of my feedback form.

I made all of the additions in feedback2.txt

This feedback form no long works as intended for me
http://www.web-user.info/feedback/feedback1.txt (this is the original version)

after the changes are made as you posted in the forum
http://www.web-user.info/feedback/feedback2.txt (this is the secured form version)

the first version has a nice html response I get back from each use of the form

After I add your suggestions to tighten upsecurity I get a text email with all the html tags
and everything as a regular text email

Is there a way to have both-the secure form and also get the nicely styled question/answer
form response

Adrian was helping in a different thread here:
http://www.dynamicdrive.com/forums/showthread.php?73963-Php-contactform-handler-with-issues&p=296052#post296052

I wanted to start a thread for just this before I get a warning-lol

Here:
$from = "";
$from .= "MIME-Version: 1.0" . "\r\n";
$from .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$from = "From: no-reply@web-user.net\r\nReply-to: $name <$email>\r\n";
You write the MIME and Content-type headers, then you overwrite them with the From and Reply-to headers. On that last line, you need to concatenate ( .= ), not assign ( = ).

(BTW, this is directly related to what we were working on in the other thread, so there's no need to worry about starting a new thread.
Also, generally speaking, you have to be pretty dang far off-topic before you get a warning about it in your own thread :).
If you know it's unrelated, start a new thread; if it "might be" related (as in this case, where the issue cropped up right after changes you made), you're probably fine.)

Okay I added that part for the mime and content to the headers and I am still getting the html file as it is written,not displayed as an html page(I get the whole thing with all html tags )

http://www.web-user.info/feedback/feedback2.txt

Okay I added that part ...
no, you didn't. from your linked code:
<?php
/* snip */
$from .= "MIME-Version: 1.0" . "\r\n";
$from .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$from = "From: no-reply@web-user.net\r\nReply-to: $name <$email>\r\n";

That's exactly as it was before: you write the MIME and Content-type headers, then overwrite them with the From and Reply-to headers. Read my post above again.

I guess you should color me dumb then-lol

I don't understand what you mean by


That's exactly as it was before: you write the MIME and Content-type headers, then overwrite them with the From and Reply-to headers. Read my post above again.

I will go back to the first thread and back here to and see if I can figure out what you are saying?

meaning you didn't make any changes to this part of your code:
<?php
/* snip */
// at each step, // this is the value $from holds:
$from .= "MIME-Version: 1.0" . "\r\n"; //"MIME-Version: 1.0\r\n"
$from .= "Content-type: text/html; charset=iso-8859-1" . "\r\n"; //"MIME-Version: 1.0\r\nContent-type: text/html; charset=iso-8859-1\r\n"
$from = "From: no-reply@web-user.net\r\nReply-to: $name <$email>\r\n"; //"From: no-reply@web-user.net\r\nReply-to: $name <$email>\r\n"
/* snip */

As I described in post #2 above (http://www.dynamicdrive.com/forums/showthread.php?74184-help-with-securing-and-retaining-original-styling&p=296063#post296063), on the last line of this snippet, you assign a new value to $from (using = ), where I would expect you to append to the current value (using .= ). That's why you're losing the Content-type headers, and your email is displaying as plain text.

Okay,I think I understand what you maen but not knowing much about php I don't know how to do that.I am sorry but I am trying to learn as I go along here.

I would try this from what you are saying.

$from ="Content-Type:text/html; charset=iso-8859-1" . "\r\n" . ="Content-Type:text/html; charset=iso-8859-1" . "\r\n"

??? that uses both the 'equal' thing and asks for the same thing again?

to address your current problem:

in that last line ($from = "From: no-reply@web-user.net\r\nReply-to: $name <$email>\r\n";), don't use = . Use .= instead.


more of an explanation...

= is the assignment operator. It takes the value on the right side, and assigns it to the variable named on the left side:
<?php

$myVar = "hello"; // $myVar holds the value "hello"
$myVar = "goodbye"; // $myVar holds the value "goodbye"
$myVar = ""; // $myVar holds an empty string
As you can see in the example above, = does not preserve any values that the variable had before the assignment. It overwrites any such values, and they are lost.

. is the concatenation operator. It allows you to join two strings into one string:
<?php

$myVar = "hello" . " " . "goodbye"; // $myVar holds the value "hello goodbye"
$myVar = "hello"; // $myVar holds the value "hello"
$myVar = $myVar . " goodbye"; // $myVar holds the value "hello goodbye"

When you want to append more text to the end of a string that is already assigned to a variable (like in the last line above), you can use the two operators together, like .= :
<?php

$myVar = "hello"; // $myVar holds the value "hello"
$myVar .= " "; // $myVar holds the value "hello "
$myVar .= "goodbye"; // $myVar holds the value "hello goodbye"

No that I understand,thanks for the explanation.I understand it now

You're quite welcome. Have you got it working now?

Sorry,should have told you it is working now.

I want to make some changes to get rid of some of it.

But it actually is quite nice and looks great.And now I am sure it is as secure as I can make it-thank you Adrian

you're welcome - I'm glad to hear it : )