0

After manually submitting a form on my website, an email with the subject appears in my inbox. The email's subject is correctly sent as "Feedback Form Submission", but the email itself is blank. There is no body nor input from the email box on my form.

Form:

<form action="feedback-form.php" method="post" enctype="text/plain">
  E-mail:<br>
  <input type="text" class="textForm" name="email_address" size="35"><br>
  Comment:<br>
  <textarea name="feedback" class="textForm" rows="6" cols="35"></textarea><br><br>
  <input type="submit" id="submit" class="button" value="Send">
</form>

PHP:

<?php
#Receive user input
$email_address = $_POST['email_address'];
$feedback = $_POST['feedback'];

#Filter user input for invalid characters
function filter_email_header($form_field)
{
  return preg_replace('/[nr|!/<>^$%*&]+/', '', $form_field);
}

$email_address = filter_email_header($email_address);

#Send email
$headers = "From: $email_address";
$sent = mail('me@website.com', 'Feedback Form Submission', $feedback, $headers);

I believe my mail function is set up properly. My variables in the form match the variables my PHP script is using. My PHP and HTML are in the same file. I have read in other questions that having the two pieces of code in the same file can lead to issues when a blank form is submitted, but I am having issues while inputting valid information into my form. What am I doing incorrectly here?

Biswajit Biswas
  • 859
  • 9
  • 20
joshjones506
  • 23
  • 5
  • Your regex is invalid. You are using the delimiter in the expression which you can't do. That should be throwing an error if reporting is used. `Warning: preg_replace(): Unknown modifier '<' ` – user3783243 Sep 07 '20 at 03:14
  • you can simply use the `filter_var($email_a, FILTER_VALIDATE_EMAIL)` [function built in PHP](https://www.php.net/manual/en/filter.examples.validation.php) – Ron Sep 07 '20 at 03:17
  • @Ron I think the regex is removing any potential header injections, not validating the address. – user3783243 Sep 07 '20 at 03:18
  • Looks like the issues isn't included in the question. I recommend hard coding a from email and seeing if that works. I also recommend outputting $feedback and seeing if it's being set. – Coomie Sep 07 '20 at 03:27
  • @user3783243 this is correct, the intention of the regex was to remove header injections. Am I understanding you correctly that removing the delimiters ```<>``` would resolve the issue? That is my takeaway from reading this post: https://stackoverflow.com/questions/20705399/warning-preg-replace-unknown-modifier – joshjones506 Sep 07 '20 at 03:29
  • It's the `/` in the middle of the regexp that is the problem. You need to escape it by prefixing it with a backslash: `\/`. It's also not clear why you're looking for `n` or `r` in the regexp. Do you mean `\n` and `\r`? – kmoser Sep 07 '20 at 03:32
  • @kmoser I understand, thank you for the clarification. the ```/``` was clearly cutting my regexp short, so adding an escape character helped evaluate the regexp to its proper length. – joshjones506 Sep 07 '20 at 03:47

0 Answers0