0

When i send some email, it only sends the first word from the subject:

Example: I send an email with the name of "Send email", it only sends the word "Send", how can i prevent that?

Code:

The subject is selected in a select box

<td><a>
<?=  ' '.$val['email'].'  '; ?>
<input type="text" value="<?=  $val['email']; ?>" name="to"/>
</a></td>

<td>
<select name="subject">
<?php
  foreach($templatesarr as $val){
   echo '<option value='.$val['name'].'>'.$val['name'].'</option>';
  }
  echo '</select></td>
  <td><input type="submit" name="send" value="Send e-mail" /></td>
  </td></tr>
  ';
  ?>
  </form>

Check if the button was clicked

if(isset($_POST['send'])){
$sendername = 'Company';
$from = 'noreplay@compaty.com';
$to      = safe($_POST['to']);

$subject =  safe($_POST['subject']);
$message = 'teste';

$headers  = 'MIME-Version: 1.0' . PHP_EOL;
$headers .= 'Content-type: text/html; charset=iso-8859-1' . PHP_EOL;
$headers .= "From: $sendername <$from>".PHP_EOL;

mail($to, $subject, $message, $headers);

}else{
$to = NULL;

}

Safe function

function safe($value) {
    return mysql_real_escape_string($value);
}
user3726150
  • 1
  • 1

1 Answers1

1

The main problem is caused by not escaping variables and not properly encapsulating your attribute values; use this instead:

foreach($templatesarr as $val){
   printf('<option value="%1$s">%1$s</option>', 
       htmlspecialchars($val['name'], ENT_QUOTES, 'UTF-8')
   );
}

It now uses "" to delimit the value attribute of the option element.

Ja͢ck
  • 170,779
  • 38
  • 263
  • 309