I'm looking at a problem with php displaying something

Question

I have just done a php contact form for my website, but what I get is this:

https://gyazo.com/2f3c4faa5bc253a6e3ff94d78214867d

And the code I'm using is this:

<?php
include('***Contains private stuff***.php');
//Send mail function
function send_mail($to,$subject,$message,$headers){
    return @mail($to,$subject,$message,$headers);
}

if($_POST) {

    $to = "***PRIVATE MAIL***"; // Your email here
    $subject = 'Message from my website'; // Subject message here

        //MySQL
        $query = "INSERT INTO contact (name, email, subject, message) VALUES ('$name', '$email', '$subject', '$message')";
        $result = mysqli_query($connection, $query);

        //Sanitize input data, remove all illegal characters
        $name    = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
        $email    = filter_var($_POST['mail'], FILTER_SANITIZE_EMAIL);
        $subject = filter_var($_POST['subject'], FILTER_SANITIZE_STRING);
        $message = filter_var($_POST['message'], FILTER_SANITIZE_STRING);

        //Send Mail
        $headers = 'From: ' . $email .''. "\r\n".
            'Reply-To: '.$email.'' . "\r\n" .
            'X-Mailer: PHP/' . phpversion();


        $sent = send_mail($to, $subject, $message . "\r\n\n"  .'Name: '.$name. "\r\n" .'Email: '.$email, $headers);
        if (! $sent) {
            // log the error
            error_log('Mail Error: Message to ' . $to . ' wasn\'t sent');
        }
}
?>

And I just want to remove it, but can't really figure out the issue. Link to my friends website I'm using for the testing, and live view.

http://thomasmaneschijn.com/lukas/

And you should be able to see my html code on the site as well. Reason I marked the include section out is because there is some passwords and stuff that I don't want to leak.

Well, I mean it destroys my websites layout completely, which is annoying. — luk19987, Feb 26 '19 at 14:18
Well if you don’t want JSON-encoded data structures to show up in your page … then don’t output JSON-encoded data structures in the first place … Returning such data would make sense if you were making a background request to this script. But if you just want to submit your form to this normally, and this is supposed to provide the response in the form of the “next page” … well, then output error messages in a user-friendly way somewhere in the actual content, instead of spitting out JSON. — 04FS, Feb 26 '19 at 14:25

score 2 · Answer 1 · edited Feb 26 '19 at 15:08

2

Your $to is not a valid email.

EDIT

To better understand your error, at least while developing I'd do the following:

if(@mail($to,$subject,$message,$headers)){
    echo json_encode(array('info' => 'success', 'msg' => "Your message has been sent. Thank you!"));
} else {
    echo json_encode(array('info' => 'error', 'msg' => "Error, your message hasn't been sent", 'error_info' => error_get_last()['message']));
}

See if that works.

You can also use this to better understand your error -

$sendMail = mail($to,$subject,$message,$headers);
if(!$sendMail) { $errorMessage = error_get_last()['message']; }

edited Feb 26 '19 at 15:08

Tushar Walzade

3,737
4
33
56

answered Feb 26 '19 at 14:13

eeetee

502
4
14

1

i dont think so, maybe OP dont want to show email address – devpro Feb 26 '19 at 14:15
I know, reason being is it's my private mail I use for testing purposes. I don't want to leak it. – luk19987 Feb 26 '19 at 14:15
2

You can use `$sendMail = mail($to,$subject,$message,$headers)` and `if (!$sendMail) { $errorMessage = error_get_last()['message']; }` to better understand your error. – eeetee Feb 26 '19 at 14:18

Riccardo Cedrola · Answer 2 · 2019-02-26T14:18:28.030

2

@mail() returns TRUE if the mail was successfully accepted for delivery, FALSE otherwise. docs

So I guess that you have some problems with the params passed to the function. Consider the first if, if there is no $_POST you are actually not going to have those two variables defined. Also, since the send_mail() function is just called at the end of the file, it is going to be triggered upon visiting the page.

So my guess on this is that when you visit the page without having anything in the $_POST variable, you are going to miss the needed parameters for the send_email. Maybe try to dump the values of the parameters once you are inside send_email()

edited Feb 26 '19 at 14:18

answered Feb 26 '19 at 14:15

Riccardo Cedrola

1,270
1
10
16

Maybe you're correct, I can try and comment out the send_mail function? Just to see what happens? – luk19987 Feb 26 '19 at 14:17
If you comment the line where `send_email()` is called the message won't appear because the function is not going to be triggered :) I think that you control for `$_POST` because you are going to get those params for there later, but as long as you are testing just define the variables outside that if or make some sort of button/something like that to send the email – Riccardo Cedrola Feb 26 '19 at 14:20
2

i agreed with you my vote for u. but OP having few more issues in code, check my answer. – devpro Feb 26 '19 at 14:34
Checked, I think you got this one ;) gj – Riccardo Cedrola Feb 26 '19 at 15:00

devpro · Accepted Answer · 2019-02-26T14:31:05.300

2

You have few issues in your code:

Issue 1, Your code is wide open for SQL Injection, you must need to prevent your code with SQL Injection.

Issue 2, You are calling send_mail() without using any check, you need to move this inside the if($_POST) check, otherwise, it will execute on every page refresh.

Issue 3, Your INSERT query placement is wrong, from where you define these variables VALUES ('$name', '$email', '$subject', '$message') before this query?

According to your screen shot, you are getting json response just because of send_mail() method, if you move your code something like:

// Move `send_mail()` method here
if($_POST) {
// Your Variables
// Your Query / MYSQL / suggest you to use PDO here.
// Your method calling
}

Some helpful links:

How can I prevent SQL injection in PHP?

Are PDO prepared statements sufficient to prevent SQL injection?

Always use error_reporting() on local environment.

edited Feb 26 '19 at 14:31

answered Feb 26 '19 at 14:23

devpro

16,184
3
27
38

I will for sure, do that. – luk19987 Feb 26 '19 at 14:30
@luk19987 try them – devpro Feb 26 '19 at 14:31
@luk19987: emails are working before???, please update your question with updated code – devpro Feb 26 '19 at 14:38
I edited it. Changed it to the code I use now, but not getting mails. – luk19987 Feb 26 '19 at 14:41
@luk19987: emails was working before? check error by using `error_get_last()` – devpro Feb 26 '19 at 14:44
Where do I put that? And I used a other system before, but was working, but I had some other issues with that. – luk19987 Feb 26 '19 at 14:45
@luk19987: where you are using error_log on failure. `var_dump(error_get_last())` – devpro Feb 26 '19 at 14:46
I'm using error_log when it doesn't get a mail, I checked the log after I sent two mails and nothing appeared even in my mail. – luk19987 Feb 26 '19 at 14:48
array(4) `{ ["type"]=> int(8) ["message"]=> string(21) "Undefined index: mail" ["file"]=> string(43) "/home2/thomasma/public_html/lukas/index.php" ["line"]=> int(19) }` this is what i get from the website. – luk19987 Feb 26 '19 at 14:50
@luk19987 then u must need to check your line no 19 – devpro Feb 26 '19 at 14:51
check `print_r($_POST)` or check this field `$_POST['mail']` @luk19987 – devpro Feb 26 '19 at 14:52
`array(4) { ["type"]=> int(8) ["message"]=> string(27) "Undefined variable: message" ["file"]=> string(43) "/home2/thomasma/public_html/lukas/index.php" ["line"]=> int(14) }` Fixed that other error, was a typo. But now this. – luk19987 Feb 26 '19 at 14:53
@luk19987: as i mention issue no 3 – devpro Feb 26 '19 at 14:55
Aight fixed it, I had misplaced my MySQL and it could send the data to my database. – luk19987 Feb 26 '19 at 14:56
I will check if I get any mails now. – luk19987 Feb 26 '19 at 14:57
Still no luck with the mail being sent. But I think everything else if working fine. – luk19987 Feb 26 '19 at 15:00
@luk19987: yes so i think u need to use smtp here. – devpro Feb 26 '19 at 15:00
How do I add that? I have read about it, but I looked a bit confusing at start. I know it sounds a little n**bish to ask that. Just every new to php. – luk19987 Feb 26 '19 at 15:02
1

there are so many example available on SO @luk19987: but i think, first of all you need to debug more.. like use one liner code to test email like `mail('your email','subject','test');` place this right at the top of the file, if its work, then no need to use smtp, otherwise, you need to move on to smtp. or contact to hosting provider. – devpro Feb 26 '19 at 15:04
1

@luk19987: now u can close this question becuasse this question is related to `php displaying something` for email , u can create an another question. – devpro Feb 26 '19 at 15:05
Aight, I will do that. – luk19987 Feb 26 '19 at 15:06

score 1 · Answer 4 · answered Feb 26 '19 at 14:24

<?php
include('***Contains private stuff***.php');
if($_POST) {

    $to = "***PRIVATE MAIL***"; // Your email here
    $subject = 'Message from my website'; // Subject message here

}

//Send mail function
function send_mail($to,$subject,$message,$headers){
    return @mail($to,$subject,$message,$headers);
}

//MySQL
$query = "INSERT INTO contact (name, email, subject, message) VALUES ('$name', '$email', '$subject', '$message')";
$result = mysqli_query($connection, $query);

//Sanitize input data, remove all illegal characters
$name    = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
$email    = filter_var($_POST['mail'], FILTER_SANITIZE_EMAIL);
$subject = filter_var($_POST['subject'], FILTER_SANITIZE_STRING);
$message = filter_var($_POST['message'], FILTER_SANITIZE_STRING);

//Send Mail
$headers = 'From: ' . $email .''. "\r\n".
    'Reply-To: '.$email.'' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();


$sent = send_mail($to, $subject, $message . "\r\n\n"  .'Name: '.$name. "\r\n" .'Email: '.$email, $headers);
if (! $sent) {
    // log the error
    error_log('Mail Error: Message to ' . $to . ' wasn\'t sent');
}
?>

PHP error_log

I'm looking at a problem with php displaying something

4 Answers4