Page 1 of 1

Passing Variables and Echoing them

Posted: Tue Dec 02, 2014 8:50 pm
by RichGags
Hi. I am a novice at PHP but Im learning.

I created a form page that accepts some input and posts some variables to a php page. It is a text messaging api that runs via Twilio which is a MMS service I signed up for. They supplied me with the parameters and the php page which gets called in my post page. My form is..

Code: Select all

<form action="sendit.php" method="post" name="form1">
<table>
	<tr>
		<td align="right">Phone:</td>
		<td><input type="text" name="phone" value=""></td>
	</tr>
    <tr>
		<td align="right">Your Message:</td>
		<td><input type="text" name="mymessage" value=""></td>
	</tr>
           
	<tr>
		<td align="right"><input type="submit" value="Submit" name="submit"></td>
	</tr>
</table>
</form>
sendit.php looks like...

Code: Select all

<?php
// this line loads the library 
require('Services/Twilio.php'); 
 
$account_sid = 'xxxxx'; 
$auth_token = 'xxxxx'; 
$client = new Services_Twilio($account_sid, $auth_token); 

	$myto["phone"]    = $_POST["phone"];
	$mybody["mymessage"]    = $_POST["mymessage"];
;
$client->account->messages->create(array( 
	'To' => $myto, 
	'From' => "+19145551212", 
	'Body' => $mybody,   
));
 echo 'Sent ' .$_POST["mymessage"]. ' to '.$_POST["phone"];
This is working and it sends a text message to the number in $myto ... but Im not sure if it is proper coding technique to use the $_POST["mymessage"] again down there. I originally tried ...

Code: Select all

echo 'Sent ' .$mybody. ' to '.$myto;
but that resulted in an echo that looked like this: Sent Array to Array.

So my first question is - Why cant I use my variables in an echo?

My 2nd question which will just make my life easier is: How can I send the phone number I would like to send the text message to the form (<input type="text" name="phone" value="">) from a link in an email so that it automatically gets filled in?

Thanks!

Re: Passing Variables and Echoing them

Posted: Tue Dec 02, 2014 9:17 pm
by Celauran
The trouble is that you're trying to echo arrays. You're saving $_POST['phone'] in $myto['phone'], so you'd need to echo $myto['phone'] rather than just $myto.

Re: Passing Variables and Echoing them

Posted: Tue Dec 02, 2014 9:21 pm
by RichGags
Thanks. Is it ok to leave it the way it is since it is working? or is it better to use the variable instead of the POST?

Re: Passing Variables and Echoing them

Posted: Tue Dec 02, 2014 9:22 pm
by Celauran
Makes no difference. They contain the exact same value.

Re: Passing Variables and Echoing them

Posted: Tue Dec 02, 2014 9:27 pm
by RichGags
Thanks for your help!

Re: Passing Variables and Echoing them

Posted: Wed Dec 03, 2014 9:34 am
by Christopher
You need validate and filter $_POST["phone"] and $_POST["mymessage"] before using them. And encode HTML characters in them before echoing them. This script is very hackable.

Re: Passing Variables and Echoing them

Posted: Wed Dec 03, 2014 9:42 am
by RichGags
What do you mean? Im not familiar with validation and encoding. Thanks.

Re: Passing Variables and Echoing them

Posted: Thu Dec 04, 2014 5:30 pm
by Christopher
You accept a string of characters from the Internet and then echo them back verbatim. There are many exploits that inject Javascript, etc. into you page. There may also be mail system exploits since you are putting the string into the email as well.

http://www.sitepoint.com/input-validati ... functions/