Page 1 of 1

Variables sent by POST dependent on Browser type/version?

Posted: Tue Mar 30, 2010 12:38 am
by squareone
From Flash into PHP
I am writing a type of mail form in AS2 of Flash CS4.
I collect two variables (nameCli and messageCli)
I setup a "sending button" to appear ONLY when there is a minimum of characters (2) under nameCli AND a minimum of 10 characters in messageCli.
When that button is pressed I POST these two vars tru email_lv to email2.php.
I do this check to be absolutely sure that these vars have contents.

It works and tests well on several computers (PCs) under XP, Vista and 7
I haven't tested on a Mac
Under IE and Firefox 3.0.xx
I get the email with the correct values.

The PROBLEM: somehow, now and then I get (and worse, my client, to whom I wrote this app, gets) an "empty" email.
That is, the subject of these emails are: "Request from" and blank. No name.
The message is also blank.

Since I know, with no doubt that these vars have content, otherwise the send button wouldn't come up, I am puzzled.
I have no idea of what OS or Browsers these users have.

Question: Would be possible that some browsers would "block" the vars sent via POST?

Any suggestion is appreciated.
----
email_lv.sendAndLoad("email2.php",dummy_lv, "POST");
----

-----email2.php is:
<?php
$to = 'any@whomever.com';
$to2 = 'another@whomever.com';
$subject= 'Request from ' . $_POST["nameCli"];
$message = $_POST["messageCli"];
$headers = 'From: WebSite@clientserver.com'. "\n"
. 'Reply-To: doNOTreply@clientserver.com'. "\n"
. 'X-M ailer: PHP/'.phpversion() ."\n"
;

mail($to, $subject, $message, $headers);
mail($to2, $subject, $message, $headers);
?>
-----

Re: Variables sent by POST dependent on Browser type/version

Posted: Tue Mar 30, 2010 2:30 am
by omniuni
Is it possible that the blank submissions are from reloads of the PHP script that sends the mail, or from search engines crawling the page?

Re: Variables sent by POST dependent on Browser type/version

Posted: Tue Mar 30, 2010 8:50 am
by squareone
Thanks for your response.
It is possible but with little probability. I have the same script and similar ones all over my client’s sites. More than a dozen. This one is the only one that does that.
Also I didn't think about those points. Running the php script directly from the browser is a possibility that I should take care of. But the search engines... I didn’t know that they would run the scripts.
I am a newbie in php. What would be the best way to not run the mail() if the variables are "empty"?

Re: Variables sent by POST dependent on Browser type/version

Posted: Tue Mar 30, 2010 8:55 am
by AbraCadaver
Yeah, you might want to do this at the top or something similar:

Code: Select all

if(empty($_POST["nameCli"]) || empty($_POST["messageCli"])) {
    die();
}
It might also be a good idea to check for links or things that you consider spam so that your client doesn't get emails about sites selling stuff, etc.

Re: Variables sent by POST dependent on Browser type/version

Posted: Tue Mar 30, 2010 9:08 pm
by squareone
Thanks for the syntax.
I decided to change it a bit. I don't like to assume anything but in this case I really can't see anything wrong on my side.
I think that the following is a more elegant way, if I can even called it elegant, of presenting the problem to my client

Code: Select all

if(empty($_POST["nameCli"]) || empty($_POST["messageCli"])) {
    $subject = 'Invalid data';
    $message = 'This message is automatically generated when no data reaches the server. Something at the client side is preventing his information from reaching this Server.';
} else {
    $subject = 'NEW quote Request from ' . $_POST["nameCli"];
    $message = $_POST["messageCli"];

}

Re: Variables sent by POST dependent on Browser type/version

Posted: Tue Mar 30, 2010 9:38 pm
by phu
A trivial issue with this is that empty($x) will return false when $x contains, for example, a single space.

If all you're worried about is empty emails, using the results of trim($_POST[...]) instead of the POST values themselves might solve your problem.

Re: Variables sent by POST dependent on Browser type/version

Posted: Wed Mar 31, 2010 11:53 am
by squareone
Thanks. The problem isn't realy the empty emails. It is not understanding how they get there. Also, it makes my client think that something is wrong with what I programmed. With this new change, at least he knows that I am aware of it.
But I still have my doubts about what causes it because this only happens with this client.
I'll be renaming the .php file into something very different. This way I remove the possibility of someone running directly on the URL

Re: Variables sent by POST dependent on Browser type/version

Posted: Wed Mar 31, 2010 12:05 pm
by AbraCadaver
squareone wrote:I'll be renaming the .php file into something very different. This way I remove the possibility of someone running directly on the URL
Well no, the name of the php file is in your form action, so any person, spam bot or crawler can see it and use it. As soon as a search engine's crawler discovers your form, it may likely crawl the php page listed there as well, which will send an email. Best to just die() if the form fields are empty.

Re: Variables sent by POST dependent on Browser type/version

Posted: Wed Mar 31, 2010 11:55 pm
by squareone
Now, I am really lost...eheh
How can anyone, except perhaps the search engine crawler, find out the name of the php file?
I am using actionscript to POST to the php...
This is a real question, as I am very appreciative of your comments.
Thanks

Re: Variables sent by POST dependent on Browser type/version

Posted: Thu Apr 01, 2010 12:11 am
by s.dot
It is simple :) Just do not send email if the fields are not filled out. Redirect to an error message, exit(); die(); or do something but send. ;d