PHP Form Script Problem

[thekooliest]

Ok, so I made what I thought what would work as a form...but it turns out, I don't know too much when it comes to PHP.

So...Here is my HTML text.

      <form action="site.php" method="POST">       <table>       <tr>       <td>Name:</td>       <td><input type="text" name="name"></td>       </tr>       <tr>       <td>Email:</td>       <td><input type="text" name="email"></td>       </tr>       <tr>       <td>Web Address:</td>       <td><input type="text" name="url"></td>       </tr>       <tr>       <td>Website Name:</td>       <td><input type="text" name="webname"></td>       </tr>       <tr>       <td>City:</td>       <td><input type="text" name="city"></td>       </tr>       <tr>       <td>State:</td>       <td><input type="text" name="state"></td>       </tr>       <tr>       <td>If not in US, Country?</td>       <td><input type="text" name="country"></td>       </tr>       <tr>       <td><input type="submit" name="SubmitForm" value="Send"></td>       </tr>       </table>       </form>

And here is the php for 'site.php'...

<?php   $name = $_REQUEST['name'] ;   $email = $_REQUEST['email'] ;   $url = $_REQUEST['url'] ;   $webname = $_REQUEST['webname'] ;   $city = $_REQUEST['city'] ;   $state = $_REQUEST['state'] ;   $country = $_REQUEST['country'] ;    $to = '[email protected]';   $subject = 'Site Submitted';   $Body = ""; $Body .= "Name: "; $Body .= $name; $Body .= "\n"; $Body .= "Email: "; $Body .= $email; $Body .= "\n"; $Body .= "City: "; $Body .= $city; $Body .= "\n"; $Body .= "State: "; $Body .= $state; $Body .= "\n"; $Body .= "Country: "; $Body .= $country; $Body .= "\n"; $Body .= "URL: "; $Body .= $url; $Body .= "\n"; $Body .= "Website Name: "; $Body .= $webname; $Body .= "\n";    mail( $to, $subject,     $body, "From: $email" );   header( "Location: siteok.shtml" ); ?>

All I get is a blank email.
I tried some other ways that I thought would work as well, but now luck. Any help for this PHP beginner would be great.
-Sam

 

[nasaboy007]

Well, the first problem is that you're using the wrong variables. Since your HTML form is using the POST method (method="POST"), you have to use $_POST variables. Basically, instead of putting $_REQUEST['text'], put $_POST['text'].

Try that and tell me if you still get blank emails... although if by blank you mean "Name: ___
Email: ___" etc

and not just " ".

 

[Nodws]

no no, $_REQUEST is fine, you just have a typo :P

use this

<?php   
$name = $_REQUEST['name'] ;   $email = $_REQUEST['email'] ;   $url = $_REQUEST['url'] ;   $webname = $_REQUEST['webname'] ;   $city = $_REQUEST['city'] ;   $state = $_REQUEST['state'] ;   $country = $_REQUEST['country'] ;    $to = '[email protected]';   $subject = 'Site Submitted';   $Body = ""; $Body .= "Name: "; $Body .= $name; $Body .= "\n"; $Body .= "Email: "; $Body .= $email; $Body .= "\n"; $Body .= "City: "; $Body .= $city; $Body .= "\n"; $Body .= "State: "; $Body .= $state; $Body .= "\n"; $Body .= "Country: "; $Body .= $country; $Body .= "\n"; $Body .= "URL: "; $Body .= $url; $Body .= "\n"; $Body .= "Website Name: "; $Body .= $webname; $Body .= "\n";    mail( $to, $subject,  $Body, "From: $email" );   header( "Location: siteok.shtml" ); 
?>

 

[thekooliest]

No it doesn't work. And ya I meant ' ' blank, not 'Name : ' blank.
Any ideas?

no no, $_REQUEST is fine, you just have a typo :P

use this

<?php   
$name = $_REQUEST['name'] ;   $email = $_REQUEST['email'] ;   $url = $_REQUEST['url'] ;   $webname = $_REQUEST['webname'] ;   $city = $_REQUEST['city'] ;   $state = $_REQUEST['state'] ;   $country = $_REQUEST['country'] ;    $to = '[email protected]';   $subject = 'Site Submitted';   $Body = ""; $Body .= "Name: "; $Body .= $name; $Body .= "\n"; $Body .= "Email: "; $Body .= $email; $Body .= "\n"; $Body .= "City: "; $Body .= $city; $Body .= "\n"; $Body .= "State: "; $Body .= $state; $Body .= "\n"; $Body .= "Country: "; $Body .= $country; $Body .= "\n"; $Body .= "URL: "; $Body .= $url; $Body .= "\n"; $Body .= "Website Name: "; $Body .= $webname; $Body .= "\n";    mail( $to, $subject,  $Body, "From: $email" );   header( "Location: siteok.shtml" ); 
?>

That gave me this error, Warning: Cannot modify header information - headers already sent by (output started at /home2/geckoinf/public_html/stefan/site.php:1) in /home2/geckoinf/public_html/stefan/site.php on line 2

Wait! nodws, It sent the email perfectly, what part of the code should I get rid of so it doesn't give me the error...it brings me to 'siteok.shtml'?
Thanks you guys, Sam

 

[Nodws]

use this for a "thank you" message instead

  <?php   
$name = $_REQUEST['name'] ;   $email = $_REQUEST['email'] ;   $url = $_REQUEST['url'] ;   $webname = $_REQUEST['webname'] ;   $city = $_REQUEST['city'] ;   $state = $_REQUEST['state'] ;   $country = $_REQUEST['country'] ;    $to = '[email protected]';   $subject = 'Site Submitted';   $Body = ""; $Body .= "Name: "; $Body .= $name; $Body .= "\n"; $Body .= "Email: "; $Body .= $email; $Body .= "\n"; $Body .= "City: "; $Body .= $city; $Body .= "\n"; $Body .= "State: "; $Body .= $state; $Body .= "\n"; $Body .= "Country: "; $Body .= $country; $Body .= "\n"; $Body .= "URL: "; $Body .= $url; $Body .= "\n"; $Body .= "Website Name: "; $Body .= $webname; $Body .= "\n";    
@mail( $to, $subject,  $Body, "From: $email" ); 
echo"<h3>Thank you!</h3>";
?>

cheers!

 

[qbert220]

$_REQUEST is fine

$_REQUEST is fine because $_REQUEST contains everything that is contained in $_POST, $_GET and $_COOKIE. It can be used with GET variables (those after the ? in the URL or from a form using the GET action), POST vatiables (those from form using the POST action) or stored in cookies.

 

[thekooliest]

use this for a "thank you" message instead

  <?php   
$name = $_REQUEST['name'] ;   $email = $_REQUEST['email'] ;   $url = $_REQUEST['url'] ;   $webname = $_REQUEST['webname'] ;   $city = $_REQUEST['city'] ;   $state = $_REQUEST['state'] ;   $country = $_REQUEST['country'] ;    $to = '[email protected]';   $subject = 'Site Submitted';   $Body = ""; $Body .= "Name: "; $Body .= $name; $Body .= "\n"; $Body .= "Email: "; $Body .= $email; $Body .= "\n"; $Body .= "City: "; $Body .= $city; $Body .= "\n"; $Body .= "State: "; $Body .= $state; $Body .= "\n"; $Body .= "Country: "; $Body .= $country; $Body .= "\n"; $Body .= "URL: "; $Body .= $url; $Body .= "\n"; $Body .= "Website Name: "; $Body .= $webname; $Body .= "\n";    
@mail( $to, $subject,  $Body, "From: $email" ); 
echo"<h3>Thank you!</h3>";
?>

cheers!

Well I was planning to make it send you to a different page, not just say thank you ... xD

 

[qbert220]

That gave me this error, Warning: Cannot modify header information - headers already sent by (output started at /home2/geckoinf/public_html/stefan/site.php:1) in /home2/geckoinf/public_html/stefan/site.php on line 2

This means that PHP has already outputted some text. This forces PHP to output HTTP headers. Once it has done this, it cannot output more headers to redirect to another page.

Was the code you posted the entore contents of site.php? If not, put the code you posted at the top of site.php. Make sure that there are no blank lines or space characters before the "<?php" tag.

 

[thekooliest]

Thanks everyone!!! It works, and know i have a better understanding of PHP.
There was a space before the opening tag from when nodws gave me the code xD

 

[nasaboy007]

$_REQUEST is fine because $_REQUEST contains everything that is contained in $_POST, $_GET and $_COOKIE. It can be used with GET variables (those after the ? in the URL or from a form using the GET action), POST vatiables (those from form using the POST action) or stored in cookies.

After 5 years of scripting PHP, I'd never heard of $_REQUEST before this day. However, I see this as a security risk: what dictates in which order the server will take them? For example, if a user submits the form with some inputted text, and then injects a cookie with the same name with different text, which one is read? Wouldn't this leave you vulnerable to cookie injection? (I know, sanitize, etc) but still.

 

[qbert220]

what dictates in which order the server will take them?

You can configure the order in which variables are taken using request_order in your php.ini file. Default is GET, POST, COOKIE.

Wouldn't this leave you vulnerable to cookie injection?

It won't make your script more vulnerable. A malicious user could inject malicious data using POST, just as they could using a cookie.