Posted by Ken Robinson on 02/19/07 15:17

"shror" <shahirwm@gmail.com> wrote in news:1171898875.188006.234860
@p10g2000cwp.googlegroups.com:

> dear all,
>
> i have started learning php 2 weeks ago and i have wrote my first
> script for mail sender and the script takes all my data and move to
> the thanks page but the problem is that the mails never comes, so i
> need your help with me, and here is my script:
>
> mail.htm code:
>
> <form method="POST" action="mail.php" onSubmit="">

You don't need the onSubmit attribute if there is nothing to do

> <p>email <input type="text" name="email" size="20"></p>
> <p>subject <input type="text" name="subject"></p>
> <p>message<textarea rows="2" name="message" cols="20"></textarea></
> p>
> <p><input type="submit" value="Submit" name="B1"><input type="reset"
> value="Reset" name="B2"></p>
> </form>
>
>
> mail.php code:
>
> <?php
> $email = $HTTP_POST_VARS['email'];
> $subject = $HTTP_POST_VARS['subject'];
> $msg = $HTTP_POST_VARS['message'];

You want to use the $_POST superglobal array here not the old
$HTTP_POST_VARS array.

$email = $_POST['email'];
$subject = $_POST['subject'];
$msg = $_POST['message'];


> $from = "s7els7.com";

The "From" header needs to be formated correctly:
"From: valid@emai.address.here";

$from = "From: youremailaddres@s7els7.com";

> if (mail($email,$subject,$message,$from)) {
> echo "<h4>Thank you for sending email</h4>";
> } else {
> echo "<h4>Can't send email to $mail</h4>";
> }
> ?>

Leaving your script like this, you are opening yourself up to spammers
finding your form and using it to do all sorts of spamming.

You should read this
<http://www.nyphp.org/phundamentals/email_header_injection.php> article
on preventing Email Header Injection Exploits.

Ken

[Back to original message]