Posted by Jerry Stuckle on 01/18/08 01:03

Gilles Ganault wrote:
> Hello
>
> I need customers to be able to send us e-mails from our VB
> Classic application using the MSWinsock ActiveX control.
>
> Since there's no easy way to find the address of their SMTP server, I
> figured it'd be easier to have it call a PHP script, and send data
> with the POST method.
>

Why on earth would you need the address of their SMTP server? Even if
you had it, you wouldn't be able to send a message through it if it were
correctly configured.

> I'm sure there's a cleaner way to check that POST parameters were
> correctly sent, but I couldn't find an example:
>

Maybe that's because POSTed values are very specific to the form doing
the posting?

> ========
> <?php
> //Check input $_POST[] params: author, subject, body
> function CheckInput(){
> return false;
>
> if(isset($_POST)) {
> foreach($_POST as $key=>$val) {
> if (isset($val)) {
> return true;
> }
> }
> }
>

What do you expect this to do? Right now all it does is return false.
And even if you move your "return false;" statement to the bottom, all
it will do is see if $_POST is set, and if so, it will see if one value
in the $_POST array is set. If so, the function returns true. It does
not see if what key(s) you get are what you expect, or if the data
itself is valid.

> if CheckInput() {
> $to = "support@acme.com";
> $subject = "[myapp"] " . $_POST['subject'];
> $body = $_POST['body'];
> $headers = "From: " . $_POST['author'] . "\r\n"; //. "
> //php@svpi.biz\r\n" .
> if (mail($to, $subject, $body,$headers)) {
> echo("<p>Message successfully sent!</p>");
> } else {
> echo("<p>Message delivery failed...</p>");
> }
> } else {
> echo("<p>Check POST parameters!</p>");
> }
>
> ?>
> ========
>
> Thank you.
>


And leaving yourself open to be a SPAM generator - not to mention some
syntax errors.

But if you want form mail, why not just do it all in VBScript. That's
what I do in the couple of ASP sites I have.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]