Page 1 of 1
accepting more than 5 parameters in the mail() command
Posted: Thu Mar 09, 2006 3:51 am
by 5leander5
Is it possible to have more than 5 parameters in the mail() command? I am trying to mail 13 fields collected from a from a form but I get the following error:
Warning: mail() expects at most 5 parameters, 16 given in /home/bertspar/public_html/sendmail.php on line 16
My script is as follows:
<?
$Title = $_REQUEST['Title'] ;
$Name = $_REQUEST['Name'] ;
$Initial = $_REQUEST['Initial'] ;
$Surname = $_REQUEST['Surname'] ;
$Position = $_REQUEST['Position'] ;
$Company = $_REQUEST['Company'] ;
$Address1 = $_REQUEST['Address1'] ;
$Address2 = $_REQUEST['Address2'] ;
$Address3 = $_REQUEST['Address3'] ;
$Country = $_REQUEST['Country'] ;
$ContactNumber = $_REQUEST['ContactNumber'] ;
$CellNumber = $_REQUEST['CellNumber'] ;
$Email = $_REQUEST['Email'] ;
mail( "
albert_oflaherty@hotmail.com", "Expression Of Interest in Forum on Public Safety 2006",
$Title,$Name,$Initial,$Surname,$Position,$Company,$Address1,$Address2,$Address3,$Country,$ContactNumber,$CellNumber,$Email, "From: $Email" );
header( "Location:
http://www.bertsparadise.com/Confirmation.htm" );
?>
Can someone please help?
Posted: Thu Mar 09, 2006 3:59 am
by shiznatix
mail takes 5 parameters, thats all it will take. you can't just put in other parameters and expect php to know what to do with them, php does not know what $position is or why its there.
heres what you want:
Code: Select all
<?
$body = $_REQUEST['Title']."\n";
$body .= $_REQUEST['Name']."\n";
$body .= $_REQUEST['Initial']."\n";
$body .= $_REQUEST['Surname']."\n";
$body .= $_REQUEST['Position']."\n";
$body .= $_REQUEST['Company']."\n";
$body .= $_REQUEST['Address1']."\n";
$body .= $_REQUEST['Address2']."\n";
$body .= $_REQUEST['Address3']."\n";
$body .= $_REQUEST['Country']."\n";
$body .= $_REQUEST['ContactNumber']."\n";
$body .= $_REQUEST['CellNumber']."\n";
$body .= $_REQUEST['Email']."\n";
mail( "albert_oflaherty@hotmail.com", "Expression Of Interest in Forum on Public Safety 2006", $body, "From: $Email" );
header( "Location: http://www.bertsparadise.com/Confirmation.htm" );
?>
Posted: Thu Mar 09, 2006 4:25 am
by 5leander5
This was definitely a help. I now receive the email but the body of the mail is blank.
It looks like $body in the mail script has not been defined or something. What do you think?
Posted: Thu Mar 09, 2006 4:26 am
by 5leander5
Sorry dude. Didnt read your script correctly. Let me try it again.
Posted: Thu Mar 09, 2006 4:31 am
by shiznatix
if the body is blank then that means that all of these $_REQUEST variables are empty.
on a side note you should not use $_REQUEST but instead use $_POST or $_GET depending on where they come from.
Posted: Thu Mar 09, 2006 4:34 am
by 5leander5
Very interesting. I now receive the contents of the $body in the email (which is correct), however, I am back where I started as the sender of the email is now listed as <unknown>. It seems that it cannot recognise the contents of the $Email variable in the mail() command. Any suggestions?
Posted: Thu Mar 09, 2006 4:36 am
by 5leander5
The variables are coming from a simple Dreamweaver form in which I use POST as the method. Should I replace REQUEST in my script and if so, with what?
Posted: Thu Mar 09, 2006 5:27 am
by mickd
yes, replace it with
$_REQUEST takes data from both $_POST and $_GET (whichever is available). This becomes a flaw as the user can just add ?field_name=value in which $_REQUEST['field_name'] will become value.
Posted: Thu Mar 09, 2006 8:11 am
by 5leander5
Mickd,
Do you know the answer to this question?
I now receive the contents of the $body in the email (which is correct), however, I am back where I started as the sender of the email is now listed as <unknown>. It seems that it cannot recognise the contents of the $Email variable in the mail() command. Any suggestions?
Posted: Thu Mar 09, 2006 9:44 am
by matthijs
Code: Select all
<?php
$email = $_POST['email'];
$body = // etc etc
mail( "albert_oflaherty@hotmail.com", "Expression Of Interest in Forum on Public Safety 2006", $body, "From: $email" );
?>
Make sure everything is spelled correctly. The above should work. Also, check if your input field for which the email is filled in matches.
Posted: Thu Mar 09, 2006 9:59 am
by feyd
There's a potential exploit a spammer could use in the script.
Read
this for a previous thread about the same sort of hole.
Posted: Thu Mar 09, 2006 10:04 am
by 5leander5
Works a treat. Thanks dude.
Posted: Thu Mar 09, 2006 10:37 am
by 5leander5
What code do I need to include to save the contents of the user form to a text file (ie. to write the variables to a text file) as well as emailing it to someone?
Posted: Thu Mar 09, 2006 10:45 am
by feyd
5leander5 wrote:What code do I need to include to save the contents of the user form to a text file (ie. to write the variables to a text file) as well as emailing it to someone?
look at
fopen() for some examples.
Posted: Thu Mar 09, 2006 10:53 am
by matthijs
There's a potential exploit a spammer could use in the script
Yeah, mail() is a dangerous function if it falls in the wrong hands.. beware indeed. Just last week I spoke a webhost provider who wasn't so happy about the 50000 spammails that were send from their servers the week before ... luckily it wasn't my scripts
