1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 12:36 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

mailform won't pass posted vars

         

generic

2:56 am on Jul 21, 2010 (gmt 0)

10+ Year Member



I'm sure someone will be able to spot the problem with this. The captcha works fine, the email sends out if all is good (I still need to add field validation) but for some reason, the input fields aren't getting sent.

Can someone take a peek and see where I'm going wrong? Also, any suggestions for improvements to the code would be completely welcome ;) I'm much more of a front end developer than a programmer.

Thanks!
gen 

<?php
function createForm(){

/*grab variables from posted form, if any exist*/
$name = $_POST['name'];
$email = $_POST['email'];
$comments = $_POST['comments'];

/*build the form, populate the fields if needed*/
echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"POST\">
 <p>Name:<br />
 <input name=\"name\" type=\"text\" value=\"$name\" /></p>
 <p>Email:<br />
 <input name=\"email\" type=\"text\" value=\"$email\" /></p>
 <p>Message:<br />
 <textarea name=\"comments\" rows=\"4\">$comments</textarea></p>
 <p class=\"smaller\">Spam Protection: enter the sum of the math question below<br />
 <p><img src=\"inc/captcha.php\" alt=\"CAPTCHA image\" /> = <input type=\"text\" name=\"secure\"></p>
 <p>
<label>
<input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Submit\" />
</label>
<input type=\"reset\" name=\"reset\" id=\"reset\" value=\"Clear\" />
</p>
 </form>";
}
 
 if(isset($_POST['secure'])) {
if($_POST['secure'] != $_SESSION['security_number']) {
 $error = "Failed";
 echo "<p class=\"strong bigger red\">Woops! Wrong math answer, please try again.</p>";
 createForm();
} else {
 $error = "Passed";

/* recipients email address */
$recipient = 'my@email.com';

/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$comments = $HTTP_POST_VARS['comments'];

/*format the message for mail*/
$comments = stripslashes($comments);
$now = date('l F dS, Y @ g:i:s a');
$message = "The following is a message from website.com sent on $now.\n\nFrom: $name\nEmail: $email\n\nComments: \n$comments";

/*add email subject and headers*/
$subject = "website email";
$headers = "From: $name <$email>\n";
$headers .= "Reply-To: $email\r\n";

/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
mail($recipient,$subject,$message,$headers);
echo "<p class=\"strong red\">Your email has been sent!</p>
<p>I'll do my best to get back to you in the next 24 hours.</p>";

/*for troubleshooting - output email message body after POST*/
//echo $message; 

echo "<p><a href=\"website.com">Send another message &#187;</a></p>"; 
} 
 } else { /*boot back to beginning*/
echo "<p>Send me a message using the below form. All fields are required.</p>";
createForm();
 }
?>

generic

4:58 am on Jul 21, 2010 (gmt 0)

10+ Year Member



Nevermind, I didn't realize HTTP_POST_VARS was deprecated. Thanks anyway.

Matthew1980

7:24 am on Jul 21, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi there generic,

Yup, deprecated since PHP4.1.0 - glad you found that out :)

As I mentioned in another thread, your using the $_POST super global array directly into mail() - at least sanitise the data first, if not, hackers can easily send malicious data & manipulate the headers just by adding extra chars in the correct places :)

So for example:-

$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$comments = strip_tags($_POST['comments']);

will make the submitted data safer as this will strip out any html style tags, just a suggestion there ;)

And secondly, I would add error handlers in this receiver script so that anything not set correctly ie: blank entry's erroneous submissions would be rejected, at least this way you have more control over what can be sent to either your or your clients email inbox.

See Rocknbil's comments: [webmasterworld.com ] in this thread from yesterday ;) Hopefully you can see what to implement from that.

Hope that helps a bit anyway :)

Cheers,
MRb

generic

3:29 pm on Jul 21, 2010 (gmt 0)

10+ Year Member



Hi Matthew1980,

Thanks for the advice! I added the strip_tags as per your suggestion. I also took a boo around the web for field validation and all that good stuff and found some tidbits that might come in handy but I'm not sure where/how to implement them in my code. When I do run the script with them in place, they catch any errors but continue to mail the form anyway instead of stopping. I'm a total FNG at coding this stuff - it's been a hella long time since I touched PHP.

I know I need to a) check to make sure fields are not empty and b) make sure the email is actually an email address so these two snippets should work. 

/* make sure fields are not empty */
if (!$name || !$email || !$comments) {
echo '<p class="orange"><strong>Woops!</strong><br />
All fields are required.</p>';
 createForm();
}

/* verify email is valid address */
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo '<p class="orange"><strong>Woops!</strong><br />
Invalid email address.</p>';
 createForm();
}


I'm embarassed to say it but I just don't know where in the code to implement them.

Can you lend a guy a hand? ;)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 12:36 pm Apr 28, 2026