fileds in the forms as being required, but if you leave them out, the form doesnt reject you. Is there a way to fix that?

Ah. Glad it worked. Glad you worked out what to do for the rest of the fields.

As for the formatting, you need to format the text that you put in the third parameter of the mail function. http://uk.php.net/manual/en/function.mail.php has some examples, and it also explains how to adjust the headers in the emails.

BE AWARE of the fact that you are accepting untested user input - people can easily attack your system as it stands. For a secure system you need to carefully vet all inputs.

Thanks - I am not exactly sure what you mean by them being able to attack my system & me needing to "vet" my inputs...Can you expand a little for me?

First rule of thumb: Always check any inputs you get from external sources. This means, in your case, the input that users put into your form. People could be entering absolutely anything, and if they play around enough with their entries, then they could produce some unexpected results in your code.

The way to protect against this is to comprehensively check any data you get by checking that it conforms to any expectations you have for entries. Names shouldn't contain a ";", for example, and no field should be over a particular length.

The example at the link I gave you is mentioned by "jfonseca at matarese dot com" (search for the name, and you'll find the comment) and is just one more form of the very common "injection"; I expect there are many more.

This is just basic security, and the depth you want to go with it depend entirely on the applications that your code will have. If you're on an intranet and you know that no malicious users can access the form, then you might feel comfortable leaving out security altogether. If you're storing peoples' credit card details on an world accessible site, then you'll be needing some pretty intensive security.