accepting more than 5 parameters in the mail() command

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
5leander5
Forum Commoner
Posts: 31
Joined: Thu Mar 09, 2006 3:45 am

accepting more than 5 parameters in the mail() command

Post by 5leander5 »

Is it possible to have more than 5 parameters in the mail() command? I am trying to mail 13 fields collected from a from a form but I get the following error:

Warning: mail() expects at most 5 parameters, 16 given in /home/bertspar/public_html/sendmail.php on line 16

My script is as follows:

<?
$Title = $_REQUEST['Title'] ;
$Name = $_REQUEST['Name'] ;
$Initial = $_REQUEST['Initial'] ;
$Surname = $_REQUEST['Surname'] ;
$Position = $_REQUEST['Position'] ;
$Company = $_REQUEST['Company'] ;
$Address1 = $_REQUEST['Address1'] ;
$Address2 = $_REQUEST['Address2'] ;
$Address3 = $_REQUEST['Address3'] ;
$Country = $_REQUEST['Country'] ;
$ContactNumber = $_REQUEST['ContactNumber'] ;
$CellNumber = $_REQUEST['CellNumber'] ;
$Email = $_REQUEST['Email'] ;
mail( "albert_oflaherty@hotmail.com", "Expression Of Interest in Forum on Public Safety 2006",
$Title,$Name,$Initial,$Surname,$Position,$Company,$Address1,$Address2,$Address3,$Country,$ContactNumber,$CellNumber,$Email, "From: $Email" );
header( "Location: http://www.bertsparadise.com/Confirmation.htm" );
?>

Can someone please help?
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

mail takes 5 parameters, thats all it will take. you can't just put in other parameters and expect php to know what to do with them, php does not know what $position is or why its there.

heres what you want:

Code: Select all

<?
$body = $_REQUEST['Title']."\n";
$body .= $_REQUEST['Name']."\n";
$body .= $_REQUEST['Initial']."\n";
$body .= $_REQUEST['Surname']."\n";
$body .= $_REQUEST['Position']."\n";
$body .= $_REQUEST['Company']."\n";
$body .= $_REQUEST['Address1']."\n";
$body .= $_REQUEST['Address2']."\n";
$body .= $_REQUEST['Address3']."\n";
$body .= $_REQUEST['Country']."\n";
$body .= $_REQUEST['ContactNumber']."\n";
$body .= $_REQUEST['CellNumber']."\n";
$body .= $_REQUEST['Email']."\n";
mail( "albert_oflaherty@hotmail.com", "Expression Of Interest in Forum on Public Safety 2006", $body, "From: $Email" );
header( "Location: http://www.bertsparadise.com/Confirmation.htm" );
?>
5leander5
Forum Commoner
Posts: 31
Joined: Thu Mar 09, 2006 3:45 am

Post by 5leander5 »

This was definitely a help. I now receive the email but the body of the mail is blank.

It looks like $body in the mail script has not been defined or something. What do you think?
5leander5
Forum Commoner
Posts: 31
Joined: Thu Mar 09, 2006 3:45 am

Post by 5leander5 »

Sorry dude. Didnt read your script correctly. Let me try it again.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

if the body is blank then that means that all of these $_REQUEST variables are empty.

on a side note you should not use $_REQUEST but instead use $_POST or $_GET depending on where they come from.
5leander5
Forum Commoner
Posts: 31
Joined: Thu Mar 09, 2006 3:45 am

Post by 5leander5 »

Very interesting. I now receive the contents of the $body in the email (which is correct), however, I am back where I started as the sender of the email is now listed as <unknown>. It seems that it cannot recognise the contents of the $Email variable in the mail() command. Any suggestions?
5leander5
Forum Commoner
Posts: 31
Joined: Thu Mar 09, 2006 3:45 am

Post by 5leander5 »

The variables are coming from a simple Dreamweaver form in which I use POST as the method. Should I replace REQUEST in my script and if so, with what?
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

yes, replace it with

Code: Select all

$_POST['field_name'];
$_REQUEST takes data from both $_POST and $_GET (whichever is available). This becomes a flaw as the user can just add ?field_name=value in which $_REQUEST['field_name'] will become value.
5leander5
Forum Commoner
Posts: 31
Joined: Thu Mar 09, 2006 3:45 am

Post by 5leander5 »

Mickd,

Do you know the answer to this question?

I now receive the contents of the $body in the email (which is correct), however, I am back where I started as the sender of the email is now listed as <unknown>. It seems that it cannot recognise the contents of the $Email variable in the mail() command. Any suggestions?
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Code: Select all

<?php 
$email = $_POST['email'];
$body = // etc etc

mail( "albert_oflaherty@hotmail.com", "Expression Of Interest in Forum on Public Safety 2006", $body, "From: $email" );
?>
Make sure everything is spelled correctly. The above should work. Also, check if your input field for which the email is filled in matches.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

There's a potential exploit a spammer could use in the script.

Read this for a previous thread about the same sort of hole.
5leander5
Forum Commoner
Posts: 31
Joined: Thu Mar 09, 2006 3:45 am

Post by 5leander5 »

Works a treat. Thanks dude.
5leander5
Forum Commoner
Posts: 31
Joined: Thu Mar 09, 2006 3:45 am

Post by 5leander5 »

What code do I need to include to save the contents of the user form to a text file (ie. to write the variables to a text file) as well as emailing it to someone?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

5leander5 wrote:What code do I need to include to save the contents of the user form to a text file (ie. to write the variables to a text file) as well as emailing it to someone?
look at fopen() for some examples.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

There's a potential exploit a spammer could use in the script
Yeah, mail() is a dangerous function if it falls in the wrong hands.. beware indeed. Just last week I spoke a webhost provider who wasn't so happy about the 50000 spammails that were send from their servers the week before ... luckily it wasn't my scripts :)
Post Reply