form not sending any data

**Jefe** · 09-29-2013, 06:49 PM

I finally got my form to work, although its ugly at the moment and I'll need to "pretty" it up.

So my issues is that while the form does send me the email, the email contains no data. I am new to CSS so I really appreciate any help I can get.

Here is my contact.php"

PHP Code:


<?php
$field_name = $_POST['cf_name'];
$field_email = $_POST['cf_email'];
$field_message = $_POST['cf_message'];

$mail_to = 'jeff@vegaspchelp.com';
$subject = 'Message from a site visitor '.$field_name;

$body_message = 'From: '.$field_name."\n";
$body_message .= 'E-mail: '.$field_email."\n";
$body_message .= 'Message: '.$field_message;

$headers = 'From:'.$cf_email."\r\n";
$headers .= 'Reply-To: '.$cf_email."\r\n";

$mail_status = mail ($mail_to, $subject, $body_message, $headers);

if ($mail_status) { ?>
    <script language="javascript" type="text/javascript">
        alert('Thank you for the message. We will contact you shortly.');
        window.location = 'index-4.html';
    </script>
<?php
}
else { ?>
    <script language="javascript" type="text/javascript">
        alert('Message failed. Please, send an email to [email]jeff@vegaspchelp.com[/email]');
        window.location = 'index-4.html';
    </script>
<?php
}
?>

______________________________________________________________________________________________________________________________________
Here is the html from the page that holds the form:

HTML Code:

<form action="contact.php" id="form">
	<div class="container1">
		<div class="tail">
			<div class="h"><input name="cf_name" type="text" value="Your name" onblur="if(this.value=='') this.value='Your name' ] this.value=''" /></div>
			<div class="h"><input name="cf_email" type="text" value="Your E-mail" onblur="if(this.value=='') this.value='Your E-mail' ] this.value=''" /></div>
												
			<div class="h3">
				<textarea name="cf_message" rows="40" cols="30" onblur="if (this.value=='') this.value='Message'" onfocus="if(this.value == 'Message' ) this.value=''" >Message</textarea>
			</div>
		</div>
		<div class="container1">
			<div class="fright">
				<a href="#" class="link" onclick="document.getElementById('form').submit()">Send</a>
				<div class="indent-2" ><a href="#" class="link" onclick="document.getElementById('form').reset()">clear</a></div>
			</div>
		</div>"
	</div>
</form>

**Deadweight** · 09-29-2013, 06:55 PM

Im a little confused about your question...
Are you wondering how to apply CSS to your form or are you asking why there isn't any message in the email?

**Jefe** · 09-29-2013, 07:14 PM

Originally Posted by Crazykld69

Im a little confused about your question...
Are you wondering how to apply CSS to your form or are you asking why there isn't any message in the email?

Trying to figure out why its not sending any data

**traq** · 09-29-2013, 07:38 PM

Originally Posted by Jefe

Trying to figure out why its not sending any data

Moved to the PHP forum.
Please make sure your questions are clear, and that you are posting in the proper forums. This question has nothing to do with CSS (you didn't even include any css in your post).

Your email body is empty because you didn't put anything in it:

PHP Code:


$field_name = $_POST['cf_name'];
$field_email = $_POST['cf_email'];
$field_message = $_POST['cf_message'];

You should make sure you have error reporting enabled during development.

PHP Code:


<?php 
error_reporting( -1 );
ini_set( 'display_errors',1 );

All of those POST variables are undefined (and therefore empty). That's because your form isn't using the POST method - it's using GET. Try using POST:

HTML Code:

<form method="POST" action="contact.php" id="form">

Also, you have a security vulnerability here:

PHP Code:


$headers = 'From:'.$cf_email."\r\n";
$headers .= 'Reply-To: '.$cf_email."\r\n";

You assume that $cf_email is an email address, but you don't check. What if I wrote:

my@email.com\r\nCC: <spam-mailing-list>\r\n

?
You're a spam server!

You need to validate that the email I submitted is an email address. It's very simple:

PHP Code:


if( ! filter_var( $cf_email,FILTER_VALIDATE_EMAIL ) ){
    /* not a valid email!  don't use it */
}

**Jefe** · 09-29-2013, 08:02 PM

Originally Posted by traq

Moved to the PHP forum.
Please make sure your questions are clear, and that you are posting in the proper forums. This question has nothing to do with CSS (you didn't even include any css in your post).

Your email body is empty because you didn't put anything in it:

PHP Code:


$field_name = $_POST['cf_name'];

$field_email = $_POST['cf_email'];

$field_message = $_POST['cf_message'];

You should make sure you have error reporting enabled during development.

PHP Code:


<?php 

error_reporting( -1 );

ini_set( 'display_errors',1 );

All of those POST variables are undefined (and therefore empty). That's because your form isn't using the POST method - it's using GET. Try using POST:

HTML Code:

<form method="POST" action="contact.php" id="form">

Also, you have a security vulnerability here:

PHP Code:


$headers = 'From:'.$cf_email."\r\n";

$headers .= 'Reply-To: '.$cf_email."\r\n";

You assume that $cf_email is an email address, but you don't check. What if I wrote:

my@email.com\r\nCC: <spam-mailing-list>\r\n

?
You're a spam server!

You need to validate that the email I submitted is an email address. It's very simple:

PHP Code:


if( ! filter_var( $cf_email,FILTER_VALIDATE_EMAIL ) ){

    /* not a valid email!  don't use it */

}

Thank you so much and I am sorry for posting in the wrong topic! I am very new to this but I think I can figure it out now with this great help from you. Thanks again!

**traq** · 09-29-2013, 09:02 PM

Originally Posted by Jefe

Thank you so much and I am sorry for posting in the wrong topic! I am very new to this but I think I can figure it out now with this great help from you. Thanks again!

no problem.

Post again if you need any further help.
If you find a solution to your problem, come back and mark your thread "Resolved."

**Jefe** · 09-29-2013, 09:50 PM

Not sure if this is how I mark this resolved - I'll keep hunting in case its not~

**djr33** · 09-29-2013, 10:41 PM

It's a little hard to find that option: go to your first post, click edit, then go to advanced mode. Then you'll see a dropdown that will let you add a thread prefix of "Resolved".

**Strangeplant** · 09-30-2013, 01:18 PM

The use of filter_var() is not a good solution. There are several things it doesn't do that are important, and there are several things it does wrong. It is not kept up-to-date and sooner than the version of php on the server changes, BTW. Safe and proper email filtering always involves several steps, and personally, I thing that doing a MX record look-up is well worth the time. I've posted a solution before, one of many possible. At least sanitize it, use the strip_tags(), use the htmlspecialcharacters() function, or something to prevent injection.....

**traq** · 09-30-2013, 02:33 PM

Originally Posted by Strangeplant

The use of filter_var() is not a good solution. There are several things it doesn't do that are important, and there are several things it does wrong.

Care to be more specific?

Originally Posted by Strangeplant

It is not kept up-to-date and sooner than the version of php on the server changes, BTW.

Nothing in PHP is updated any sooner than PHP is updated.

Originally Posted by Strangeplant

... personally, I thing that doing a MX record look-up is well worth the time.

In some situations, yes, a lookup is well worth it.

Originally Posted by Strangeplant

At least sanitize it, use the strip_tags(), use the htmlspecialcharacters() function, or something to prevent injection.....

If the email passes FILTER_VALIDATE_EMAIL, you will know that there are no characters in it that will be affected by either of those two functions. Further, in emails, the characters that can lead to header injection are newlines - which neither of those functions remove/encode (but a valid email with a newline at the end does fail FILTER_VALIDATE_EMAIL).