• ### Announcements

#### Archived

This topic is now archived and is closed to further replies.

# form mailer sending blanks

## Recommended Posts

cza    122
hey guys another problem which i have googled for abotu 2 hours now and found no resolve my problem is this email script is sending blank emails: this info comes from the previous page in which all the feilds in the form are shown to the person who has entered the information , in order to check to see if they are all correct. is this the problem that they are comming from the actual form itself or am i doing somethign wrong. this needs to be finished by tomorrow so im desperate thanks ALOT of any help cza  this is the code from which the info is being sent: http://calebt.recoil.net.nz/others/check2.phps (if it is any help)  [edited by - cza on August 14, 2003 8:11:55 AM] [edited by - cza on August 14, 2003 8:12:18 AM]

##### Share on other sites
LordLethis    122
If your code is in the same order as you posted it, you should move the
$message = "$Q1 $Q2$Q3 $Q4$Q5 $Q6$Q7 $Q8$Q9 $Q10"; under the initialization of the vars$Q1-$Q10. #### Share this post ##### Link to post ##### Share on other sites cza 122 okay sweet will try now i thought that was abit weird but i got it off a tutorial here : http://resma.net/tutorials/php/form_finish.php hmmm still no joy i just tryed it then if i add ',' inbetween the$Q1 etc it send the , mark only

so the problem can only be in them :/

[edited by - cza on August 14, 2003 8:23:48 AM]

##### Share on other sites
LordLethis    122
Well then I guess your var's are empty...
...
Sorry I didn't look at the file you posted
You don't seem to be passing any vars to your email function...
You could pass them as
<input type="hidden" name="Q1" value="<?php echo $Q1; ?>"> and similar... [edited by - LordLethis on August 14, 2003 8:31:45 AM] #### Share this post ##### Link to post ##### Share on other sites cza 122 hmmm thanks should i put that on the sending page or on the check page here is how the site works survey.php (fill ths out , click the continue button) ----takes u to check.php (shows all your answers to make sure they are correct) -----click send button (Which is meant to email the answers) sent.php (just says thank u and all that) so now where do i put the hidden things on ? on the check.php page i would say?? #### Share this post ##### Link to post ##### Share on other sites LordLethis 122 Yeah, I meant to put it in the check.php. #### Share this post ##### Link to post ##### Share on other sites cza 122 thanks ALOT! bro you have potentially saved my life :D i will try now and report back #### Share this post ##### Link to post ##### Share on other sites LordLethis 122 No problem, I like to help if I can I remember me spending some hours about that prob not too long ago #### Share this post ##### Link to post ##### Share on other sites cza 122 OMG!@#! this is frustrating me somewhat (welcome to the world of coding) this is the code on my check page: <input type="hidden" name="Q1" value=""> <input type="hidden" name="Q2" value=""> <input type="hidden" name="Q3" value=""> <input type="hidden" name="Q4" value=""> <input type="hidden" name="Q5" value=""> <input type="hidden" name="Q6" value=""> <input type="hidden" name="Q7" value=""> <input type="hidden" name="Q8" value=""> <input type="hidden" name="Q9" value=""> <input type="hidden" name="Q10" value=""> <form action="sending.php" method="post"> <input type="submit" name="submit" value="Send Survey"> (where is says value=" there is this in there "< ? php echo$Q10 ; ? >)

this is the code on the sending page:

$address = "Tamihere@world-net.co.nz";$subject = "Survey";

$from = "geo_survey";$Q1=$_POST['Q1'];$Q2=$_POST['Q2'];$Q3=$_POST['Q3'];$Q4=$_POST['Q4'];$Q5=$_POST['Q5'];$Q6=$_POST['Q6'];$Q7=$_POST['Q7'];$Q8=$_POST['Q8'];$Q9=$_POST['Q9'];$Q10=$_POST['Q10'];$message = "$Q1,$Q2, $Q3,$Q4, $Q5,$Q6, $Q7,$Q8, $Q9,$Q10";

mail($address,$subject, $message,$from);

?>

and it still doesnt have anythign in the variables

im getting very close to just making the first submit button send the information D:

[edited by - cza on August 14, 2003 8:52:00 AM]

##### Share on other sites
hellz    356
Edit: Bah, it's messed up the PHP tags. I've sort of fixed it, but ignore the space after each < when a ? follows (it does make a difference in PHP), so make sure there's no space there.

Ok, here is what you want to be structuring your code as.

The first page where the user enters their survey answers wants to have a form that uses the POST method, which submits the information to your checking page.

Now, I *think* what you've done, is to just echo out the contents of $Qx on the checking page, not$_POST['Qx']. The difference is that PHP doesn't assume it should be checking the POST collection for the reference of $Qx, so instead of displaying the contents from each of your variables in the POST collection, in the hidden field values for your checking form, it's displaying nothing (another words, null) as a value. To correct this, change your hidden form inputs on your checking page, to the following: <input type="hidden" name="Q1" value="< ?php echo$_POST['Q1']; ?>">
<input type="hidden" name="Q2" value="< ?php echo $_POST['Q2']; ?>"> ... etc. Now there's 2 things I need to point out. Firstly, double check that your form on your first survey page is using POST as it's sending method (same goes for your form on your checking page) and secondly, before outputing the contents of each POST variable, on your second form, you should validate the contents. Example: < ?php /* Assume isFormSafe() is a function you've written to validate the data. */$v_Q1 = isFormSafe($_POST['Q1']); /* Do the same for the other question variables. */ ?> Then on your form, instead of directly accessing the POST collection to output the information on your forms (which is dangerous and very open to exploitation), use the$v_Qx variables instead, as in:

<input type="hidden" name="Q1" value="< ?php echo $v_Q1; ?>"> Incidentally, you can echo out variables in PHP using a shorthand similar to that of ASP; example: <input type="hidden" name="Q1" value="< ?=$_POST['Q1'];?>">

Notice there is no longer the need for "php echo" in that statement.

Hope that helps,

--hellz

[edited by - hellz on August 14, 2003 10:19:30 AM]

[edited by - hellz on August 14, 2003 10:20:47 AM]

##### Share on other sites
capn_midnight    1707
instead of sending all you data as seperate variables, I would send it as one.

There is a function called implode that takes an array and a string. It makes a string that is all of the elements of the array seperated by the string
$arr=array(1,2,3,4,5);$str=implode($arr,''|'');//$str is now "1|2|3|4|5";$arr2=explode(''|'',$str);//$arr2 is now equivalent to$arr

you could do a little javascript before you submit to do the implode.
<!--   survey.html  --><HTML><FORM NAME="fillForm"><INPUT NAME="ff1" TYPE="text" VALUE="all the stuff for your survey"><INPUT NAME="ff2" TYPE="text" VALUE="all the stuff for your survey"><INPUT TYPE="button" onClick="send()"></FORM><FORM NAME="subForm" ACTION="POST" METHOD="check.php"><INPUT TYPE="hidden" NAME="DATA" VALUE=""></FORM><SCRIPT LANGUAGE="JavaScript">function implode(arr,str){   var temp="";   for(i=0;i<arr.length-1;i++)      temp+=arr[i]+str;   temp+=arr[arr.length-1];}function send(){   var v=new Array(2);   v[0]=document.fillForm.ff1.value;   v[1]=document.fillForm.ff2.value;   var temp=implode(v,''|'');   document.subForm.DATA.value=temp;   document.subForm.submit();}</SCRIPT></HTML>

<!-- check.php   -->   <HTML><FORM NAME="hidForm" ACTION="POST" METHOD="send.php"><?phpprint "<INPUT TYPE=''hidden'' NAME=''DATA'' VALUE=''$DATA''>\n";$arr=explode("|",$DATA);foreach($arr as $item){$item<BR>";}?><INPUT TYPE="submit"><INPUT TYPE="button" VALUE="reset" onClick="parent.location=''survey.html''"></FORM></HTML>

etc....

In other words, you need to print" " or echo" " these hidden vars with value=''$Q1'' etc.... ALONG WITH your submit button to have the email.php REMEMBER the values. What you were doing is passing blanks to your email.php so no wonder you got blanks in the mail( ) command. I''ve done that myself when I was learning PHP last year. Also the$Q1 = $_POST etc lines are not required, I''ve never used those. You only need to reference the variables themselves and as long as they''re passed you''ll have the values. Phil P #### Share this post ##### Link to post ##### Share on other sites superpig 1825 I believe that in the more recent versions of PHP, you''re meant to use$_REQUEST[] rather than $_POST[].$_REQUEST contains values passed in through both GET and POST.

Sometimes you can access them directly by name (i.e. $Q1 rather than$_REQUEST["Q1"]) but I think that''s turned off by default because it''s a security hazard (''register_globals'' or something).

Superpig
- saving pigs from untimely fates, and when he''s not doing that, runs The Binary Refinery.
Enginuity1 | Enginuity2 | Enginuity3 | Enginuity4

##### Share on other sites
hellz    356
quote:
Original post by PhilVaz
Also the $Q1 =$_POST etc lines are not required, I've never used those. You only need to reference the variables themselves and as long as they're passed you'll have the values.

Edit: Read my reply after this mate, it'll explain more where I'm getting at.

Incorrect. The reason is that if you don't specify where the values are to be read from, it would be simple to inject information into those variables. For example, if you had a variable $test in your program, which you wanted to retrieve from a form via post, it would be very easy for an attacker to change the variable from the URL string, as in: something.php?test=whatever Whilst this doesn't demonstrate exactly *how* it's dangerous, you should *always* specify where a variable is to be read from, for the safety of your own scripts (and to enforce the principle of least privilege). --hellz [edited by - hellz on August 15, 2003 2:20:59 PM] #### Share this post ##### Link to post ##### Share on other sites hellz 356 quote: Original post by superpig I believe that in the more recent versions of PHP, you're meant to use$_REQUEST[] rather than $_POST[].$_REQUEST contains values passed in through both GET and POST.

Sometimes you can access them directly by name (i.e. $Q1 rather than$_REQUEST["Q1"]) but I think that's turned off by default because it's a security hazard ('register_globals' or something).

Whilst that is true, there's a lot you should be aware of. Firstly, register_globals was switched from ON to OFF in versions PHP 4.2.0 and upwards. Taken from the PHP manual:

"Reliance on this directive was quite common and many people didn't even know it existed and assumed it's just how PHP works. This page will explain how one can write insecure code with this directive but keep in mind that the directive itself isn't insecure but rather it's the misuse of it.

When on, register_globals will inject (poison) your scripts will all sorts of variables, like request variables from html forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this. Let's demonstrate with an example misuse of register_globals:

Example 15-14. Example misuse with register_globals = on

<  ?php// define $authorized = true only if user is authenticatedif (authenticated_user()) {$authorized = true;}// Because we didn't first initialize $authorized as false, this might be// defined through register_globals, like from GET auth.php?authorized=1 // So, anyone can be seen as authenticated!if ($authorized) {    include "/highly/sensitive/data.php";}?>

When register_globals = on, our logic above may be compromised. When off, $authorized can't be set via request so it'll be fine, although it really is generally a good programming practice to initialize variables first. For example, in our example above we might have first done$authorized = false. Doing this first means our above code would work with register_globals on or off as users by default would be unauthorized."

--hellz

[edited by - hellz on August 15, 2003 2:19:42 PM]