Posted by Ian Rutgers on 05/17/06 20:51

"robert" <ab@no.spam-alama-ding-dong> wrote in message
news:uXyag.161$hD5.96@fe04.lga...
>| //email variable declaration
> | $email_to = "person@abc.com";
> | $email_subj = "the form name";
> | $from_address = "bill@def.com";
> |
> | // now we build the message of the email
> | session_start();
> | echo $_SESSION['message'];
> | $the_message = $_SESSION['message'];
> | // now we send the email
> | mail($email_to, $email_subj,$the_message,"From: $from_address"); //send
> | the message
> | ?>
> |
> | When I did things this way, Hunger and Liar Lunatic make to the body of
> the
> | message, but not the contents of $email_hunger and
> $email_liar_lunatic.
> | What I am doing wrong ... is there a better way???
>
> man, that's a security hole just waiting to be used! don't store the
> message
> in a session variable. ex., i log on as admin and send a sensitive message
> to user A. next, i try to send a message to user B but the script poops a
> bit in generating the message but continues to email from the session
> message...user B now has info that only A should have - things like user
> names, passwords, financials, etc..
>
> i would make/use an email class object...the page with your form should be
> building your message and sending it via the email class. there's NO need
> to
> session anything. this is the same methodology as collecting data and
> putting it in a db...only here, there's no db - you instead output via
> email.
>
>
I found an email class object as suggest ... it works but .... how do I
either put it in the body of the page so it doesn't execute when the page
loads or put it in another page and transfer the body of the message to the
other page to have the email formulated??

.... here is the code that is on the php page

<?
//email variable declaration
require_once("../includes/mail.class.php");
$email_hunger = $_POST['jesus_hungry_heart'];
$email_liar_lunatic = $_POST['jesus_liar_lunatic_true'];
$email_to = "bill@abc.com";
$email_subj = "what did jesus claim";
$from_address = "george@sample.com";
// now we build the message of the email

$mailout = new mailer;
$mailout->from(george@sample.com, 'Sender');
$mailout->add_recipient($email_to);//add a recipient in the to: field
//$mailout->add_cc('person2@example.com');//carbon copy
//$mailout->add_bcc('person3@example.com');//blind carbon copy
$mailout->subject($email_subj);//set subject
$message = "Hunger:" . $email_hunger ."\n" . "Liar Lunatic" .
$email_liar_lunatic;
$mailout->message($message);//set message body
$mailout->send();//send email(s)

• Next in forum: Re: Passing Variables from a form to an email
• Prev in forum: Re: java script in php
• Thread view: Re: Passing Variables from a form to an email

[Reply to this message]