Page 1 of 1
Error in my php code: mail function
Posted: Sat Jun 28, 2008 9:38 pm
by lhcpr
Hi,
I was wondering if anyone could help me trouble shoot the following php code that uses a mail function to send form data.
The error I am currently getting is:
Parse error: syntax error, unexpected T_STRING in processor.php on line 46
My code is:
Code: Select all
<?php
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
session_start();
//Validation and handling if check box is equal to Yes
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($_POST['field_5']=="Yes") ) {
// Checkbox handling
$field_5_opts = $_POST['field_5'][0];
// Sender email is predefined as a hidden html field
$email = $_POST['field_6'];
// Message body
$message = $_POST['field_1'] . " " . $_POST['field_2'] . " says no to development at Turrella Reserve" . "
Email address: " . $_POST['field_3'] . "
This is what " . $_POST['field_1'] . " has to say:
" . $_POST['field_4'] . "
Check if you wish to receive updates on development progress: $field_5_opts";
//Mail function
mail("xyz@gmail.com,xyz@yahoo.com","No development at Turrella Reserve",$message,"From: $email");
include("confirm.html");
}
//Validation and handling if check box is not equal to Yes
elseif( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($_POST['field_5']!="Yes") ) {
// Checkbox handling
$field_5_opts = $_POST['field_5'][0];
// Sender email is predefined as a hidden html field
$email = $_POST['field_6'];
// Message body
$message = $_POST['field_1'] . " " . $_POST['field_2'] . " says no to development at Turrella Reserve" . "
Email address: " . $_POST['field_3'] . "
This is what " . $_POST['field_1'] . " has to say:
" . $_POST['field_4'] . ";
// Mail function
mail("xyz@gmail.com","No development at Turrella Reserve",$message,"From: $email");
include("confirm.html");
}
else {
echo "Invalid Captcha String.";
}
?>
Re: Error in my php code: mail function
Posted: Sat Jun 28, 2008 10:03 pm
by SidewinderX
Code: Select all
// Message body
$message = $_POST['field_1'] . " " . $_POST['field_2'] . " says no to development at Turrella Reserve" . "
Email address: " . $_POST['field_3'] . "
This is what " . $_POST['field_1'] . " has to say:
" . $_POST['field_4'];
Re: Error in my php code: mail function
Posted: Sat Jun 28, 2008 10:06 pm
by califdon
On line 44 you have:
which looks like you were planning to add something more to the $message string. Your formatting lends itself to confusion, since you start a new double-quoted string at the end of each line. I would recommend that you never do that. Instead, end each line of the script with the
end of a string, which will then make it much easier to spot this kind of an error. Unless you want to add a period in the message, just remove the
. " from that line. If you need a period, then it should look like this:
Re: Error in my php code: mail function
Posted: Mon Jun 30, 2008 12:43 am
by lhcpr
Hi califdon and sidewinder - thanks for the feedback.
I take your point about formatting and see that silly error in my code. Unfortunately, my php code does not operate correctly after having fixed it (
->
.
What I am trying to do is as follows (in laymans terms):
If
Validation = true and check box == "Yes" (or checked)
mail(
"wxy@gmail.com,xyz@gmail.com",$Subject,$message,"From: $email")
Elseif
Validation = true and check box != "Yes" (not checked)
mail(
"wxy@gmail.com",$Subject,$message,"From: $email")
Else .....
After fixing my mistake (described above), I tested the form and found:
1) It appears to work fine)
2)
When the check box is checked, the mail is not sent to both emails as directed (only the first)
3) It appears to work fine when the check box is not checked (which is no supprise)
Is there something wrong with my IF statement?
Any help would be super!!!
Graham
Re: Error in my php code: mail function
Posted: Mon Jun 30, 2008 1:24 pm
by califdon
One way you could make life a whole lot easier on yourself would be to practice good habits about indenting your code. With every line beginning at the left margin, the structure of the code, which is the heart and soul of any program, is not evident. Think in terms of
blocks of code. For example, an if statement can be indented like this:
Code: Select all
if ($something=="this") {
echo "This is true";
// whatever else you want to do
} else {
echo "This is not true";
// some more stuff
}
This emphasizes the blocks of code that are independent of each other and makes it much easier to read and debug.
Now to your problem. From what you are saying, the code block following the
Code: Select all
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($_POST['field_5']=="Yes") ) {
is never executing. That must be because one of the conditions is not being met. So you have to check to determine which one is not. In other words, you have to know exactly what value each of those variables is at that point in your script. What I would do is put in a temporary echo statement that prints the value of each of those variables to the screen. That should reveal why it isn't executing that block of code. Once you've discovered and corrected the error, you can remove the debug block.
Code: Select all
...
echo "SESSION security_code is ".$_SESSION['security_code']."<br />"; // debug
echo "POST security_code is ".$_POST['security_code']."<br />"; // debug
echo "POST field_5 is ".$_POST['field_5']."<br />"; // debug
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($_POST['field_5']=="Yes") ) {
You'll probably find that either the session variable or one of your POST variables isn't what you think it is.
Re: Error in my php code: mail function
Posted: Wed Jul 02, 2008 6:05 pm
by lhcpr
Hello all,
Issues related to a conditional mail function seem to be decreasing; which is great news! Most of the issues were borne from poor code formatting and illogical layout!!! A huge lesson I have learnt. While the code works, are there any other suggestions or issues that I need to be aware of? Code as follows:
Code: Select all
<?php
session_start();
// Setup code
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
// Checkbox handling
$field_5_opts = $_POST['field_5'][0];
// Sender email is predefined as a hidden html field
$email = $_POST['field_6'];
// Message body
$message = $_POST['field_1'] . " " . $_POST['field_2'] . " says no to development at Turrella Reserve" . "
Email address: " . $_POST['field_3'] . "
This is what " . $_POST['field_1'] . " has to say:
" . $_POST['field_4'];
//Validation and handling if check box is equal to Yes
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($field_5_opts=="Yes") ) {
//Mail function if check box is equal to Yes
mail("wxy@gmail.com,xyz@gmail.com","No development at Turrella Reserve",$message,"From: $email");
include("confirm.html");
}
//Validation and handling if check box is not equal to Yes
elseif( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) && ($field_5_opts!="Yes") ) {
// Mail function
mail("wxy@gmail.com","No development at Turrella Reserve",$message,"From: $email");
include("confirm.html");
}
else {
echo "Invalid Captcha String.";
}
?>
Cheers
Graham
Re: Error in my php code: mail function
Posted: Wed Jul 02, 2008 9:35 pm
by califdon
I'm glad you're learning. That's what it's all about!
You still have some syntax errors that need to be fixed. For example, be careful of your double-quoted strings. All too often, you start a string with a double-quote, but never complete it with the closing double-quote, at least on the same line. That's a very bad habit that will give you headaches until you get accustomed to checking them every time you use them. It may
work when a string is spread over more than one line, but it makes it hard to read and debug.
Code: Select all
$message = $_POST['field_1'] . [color=#00BF00]" "[/color] . $_POST['field_2'] . [color=#00BF00]" says no to development at Turrella Reserve"[/color] . [color=#FF0000]"[/color]
Email address: " . $_POST['field_3'] . [color=#FF0000]"[/color]
Then, do you realize that you're sending the identical message
whether or not $field_5_opts equals "YES"? Maybe you just haven't got to the point where you're going to introduce the different messages.
Re: Error in my php code: mail function
Posted: Thu Jul 03, 2008 1:12 am
by lhcpr
Hi califdon,
Thanks for all your assistance. With regards to my starting a new " at the end of a line and not finishing it, I guess the reason why I have done this is so I can start a new line. Is there anyway to introduce a new line without doing it this way. The answer is not just to hit the return key is it?
With regards to message being the same, this is ok; I just want to direct a copy to another email address that will only keep track of those people who wish to "be kept up to date". This works pretty well.
With regards to validation, are there any holes? The form uses "Captcha" validation.
Cheers,
Graham
Re: Error in my php code: mail function
Posted: Thu Jul 03, 2008 2:33 pm
by califdon
I'm caught in a time-bind right now, but let me try to answer some of your questions. Actually, you
can just hit Enter at the end of a line, within a string, although I prefer not to do it, again, for reasons of readability and debugging. I prefer to use the handy
.= concatenation operator, like this:
Code: Select all
$var = "blah blah blah blah blah";
$var .= "more blah blah blah";
But there are several other techniques, such as "heredoc". Read this:
http://us2.php.net/types.string
Were it me, I'd have only one line with the mail(...) function, if all you want to do is change the addressee(s). Assign whichever addressee(s) you want to a variable in the conditional (if) statement, then use that variable in the mail() function. Among other benefits, if you want to change other parts of the message for both classes of recipients, you only have to change it in one place, reducing likelihood of errors. Generally, it's preferable to limit the contents of a conditional block to those things that MUST be changed, based on the conditional.
I'm not a security expert, so I'll let someone else provide details for you, but I would recommend that you validate all your $_POST variables. For example, use
regex expressions to determine that the email address is a possible valid email address. Again, I'm not an expert in regex, but you would do well to get familiar with it. It's very powerful in parsing strings.
Re: Error in my php code: mail function
Posted: Thu Jul 03, 2008 11:09 pm
by lhcpr
Hi Califdon - thanks for the tips.
I thought that it would be too obvious just to be able to hit the return key! Not to be

Will give your suggestions a try.
With regards to security, form fields are validated from the form-html level I believe.
With regards to regex to validate email, I need to be pragmatic and say "maybe next time" to this. This is the first time to date that I have used PHP and it has taken a little time to get familiar with it; regex will take me more time to get right too!
That being said, regexs ARE quite powerful and perhaps good for me to brush up in the background.
Well, I think that my problems have been sorted so I will close up shop and mark as "Solved".
Thanks for yor time and assistance all (particularly califdon).
Graham
Re: Error in my php code: mail function
Posted: Fri Jul 04, 2008 1:09 pm
by califdon
lhcpr wrote:With regards to security, form fields are validated from the form-html level I believe.
"Danger, Will Robinson!" Hackers may not even be using your html form page. You need to validate both in the form (with javascript) and in the php script before it goes into your database.
With regards to regex to validate email, I need to be pragmatic and say "maybe next time" to this. This is the first time to date that I have used PHP and it has taken a little time to get familiar with it; regex will take me more time to get right too!
That being said, regexs ARE quite powerful and perhaps good for me to brush up in the background.
Certainly understandable. Just try not to put it off indefinitely.
Good luck and don't hesitate to return with other questions.