0

I couldn't find it anywhere, I invested many hours on google research. I am trying to send an HTML Form to the customer's email with php mail(), it's sending the input fields, but as soon as I add the form tags, it doesn't send it, however the script does echo "email sent". Below is the code that is successfully sending the html input fields.

<?php error_reporting(E_ALL); ?>
<?php require "connection.php";?>
<?php require "lib/password.php";?>
<?php
$stmt = $conn->prepare("SELECT `email` FROM `users` WHERE `username` = ?");
$stmt->bind_param("s", $username);
$username = mysqli_real_escape_string($conn, preg_replace("/[^0-9a-zA-Z]/","",strip_tags($_POST["username"])));
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($email);
if($stmt->num_rows){
    while ($stmt->fetch()){
        $hash_username = password_hash($username, PASSWORD_BCRYPT, array("cost" => 27));
        $to = $email;
    }
}else{
echo "Username not found, please use correct username.";
}
$stmt->close();
?>
<?php
$subject = "You Requested To Change Your Password";

$message = '<html><head><title>HTML email</title></head><body><p>This email contains HTML Tags!</p><input type="hidden" name="username" value="'.$hash_username.'"><br>Password:<br><input type="text" name="password" value=""><br>Confirm Password:<br><input type="text" name="confirm_password" value=""><br>Email:<br><input type="text" name="lastname" value=""><br><br><input type="submit" value="Submit"></body></html>';

$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: Blam.Co<info@'.$_SERVER["SERVER_NAME"].'>' . "\r\n";
$headers .= 'Reply-To: Administrator<someone@gmail.com>'."\r\n";

if(mail($to,$subject,$message,$headers)){
    echo "email sent";
}else{
    echo "not sent";
}
?>

Now as soon as I add the form tags, as below, it doesn't send, however the script outputs "email sent".

<?php error_reporting(E_ALL); ?>
<?php require "connection.php";?>
<?php require "lib/password.php";?>
<?php
$stmt = $conn->prepare("SELECT `email` FROM `users` WHERE `username` = ?");
$stmt->bind_param("s", $username);
$username = mysqli_real_escape_string($conn, preg_replace("/[^0-9a-zA-Z]/","",strip_tags($_POST["username"])));
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($email);
if($stmt->num_rows){
    while ($stmt->fetch()){
        $hash_username = password_hash($username, PASSWORD_BCRYPT, array("cost" => 14));
        $to = $email;
    }
}else{
echo "Username not found, please use correct username.";
}
$stmt->close();
?>
<?php
$subject = "You Requested To Change Your Password";

$message = '<html><head><title>HTML email</title></head><body><p>This email contains HTML Tags!</p><form action="something.php" method="GET"><input type="hidden" name="username" value="'.$hash_username.'"><br>Password:<br><input type="text" name="password" value=""><br>Confirm Password:<br><input type="text" name="confirm_password" value=""><br>Email:<br><input type="text" name="lastname" value=""><br><br><input type="submit" value="Submit"></form></body></html>';

$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: Blam.Co<info@'.$_SERVER["SERVER_NAME"].'>' . "\r\n";
$headers .= 'Reply-To: Administrator<someone@gmail.com>'."\r\n";

if(mail($to,$subject,$message,$headers)){
    echo "email sent";
}else{
    echo "not sent";
}
?>

If we can't send html form inside the php mail, can you suggest what's the best way to let the customers put information (change password) from within the email itself?

I tried to send input fields' value with javascript functions, but it din't execute as well.

Yogie
  • 986
  • 2
  • 12
  • 14
  • you cant send a html form in email, well you can but it wont be filled out, send them a link to your site, the form should be on your website for them to fill in –  Feb 08 '15 at 03:28
  • I know, that (what you suggested) is the standard way, however, I remember I received an email few months ago, that let me fill the info from within the email itself, and on clicking "submit", it took me to another page on new tab, that said, your details have been submitted. – Yogie Feb 08 '15 at 03:30
  • Usually, if a user is to update their information, they are sent a link containing a unique code related to their account, then using `UPDATE table SET col_x = 'value' WHERE col_y = 'user'` type of thing. – Funk Forty Niner Feb 08 '15 at 03:43
  • That is the traditional way, I am trying to achieve something new. – Yogie Feb 08 '15 at 08:22
  • there a reason why no one does it this way - it is poorly supported by most email clients. –  Feb 08 '15 at 19:33

0 Answers0