How does PHP format echos and emails?

[dog]

I have just got my first bit of PHP working with a lot of help from thetestingsite.

It sends and email with some information from a form page. Here's a section of the code that I have some questions about:

PHP Code:

mail($email, "Password Reminder", "Password reminder:

Username: ".$username."
Password: monkey

Please login at http://torema.com.br/cases.php", "From: noreply@torema.com.br"); 


This sends an email with a password reminder in the message body.

Originally I tried it like this using the html tag <br> to format the text...

PHP Code:

mail($email, "Password Reminder", "Password reminder:<br><br>
        Username: ".$username."<br>Password: monkey<br><br>
        Please login at http://torema.com.br/cases.php", "From: noreply@torema.com.br"); 


...however the <br> tags showed up in the message body.

Now I'm wondering how to put HTML into a string (terminology?) written by the PHP such as an emails body or an echo.

Thanks,

dog

[thetestingsite]

A way that I have done it before is by making a variable (lets say $msg), then doing the formatting one of two ways. (Both should work, but I have only worked with the first one personally.

Code:

$msg = <<<HERE
This is my formatted
       email     
             text.
HERE;

or

Code:

$msg = "This is 
    my formatted
             email text";

Now as far as entering HTML in it, I'm not sure because I haven't really played around with it that much.

Good luck!

[dog]

Thanks. I was suprised that the line breaks have an effect on the formatting but they do.

Now I'm just really curious about what's going on in PHP when you get it to print text like this.

HTML tags aren't behaving as HTML they're just appearing as plain text and line breaks are effecting the formating! If the PHP isn't writing HTML what is it doing?

And how do you get PHP to write HTML?

I'm asking all of this regarding what PHP sends for an email body but would also like to know about options for formating what PHP sends in echos.

Are these two completely different things and are there some standard rules that apply to formating text that gets sent by PHP?.

I hope my questions are understandable. I lack a lot of technical terms.

[boxxertrumps]

you'll have to figure out how the email server handles email, sending them in bbcode/html or xml.

[mwinter]

I was suprised that the line breaks have an effect on the formatting but they do.

Why shouldn't they? The content is just text.

HTML tags aren't behaving as HTML they're just appearing as plain text and line breaks are effecting the formating!

That's because it is plain text.

And how do you get PHP to write HTML?

You need to send a Content-Type header that informs the e-mail client that it's received HTML. However, HTML mail should always be accompanied by a plain text version, and in this case, there seems to be little point in sending both.

Mike

[dog]

HTML tags aren't behaving as HTML they're just appearing as plain text and line breaks are effecting the formating!
That's because it is plain text.

Thanks! That made me laugh at myself for being so slow.

As for the echos. I've been doing some experienting like putting strong tags around the text (example included in code below)) and they seem to behave just like they would in HTML. This is because it is HTML, right?

Another thing is I'd like to get the echo to appear on the original page.

I'm using a header redirect to return to the original page. See full code below:

PHP Code:

<?php


//if "email" is filled out, check for "name"
if (isset($_REQUEST['email']))
{
  //if "name" is filled out, send a couple of mails
  if (isset($_REQUEST['name']))
    {
        
        $email = $_REQUEST['email'] ; 
        $message = "A password reminder has been sent to <".$_REQUEST['name'].">". $_REQUEST['email'] ;
        $username = $_REQUEST['name'];
        
        mail("webmaster@torema.com.br", "Password Reminder Requested",
        $message, "From: noreply@torema.com.br");
          
        mail($email, "Password Reminder", "Password reminder:


        Username: ".$username."
        Password: monkey

        Please login at http://torema.com.br/cases.php", "From: noreply@torema.com.br");

        header("Refresh: 2; url=password-reminder.php");
        echo '<strong>A reminder of the password has been sent to <'.$username.'>'.$email.'.</strong>';

    }
  else 
    //if "name" is not filled out, ask them to fill it out
    {
        echo "please give your name";
    }
}
else
//if "email" is not filled out, ask them to fill it out
{
  echo "please fill out an email address";
  }
?>

How can I change this to get the echo to appear on password-reminder.php?

And does anyone know why the checks for content in the 'name' and 'email' fields aren't working?

[Acey99]

It's not php or the server.
It's the email program(s)
if you want line feeds in email instead of <br> use \n\r (new line for pc/mac)

yes most email programs read html, but not <br>, dunno why, but they don't.

[mwinter]

As for the echos. I've been doing some experienting like putting strong tags around the text (example included in code below)) and they seem to behave just like they would in HTML. This is because it is HTML, right?

Yes. By default, the output from PHP that's sent back to the visitor's browser is "labelled" as text/html.

Another thing is I'd like to get the echo to appear on the original page.

I'm not familiar with how you're organising this. Do you mean that you're submitting the form to a different URI then trying to redirect back to the previous URI? If so, it would easier to submit the form to the same URI and change what's sent to the browser based on whether the visitor is requesting the document for the "first" time, or as a result of the submission.

mail($email, "Password Reminder", "Password reminder:


Username: ".$username."
Password: monkey

Please login at http://torema.com.br/cases.php", "From: noreply@torema.com.br");

The second string literal is somewhat dubious: e-mails have a specific format and new lines must be represented as a carriage return/line feed pair. It would be more robust to use character escapes to represent those characters (string literal split for readability only):

PHP Code:

"Password reminder:\r\n\r\n\r\n"
    . "Username: {$username}\r\n"
    . "Password: monkey\r\n\r\n"
    . 'Please log-in at <http://torema.com.br/cases.php>' 


header("Refresh: 2; url=password-reminder.php");

"Refresh" is not a defined HTTP header. Whether or not browsers seem to take it to mean "redirect after two seconds", include a link within the document should it fail.

And does anyone know why the checks for content in the 'name' and 'email' fields aren't working?

You aren't checking for content. The isset function only ensures that there is 'name' and 'email' element in the $_REQUEST superglobal, respectively. These are significant tests, but they don't do what you think they do.

To check for actual content, it's best to use regular expressions to match the input against a particular pattern. Unfortunately, the lack of Unicode support in PHP makes proper internationalisation rather more difficult than it needs to be, though versions after 4.4.0 and 5.1.0 attenuate this somewhat by providing Unicode character category escape sequences.

I prefer not to use the $_REQUEST superglobal if source of the data is known. That is, use $_POST for POST data, and $_GET for values in the query string.

Mike

[dog]

Thanks for the tips about formating the PHP output.

What's the difference in using \r\n rather than just \n? I've not come across \r before.

"Refresh" is not a defined HTTP header. Whether or not browsers seem to take it to mean "redirect after two seconds", include a link within the document should it fail.

I'm now using this instead. I found it on the section about header on php.net

PHP Code:

// redirect to a different page in the current directory that was requested
$host  = $_SERVER['HTTP_HOST'];
$uri  = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'form.php';

header("Location: http://$host$uri/$extra");
exit; 


The isset function only ensures that there is 'name' and 'email' element in the $_REQUEST superglobal, respectively. These are significant tests, but they don't do what you think they do.

I've taken these tests out now. Could this cause significant problems?

To check for actual content, it's best to use regular expressions to match the input against a particular pattern.

I'm using this now:

PHP Code:

//if the email or name fields are blank, redirect to an error message
if ($_REQUEST['email']=="" or $_REQUEST['name'] =="")
{...redirect...}

//otherwise, send the mail
else
{...mail...} 


I prefer not to use the $_REQUEST superglobal if source of the data is known. That is, use $_POST for POST data, and $_GET for values in the query string.

So, for example you'd suggest I change this:

PHP Code:

$name = $_REQUEST['name'];
$company = $_REQUEST['company'];
$position = $_REQUEST['position']; 


to this:

PHP Code:

$name = $_GET['name'];
$company = $_GET['company'];
$position = $_GET['position']; 


?

Can you give an example of when I might us $_POST?

[mwinter]

What's the difference in using \r\n rather than just \n?

The former outputs the characters, carriage return (CR) followed by line feed (LF). As I wrote previously, line breaks require both characters: a line feed on its own is illegal.

Messages are divided into lines of characters. A line is a series of characters that is delimited with the two characters carriage-return and line-feed; that is, the carriage return (CR) character (ASCII value 13) followed immediately by the line feed (LF) character (ASCII value 10). (The carriage-return/line-feed pair is usually written in this document as "CRLF".)

— 2.1 General Description, Lexical Analysis of Messages, RFC 2822 Internet Message Format.

The body of a message is simply lines of US-ASCII characters. The only two limitations on the body are as follows:

• CR and LF MUST only occur together as CRLF; they MUST NOT appear independently in the body.
• Lines of characters in the body MUST be limited to 998 characters, and SHOULD be limited to 78 characters, excluding the CRLF.

— 2.3 Body, Lexical Analysis of Messages, RFC 2822 Internet Message Format.

I've not come across \r before.

It's the escape sequence used in string literals within various languages to refer to the carriage return character. See the section on double-quoted strings in the PHP manual.

PHP Code:

// redirect to a different page in the current directory that was requested
$host  = $_SERVER['HTTP_HOST'];
$uri  = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'form.php';

header("Location: http://$host$uri/$extra");
exit; 


Even when using the Location header - which usually generates a 302 Found response - a short HTML message should be included.

The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

— 10.3.3 302 Found, RFC 2616 Hypertext Transfer Protocol — HTTP/1.1

The isset function only ensures that there is 'name' and 'email' element in the $_REQUEST superglobal, respectively. These are significant tests, but they don't do what you think they do.

I've taken these tests out now. Could this cause significant problems?

If the elements don't exist within the super-global array, notices will be sent to the error log. Test that the elements exist first, then assess the values.

PHP Code:

//if the email or name fields are blank, redirect to an error message
if ($_REQUEST['email']=="" or $_REQUEST['name'] =="")
{...redirect...}

//otherwise, send the mail
else
{...mail...} 


And if the e-mail address isn't actually an e-mail address, or the name is just white space?

So, for example you'd suggest I change this:

PHP Code:

$name = $_REQUEST['name'];
$company = $_REQUEST['company'];
$position = $_REQUEST['position']; 


to this:

PHP Code:

$name = $_GET['name'];
$company = $_GET['company'];
$position = $_GET['position']; 


?

If the form is submitted using the GET method, yes. However, it should be sent using the POST submission method.

Can you give an example of when I might us $_POST?

HTML Code:

<form ... method="post">

Mike