What's Missing From This Form Mail Code?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Vik Rubenfeld
    #1

    What's Missing From This Form Mail Code?

    I've got this form mail program that is called as an action from an HTML
    form. It runs with no errors, but the email is never sent - at least,
    it's never received. Here's the code:

    <?
    $email = $_REQUEST['email'] ;
    $message = $_REQUEST['message'] ;

    $address = $_REQUEST['address'] ;
    $city_state = $_REQUEST['city_state'] ;
    $zip = $_REQUEST['zip'] ;
    $phone = $_REQUEST['phone'] ;
    $email = $_REQUEST['email'] ;
    $comments = $_REQUEST['comments'] ;
    $name = $_REQUEST['name'] ;

    $text = $name . ' - ' . $address . ' - ' .
    $city_state . ' - ' . $zip . ' - ' . $phone . ' - ' . $email . ' -
    ' . ' - ' . $comments;

    mail( "an@email.c om", "subject line",
    "$text", "From: $email" );
    header( "Location: http://www.mydomain.co m/Contact/thanks.html" );
    ?>

    What am I missing? Thanks in advance to all for any info.
    Tags: None
    • Geoff Berrow
      #2
      Re: What's Missing From This Form Mail Code?

      Message-ID: <vikr-5BEC22.01474208 122006@news.wes t.earthlink.net from
      Vik Rubenfeld contained the following:
      mail( "an@email.c om", "subject line",
      "$text", "From: $email" );
      header( "Location: http://www.mydomain.co m/Contact/thanks.html" );
      >?>
      >
      >What am I missing? Thanks in advance to all for any info.
      The first thing you are missing is some sanitising of the email address.
      You need to strip out any newline characters. That isn't the problem,
      just good practice.

      Assuming you are replacing an@email.com with a valid email address you
      could try

      if(mail( "an@email.c om", "subject line",
      "$text", "From: $email" )){
      header( "Location: http://www.mydomain.co m/Contact/thanks.html" );
      }
      else{
      echo "mail could not be sent";
      }

      This will check if mail is actually being received for posting.

      --
      Geoff Berrow (put thecat out to email)
      It's only Usenet, no one dies.
      My opinions, not the committee's, mine.
      Simple RFDs http://www.ckdog.co.uk/rfdmaker/

        Comment

        • Vik Rubenfeld
          #3
          Re: What's Missing From This Form Mail Code?

          Thanks, Geoff. I added the code in, and it ran with no errors. But when
          I entered my own email address on the form, I received no email from the
          site. What could explain this?


          -Vik



          Geoff Berrow <blthecat@ckdog .co.ukwrote:
          Assuming you are replacing an@email.com with a valid email address you
          could try
          >
          if(mail( "an@email.c om", "subject line",
          "$text", "From: $email" )){
          header( "Location: http://www.mydomain.co m/Contact/thanks.html" );
          }
          else{
          echo "mail could not be sent";
          }
          >
          This will check if mail is actually being received for posting.

            Comment

            • Chuck Anderson
              #4
              Re: What's Missing From This Form Mail Code?

              Vik Rubenfeld wrote:
              Thanks, Geoff. I added the code in, and it ran with no errors. But when
              I entered my own email address on the form, I received no email from the
              site. What could explain this?
              >
              >
              -Vik
              >
              >
              >
              Geoff Berrow <blthecat@ckdog .co.ukwrote:
              >
              >
              >Assuming you are replacing an@email.com with a valid email address you
              >could try
              >>
              >if(mail( "an@email.c om", "subject line",
              > "$text", "From: $email" )){
              > header( "Location: http://www.mydomain.co m/Contact/thanks.html" );
              >}
              >else{
              >echo "mail could not be sent";
              >}
              >>
              >This will check if mail is actually being received for posting.
              >>
              Just a thought, ... my ISP was blocking the IP address of the shared
              server my site is on and bouncing all emails sent from it. I found the
              bounce messages in the default mailbox at my domain.

              --
              *************** **************
              Chuck Anderson • Boulder, CO
              Chuck Anderson's Cycle Tourist Home Page
              http://www.CycleTourist.com

              *************** **************

                Comment

                • Gordon Burditt
                  #5
                  Re: What's Missing From This Form Mail Code?

                  >I've got this form mail program that is called as an action from an HTML
                  >form. It runs with no errors, but the email is never sent - at least,
                  >it's never received. Here's the code:
                  You are permitting someone (spammers) to mail to anyone they want
                  (thousands of recipients) by injecting headers by putting newlines
                  in $_REQUEST['email']. Within about 5 minutes of putting that form
                  up, most ISPs will block mail from the server you have it on. Within
                  an hour, you probably will have blocked it also.


                    Comment

                    • Geoff Berrow
                      #6
                      Re: What's Missing From This Form Mail Code?

                      Message-ID: <vikr-F869B2.08511208 122006@news.wes t.earthlink.net from
                      Vik Rubenfeld contained the following:
                      >Thanks, Geoff. I added the code in, and it ran with no errors. But when
                      >I entered my own email address on the form, I received no email from the
                      >site. What could explain this?
                      mail() returns true if the mail is accepted for delivery, it does not
                      guarantee delivery. Do we know that the server is configured properly?

                      Where are you running the script?

                      --
                      Geoff Berrow (put thecat out to email)
                      It's only Usenet, no one dies.
                      My opinions, not the committee's, mine.
                      Simple RFDs http://www.ckdog.co.uk/rfdmaker/

                        Comment

                        • Geoff Berrow
                          #7
                          Re: What's Missing From This Form Mail Code?

                          Message-ID: <12nk1hf8gp4bs8 7@corp.supernew s.comfrom Gordon Burditt
                          contained the following:
                          >
                          >You are permitting someone (spammers) to mail to anyone they want
                          >(thousands of recipients) by injecting headers by putting newlines
                          >in $_REQUEST['email']. Within about 5 minutes of putting that form
                          >up, most ISPs will block mail from the server you have it on. Within
                          >an hour, you probably will have blocked it also.
                          I think that may be a slight exaggeration, but I have already pointed
                          this out to the OP.

                          --
                          Geoff Berrow (put thecat out to email)
                          It's only Usenet, no one dies.
                          My opinions, not the committee's, mine.
                          Simple RFDs http://www.ckdog.co.uk/rfdmaker/

                            Comment

                            Previous template Next
                            Working...