Log in

View Full Version : PHP mailform code


chechu
10-30-2006, 12:27 PM
Sometimes I receive the mails, sometimes I don't.
Is this code correct ?


<?
if ($_POST["Submit"]){

if ($_POST["name"] and $_POST["email"] and $_POST["subject"] and $_POST["message"] ){



//mail gegevens

mail (
"info@casariegoart.com",
"via website (EN)",
"
Name: ".$_POST['name']."
E-mail: ".$_POST['email']."
Subject: ".$_POST['subject']."
Message: ".$_POST['message']."

",
"From: ".$_POST['name']." <".$_POST['email'].">");


//dankwoordje

echo '<p align="center"><font color="#003366">Thanks !<br>Your message has been sent.<br> We will get back to you as soon as we can.</font></p>';

}

//Indien problemen
else{
echo '<p align="center"><font color="#FF0000">Please fill in all dates!</font></p><p><a href="contactEN.html">[back]</a>';

}
}
?>
chechu
11-01-2006, 10:47 AM
Please guys, have a look !
My business depends on it !
codeexploiter
11-01-2006, 11:43 AM
<?php

if ($_POST["Submit"])
{
if ($_POST["name"] and $_POST["email"] and $_POST["subject"] and $_POST["message"] )
{
//Post Data
$name = $_POST["name"];
$from= $_POST["email"];
$subject = $_POST["subject"];
$message = $_POST["message"]
$to = "info@casariegoart.com";

//Combined all post data together for the message part
$mesg = "Name: $name\t Email: $from\tSubject: $subject\t Message: $message";

//email subject
$sub = "via website (EN)";

//from email address
$frm = "From:$name <$from>";

//sendng mail as well as checking whether the mail sending is success or not
if(mail ($to,$sub,$mesg,$frm))
{
//Mail sending was success display the following part
echo '<p align="center"><font color="#003366">Thanks !<br>Your message has been sent.<br> We will get back to you as soon as we can.</font></p>';
}
else
{
//Mail sending was unsuccess display the following part
echo '<p align="center"><font color="#003366">Message Sending failed</font></p>';
}
}
else
{
echo '<p align="center"><font color="#FF0000">Please fill in all datas!</font></p><p><a href="contactEN.html">[back]</a>';
}
}
?>>


You can also check this good demo (http://www.smartwebby.com/PHP/emailsending.asp)
chechu
11-01-2006, 03:08 PM
Sorry, but nor your corrections, nor the one in the link seem to work. Is it maybe not a scripting problem ? Because sometimes I do receive all mails, and sometimes I don't.
codeexploiter
11-02-2006, 03:35 AM
Are you sure that the mail server settings are correct and your mail server works without any problem all the time.

Rather than using the simple mail function in the PHP you can install PEAR package that offers a mail sending in a much more efficient manner compared to the normal PHP method
mwinter
11-02-2006, 05:21 PM
Sometimes I receive the mails, sometimes I don't.

It's difficult to diagnose a problem like that remotely. Have you established if there are any patterns?



if ($_POST["Submit"]){

One should use the isset function to determine if elements are present before examining values. This applies to any data coming from the user. If nothing else, it avoids generating unnecessary log entries when elements are missing.



if ($_POST["name"] and $_POST["email"] and $_POST["subject"] and $_POST["message"] ){

You aren't actually going to validate the input before you use it? That's just asking for trouble!



"
Name: ".$_POST['name']."
E-mail: ".$_POST['email']."
Subject: ".$_POST['subject']."
Message: ".$_POST['message']."

"

Use escape sequences to include carriage returns and line feeds.



echo '<p align="center"><font color="#003366">Thanks !<br>Your message has been sent.<br> We will get back to you as soon as we can.</font></p>';

That markup is rather outdated. You might want to consider abandoning deprecated, presentation markup. This is the 21st century, after all.



Please guys, have a look !
My business depends on it !

Then wouldn't it be a better idea to use a pre-existing service that does work reliably, rather than reinventing the wheel (and making it square)?

Mike
chechu
11-04-2006, 11:04 AM
It's difficult to diagnose a problem like that remotely. Have you established if there are any patterns?



Don't understand this ...
chechu
11-04-2006, 11:06 AM
That markup is rather outdated. You might want to consider abandoning deprecated, presentation markup. This is the 21st century, after all.


Then wouldn't it be a better idea to use a pre-existing service that does work reliably, rather than reinventing the wheel (and making it square)?

Mike

Didn't invent anything, that's why I ask your help in scripting, not your opinion. Guys, everyone that asks you something has a reason for it, and a idea behind it, that might might be hard to explain and to understand. Don't take this personally but sometimes I have a feeling that "professors" like to be in charge also of the feeling behind it.
My question was: why does that script not work, that's all. Don't need to know if you like the fact that I thank you for sending it. Don't judge. Never.

And if my business depends on it ? That was a "sales trigger" to get you answering. It worked ! But you couldn't resist...
mwinter
11-04-2006, 06:03 PM
It's difficult to diagnose a problem like that remotely. Have you established if there are any patterns?

Don't understand this ...

In your original post, you described an intermittent problem. Such problems may be caused by the system or its configuration, by user input, or some other awkward reason. Without being able to directly test it, such things can be difficult to solve. At the very least, you can determine if user input is a possible cause, particularly whether certain characters or character sequences occur during failure, but not during success.





Then wouldn't it be a better idea to use a pre-existing service that does work reliably, rather than reinventing the wheel (and making it square)?

Didn't invent anything,

"Reinventing the wheel (http://en.wikipedia.org/wiki/Reinvent_the_wheel)" is phrase referring to the creation of something (anything) that already exists. The comment that followed, "making it square", is an observation that the reimplementation can often be worse than a previous incarnation: the notion of a "square wheel".

Reinventing the wheel can sometimes be a useful educational tool. However it can also be disastrous, especially in a situation such as this where security is a paramount concern.



that's why I ask your help in scripting, not your opinion.

You get what you pay for.



Guys, everyone that asks you something has a reason for it, and a idea behind it, that might might be hard to explain and to understand.

But they should try nevertheless. Too often, people ask the wrong questions. Rather than trying to find the best way of achieving something, they instead concentrate on a particular, often broken implementation that they think is best, regardless of whether it is or not.



Don't take this personally but sometimes I have a feeling that "professors" like to be in charge also of the feeling behind it.

Damn right. If someone wants to shoot themselves in the foot, I have no intention of giving them a loaded gun. Understanding why someone wants to do something provides the opportunity of dissuading them from doing silly things, as well as being able to suggest a better approach.



My question was: why does that script not work, that's all.

I've mentioned a couple of problems with the PHP code itself, one of which is of critical importance and might be indirectly responsible for the problem at hand. I've explained that providing a definitive reason for the behaviour observed may be difficult for any of us because we cannot examine the situation directly. I've also suggested a better course of action. What more do you want?



Don't need to know if you like the fact that I thank you for sending it.

Thank them, by all means. Just do it with decent markup.



Don't judge. Never.

So you'd prefer to remain ignorant of bad practice, hmm?



And if my business depends on it ? That was a "sales trigger" to get you answering. It worked ! ...

No, it didn't. My response would have been the same, whether it was for a business or not. A bad approach is a bad approach. However, if it were a mission-critical feature, surely that's all the more reason to use a tried-and-tested solution?

Mike
chechu
11-04-2006, 07:44 PM
<?php

if ($_POST["Submit"])
{
if ($_POST["name"] and $_POST["email"] and $_POST["subject"] and $_POST["message"] )
{
//Post Data
$name = $_POST["name"];
$from= $_POST["email"];
$subject = $_POST["subject"];
$message = $_POST["message"]
$to = "info@casariegoart.com";

//Combined all post data together for the message part
$mesg = "Name: $name\t Email: $from\tSubject: $subject\t Message: $message";

//email subject
$sub = "via website (EN)";

//from email address
$frm = "From:$name <$from>";

//sendng mail as well as checking whether the mail sending is success or not
if(mail ($to,$sub,$mesg,$frm))
{
//Mail sending was success display the following part
echo '<p align="center"><font color="#003366">Thanks !<br>Your message has been sent.<br> We will get back to you as soon as we can.</font></p>';
}
else
{
//Mail sending was unsuccess display the following part
echo '<p align="center"><font color="#003366">Message Sending failed</font></p>';
}
}
else
{
echo '<p align="center"><font color="#FF0000">Please fill in all datas!</font></p><p><a href="contactEN.html">[back]</a>';
}
}
?>>


You can also check this good demo (http://www.smartwebby.com/PHP/emailsending.asp)


So, to get back to the point, if the above code doesn't work, it means that there is no coding problem, but an external problem (like hosting) ?
mwinter
11-04-2006, 10:32 PM
... if the above code doesn't work, it means that there is no coding problem, but an external problem (like hosting) ?

It's a potential problem, but far from the only one. The tweaks by codeexploiter still don't address the most grievous error: injection. Malformed user input, whether it be intentional or not, can cause the code to fail or to become a tool for sending spam.

Either use a third-party to handle sending mail, or use a well-established library to validate and process input. The current code should be scrapped.

Mike
codeexploiter
11-06-2006, 06:47 AM
he tweaks by codeexploiter still don't address the most grievous error: injection. Malformed user input, whether it be intentional or not, can cause the code to fail or to become a tool for sending spam

The code that I've provided was just a skelton using which the other user can build themselves into whatever they are looking for.
chechu
11-06-2006, 12:09 PM
So if I need the following in the .php:
- name, email, subject and message
- error notification in new page when data are not all filled in
- thanks message in new page
- send notification mail to sender
- in the <form>: sending with <img>

How would it look like ?