Page 1 of 1

Flash and PHP email form, need help

Posted: Mon Aug 28, 2006 2:59 pm
by WithHisStripes
Heya,
I have a flash form that uses PHP to send the data to an email, but it causes all of the data to display on the same line with no spaces when recieved via email, can anyone help? Thanks!

Code:

Code: Select all

<?php
$sendTo = "email@email.com";
$subject = "Contact Form from Cabinet Source Website";
$headers = "From: " . $_POST["name"] ." ". $_POST["phone"] . "<" . $_POST["comments"] .">\r\n";
$headers .= "Reply-To: " . $_POST["name"] . "\r\n";
$headers .= "Return-path: " . $_POST["name"];
$message = $_POST["comments"];
mail($sendTo, $subject, $message, $headers);
?>

Posted: Mon Aug 28, 2006 3:03 pm
by Luke
it sends the email with whatever message you tell it to send it with... so it's going to send whatever is inside of $_POST['comments']

Posted: Mon Aug 28, 2006 4:01 pm
by feyd
That code is extremely open to mail header insertion (read: spammers will love you and get you into serious trouble.)

Posted: Mon Aug 28, 2006 10:32 pm
by WithHisStripes
I'm sorry, I didn't explain myself correctly, I know that whatever is in that section will be sent, but when I do that; include additional information to be sent, than when you receive it via email all the information appears on the same line. I'm not having any problems with the data actually getting sent, just having it properly formatted, does that make sense?

PS thanks for the spam reminder, I totally forgot about that in the forum.

Posted: Mon Aug 28, 2006 10:35 pm
by feyd
I would imagine that the data Flash is sending as the message isn't exactly what you are expecting then.

Posted: Mon Aug 28, 2006 10:36 pm
by RobertGonzalez
It makes sense. You might want to have a look at the PHP Manual for mail() for information on how to set ContentTypes and such.

Posted: Mon Aug 28, 2006 10:39 pm
by feyd
WithHisStripes wrote:PS thanks for the spam reminder, I totally forgot about that in the forum.
I wasn't actually referring to the email address being visible, but the direct use of $_POST data without filtering, validation.. anything to protect you and your users. There's a thread that Ninja Space Goat started a while back on mail header injection.. I would consider it a good, possibly alarming, read for you.