1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:40 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Help with PHP script not working properly

Developed form and PHP, but it's not functioning...

         

louisvilleweb

2:52 am on Aug 9, 2011 (gmt 0)

10+ Year Member



I've created a form in HTML (index.html) and then a php file to execute the form submission (articledownload.php). The problem is that when I fill out the form and submit it, I get the error message of "We encountered an error sending your mail, please notify user@mysite.com"

Could someone please take a gander at my HTML/PHP to see what might be causing this issue that has me beating myself upside the head?!

HTML on index.html: 

<label for="firstname"></label>
     <input name="firstname" type="text" id="firstname" size="20" />
     <br />
     Last Name
     <label for="lastname"></label>
     <input name="lastname" type="text" id="lastname" size="20" />
     <br />
     Email<br />
     <label for="email"></label>
     <input name="email" type="text" id="email" size="20" />
 </h2>
    <h2>
     <input type="submit" name="submit" id="submit" value="Download" />
    </h2>
   </form>


PHP (articledownload.php: 

<?php 
 $to ='myemailaddress@mysite.com';
 $from = $_REQUEST['firstname'] ; 
 $name = $_REQUEST['lastname'] ; 
 $name = $_REQUEST['email'] ; 
 $headers = "From: $from"; 
 $subject = "Article Download Subscriber"; 
 
 $fields = array(); 
 $fields{"firstname"} = "First Name"; 
 $fields{"lastname"} = "Last Name"; 
 $fields{"email"} = "Email Address"; 
 
 $body = "This person just downloaded our e-article from the homepage:\n\n"; foreach($fields as $a => $b){ $body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]); } 
 
 $headers2 = "From: noreply@mysite.com"; 
 $subject2 = "Thank you for downloading our e-article"; 
 $autoreply = "Thank you for downloading our article. If for some reason you were not automatically directed to the location of the article, you can find the article by visiting this link: http://www.mysite.com/site/articledownload.html";
 
 if($from == '') {print "You have not entered a first name, please go back and try again";} 
 else { 
 if($name == '') {print "You have not entered a field properly, please go back and try again";} 
 else { 
 $send = mail($to, $subject, $body, $headers); 
 $send2 = mail($from, $subject2, $autoreply, $headers2); 
 if($send) 
 {header( "Location: http://www.mysite.com/site/articledownload.html" );} 
 else 
 {print "We encountered an error sending your mail, please notify user@mysite.com"; } 
 }
}
 ?>

louisvilleweb

12:49 pm on Aug 9, 2011 (gmt 0)

10+ Year Member



Also, I'm a newb. If there are any additions to this script that would help with spam protection, I would greatly appreciate the insight.

Thanks,
Matt

rocknbil

4:54 pm on Aug 9, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Your first problem is here:

$from = $_REQUEST['firstname'] ;
$name = $_REQUEST['email'] ;

This puts the name as the from email address, it will never send. Try switching those two:

$from = $_REQUEST['email'] ;
$name = $_REQUEST['firstname'] ;

Then change this

$headers = "From: $from";

to this

$headers = "From: \"$name\" <$from>\r\n";

The newlines are important. You should probably echo out all the values and exit to make sure it's right, you should have something like this:

From: "John" <john@example.com>
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1

The last two are for HTML emails, you can remove them for plain text.

Second there is no mail for $send2, but guessing you just stopped there because $send wasn't working.

As for spam protection, you need to start with injection protection - you are using raw uncleansed input directly in your program. Suppose I could do "something like" this:

firstname="john&amp;email=here@example.com\r\nBCC:spam-address1@example.com;spam-address2@example.com;spam-address3@example.com;spam-address4@example.com\r\n

I've just created my own BCC header and used your form to spam 4 addresses (potentially thousands.) Although as posted this is impossible, you get the drift - follow Selena Sol's mantra:

Every user input is a potential hack.

And the corollary, accept only what you want and throw everything else away.

This is a bit complex to cover in one post, but you'll use a variety of methods, including regular expression replacements, to filter all input to make sure it's what you expect - the most important, of course, is the email address itself, there should be only one, and it should match an acceptable email pattern.

Once your input is relatively clean, you can use the same approach against spammers to avoid the dreaded captcha. The most common attack is "link spamming" - there's a link below that shows how you do that.

I also advise to log every input within the script - this is different than access logs, just log everything that is being sent to your program. When trouble arises, you'll have something to look at to see what they are up to.

Get it working first, log everything first, cleanse your input, then filter for spam, if it's all clean **then** send the mail.

See my post here to help [webmasterworld.com]

louisvilleweb

4:17 pm on Aug 17, 2011 (gmt 0)

10+ Year Member



rocknbil, thanks so much for your thorough reply. I made the changes you recommended about the modification of the $from/$name/$headers and the form is then sending the information to the person who filled out the form (hooray!); however, it is not being sent to myemailaddress@mysite.com with the form information. I'm still befuddled by the other recommendations - I'm sure that probably will iron out my issues. Namely, I don't know what you mean about "there is no mail for $send2".

Can you or some other kind ninja out there help me figure out what I am missing that is keeping me from receiving the form's input info to my email address?

Thanks!

coopster

12:54 pm on Aug 18, 2011 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



Have you tried sending it to just yourself first? You can narrow down whether or not it is your email or your process. If it is working for one try just one again but this time your own email address.

louisvilleweb

5:16 pm on Aug 18, 2011 (gmt 0)

10+ Year Member



Yes, I filled out the form myself with my email address. It sent the confirmation email to me correctly but it did not send an email to the site owner with the information I sent when submitting the form.

louisvilleweb

8:29 pm on Aug 18, 2011 (gmt 0)

10+ Year Member



Anyone care to share their simple HTML/PHP script that works properly and has spam protection built in? Perhaps this would give me the push in the right direction that I need.

coopster

7:13 pm on Aug 22, 2011 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



Namely, I don't know what you mean about "there is no mail for $send2".


This is why, you need to have a closer look at what you are populating that variable with ... namely no email. 
$send2 = mail($from, $subject2, $autoreply, $headers2);

Print each of these variables out and exit your script before sending the email and have a closer look at what values are in each variable. Compare that to the mail() functions expected parameter values and see if you spot the problem.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:40 am Apr 28, 2026