0

I have a rather simple HTML/PHP form that just needs to send the data to my email. The email I'm using is not using the same domain as the website. I've been stuck on this for hours now and I cant seem to find the solution. Could someone take a look?

<?php

$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$message = $_POST['message'];
$gender = $_POST['gender'];
$user_name = $_POST['user_name'];
$email = $_POST['email"];
$message = $_POST['message'];
$from = $_POST['user_name']; 
$to = 'example@email.com'; 
$subject = 'Comment';


$body = "From: $first_name\n From: $last_name\n Sex: $gender\n Username: $user_name\n E-Mail: $email\n Message:\n $message";

if ($_POST['submit']) {
  if (mail ($to, $subject, $body, $from)) { 
    echo 'Your message has been sent!';
  } else { 
    echo 'Something went wrong, go back and try again!'; 
  }
}

?>
Nisse Engström
  • 4,738
  • 23
  • 27
  • 42
tim mudde
  • 9
  • 1
  • 4
    Your line `$email = $_POST['email"];` has mismatched quotation marks. Use `"email"` or `'email'`, but not `'email"`. –  Feb 14 '15 at 13:20
  • 1
    http://www.thesitewizard.com/php/protect-script-from-email-injection.shtml http://securephpwiki.com/index.php/Email_Injection – szab.kel Feb 14 '15 at 13:21
  • 1
    Is the form method set to post? **method="post"? – Amit Verma Feb 14 '15 at 13:48
  • @CamilStaps You are correct. That dupe is used for any "why doesn;t this form work" questions that have no specific error message. But the root cause of this issue is obvious so I removed it. – John Conde Feb 14 '15 at 13:51
  • 1
    @CodingHorror The issue is a typo. You don't need to see the form. – John Conde Feb 14 '15 at 13:51
  • The use of an editor with syntax highlighting would have easily prevented this question. – ElefantPhace Feb 14 '15 at 17:29

3 Answers3

1

Assuming that your PHP code file is sendMail.php

let this be form.html

<form name="sendMail" id="sendMail" action="sendMail.php" method="post">
    <input type="text" name="first_name" /> 
    <input type="text" name="last_name" /> 
    <input type="text" name="message" /> 
    <input type="text" name="gender" /> 
    <input type="text" name="user_name" /> 
    <input type="text" name="email" />
    <input type="submit" name="submit" />
</form>

Basically, your PHP code should work according to the form above. Of course you may want to change gender field to radiogroup/dropdown and/or message to textarea.

<?php
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$message = $_POST['message'];
$gender = $_POST['gender'];
$user_name = $_POST['user_name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = $_POST['user_name']; 
$to = 'example@email.com'; 
$subject = 'Comment';


$body = "From: $first_name\n From: $last_name\n Sex: $gender\n Username: $user_name\n E-Mail: $email\n Message:\n $message";

if ($_POST['submit']) {
    if (mail ($to, $subject, $body, $from)) { 
        echo 'Your message has been sent!';
    }
    else { 
        echo 'Something went wrong, go back and try again!'; 
    }
}
?>

There is one point to correct that $email = $_POST['email"]; should be $email = $_POST['email'];.

And you should ensure that PHP mail settings have to be set properly. I suggest you to use PHPMailer which is so simple and runs smoothly with too few configuration.

zkanoca
  • 9,664
  • 9
  • 50
  • 94
1

The PHP

The fourth parameter of the mail() function should be a list of additional email headers. You're passing it a user name. You should have something like this:

$email = $_POST['email'];
$email = preg_replace('/[[:cntrl:]]/', '', $email);
$headers = "From: $email\r\n";
...
mail ($to, $subject, $body, $headers);

The second line filters out control characters from the email address. Without this, a malicious user could insert newline characters to add their own email headers, such as CC: headers to send unsolicited spam.

Mixing domains

Also, you might not be allowed to send email with a From: address from a different domain name than your web site (or mail server). You could contact the administrator of your server/web site and ask what your options are.

Some things to consider:

  • You could try to use a local From: address and leave the actual (external) email address in the Reply-To: header. Eg:

      $headers  = "From: Me@mydomain.example\r\n";
  $headers .= "Reply-To: Someone@otherdomain.example\r\n";

    Some email clients might not respect the Reply-To: header, though.

  • If the address in the From: header is not the actual sender of the email, you should specify the real sender in a Sender: header. Eg:

      $headers  = "From: Someone@otherdomain.example\r\n";
  $headers .= "Sender: Me@mydomain.example\r\n";

  • You may need to specify the From: address in an additional parameter to the Mail Transfer Agent:

      mail ($to, $subject, $body, $headers, "-f '$email'");

  • Sending email from a different domain name may count against you by SPAM filters. You may need an SPF record to ensure that your emails go through.

  • You might be better off using a full-featured email class, such as PHPMailer rather than the crude mail() function.

See also

Documentation

Stack Overflow

Nisse Engström
  • 4,738
  • 23
  • 27
  • 42
1

Just write isset() in first if condition.

try above code again.

$first_name = $_POST['first_name'];

$last_name = $_POST['last_name'];

$message = $_POST['message'];

$gender = $_POST['gender'];

$user_name = $_POST['user_name'];

$email = $_POST['email"];

$message = $_POST['message'];

$from = $_POST['user_name']; 

$to = 'example@email.com'; 

$subject = 'Comment';


$body = "From: $first_name\n From: $last_name\n Sex: $gender\n Username: $user_name\n E-Mail: $email\n Message:\n $message";

if (isset($_POST['submit'])) {
  if (mail ($to, $subject, $body, $from)) { 
    echo 'Your message has been sent!';
  } else { 
    echo 'Something went wrong, go back and try again!'; 
  }
}
Punit
  • 450
  • 3
  • 11