does anyone know how to make this work

html

<form method="post" action="sendmail.php">

<fieldset>
<legend>Personal Information</legend>>
<label for="firstname" accesskey="f">First name: </label>
<input type="text" id="firstname" name="firstname" value="" tabindex="1">
<label for="lastname" accesskey="l">Last name: </label>
<input type="text" id="lastname" name="lastname" tabindex="2">
<label for="email" accesskey="e">Email: </label>
<input type="text" id="email" name="email" tabindex="3">
</fieldset>
<fieldset>
<legend>Comments</legend>
<label for="comments" accesskey="c">Enquires: </label>
<textarea id="comments" rows="8" cols="20" name="comments"></textarea>
<input type="submit" value="Submit" tabindex="5"> <input type="Reset" tabindex="6">
</fieldset>



php
<?php
$firstname = $_REQUEST['firstname'] ;
$lastname = $_REQUEST['lastname'] ;
$email= $_REQUEST['email'] ;
$comments= $_REQUEST['comments'] ;
mail( "........@hotmail.co.uk", "Feedback Form Results",
$message, "From: $email" );
header( "Location: http://www.example.com/thankyou.html" );
?>

 

And the problem is...?

 

sorry i made a form with fieldsets and want the form to be e-mailed to my e-mail but what i tried does not work am new to this so bare with me

 

Try:

<?php
$firstname = $_REQUEST['firstname'] ;
$lastname = $_REQUEST['lastname'] ;
$email= $_REQUEST['email'] ;
$comments= $_REQUEST['comments'] ;

$message = htmlspecialchars("{$firstname}, {$lastname} ({$email})\n\n{$comments}");

mail
(
    "........@hotmail.co.uk",
    "Feedback Form Results",
    $message,
    "From: " . preg_replace('~[^\w-\.@\+]+~', null, $email)
);

header( "Location: http://www.example.com/thankyou.html" );

?>

PHP:

 

tried that it doesnt work anything to do with the submit

 

Can you please use periods and commas? lol.. it's a bit hard to say where your sentences finish.

Anyway, I don't know what you're saying about the submit, but you're missing a closing </form> tag at the end. Might be the issue? Does your form submit at all?

Or don't you receive the email? Try using a non-hotmail address. Hotmail can be a pain in the ass sometimes.

 

ok sorry, i have tried changing the address to a non hotmail and it still doesnt work, and i have a </form>.
my form doesnt submit & i dont receive anything, do ihave to write any php in the index page

 

Is there a particular reason you're using $_REQUEST instead of $_POST?

Also... not sure but you may want to try using a class such as PHPMailer. I would put the link, but unfortunately I haven't posted enough to add links to my posts yet.

 

I was wondering too why you are using $_REQUEST instead of $_POST when your form data is POST.

If you use $_REQUEST you have no guarantee that the data came from the post data, which leads to security holes in your script. You might want to use $_REQUEST if you've got some variables on a form that can come in either via $_POST or $_GET.

Try using $_POST and it will solve your problem.

For mailing solutions PHPMailer is a good choice, you can try with that.


Regards,
Gonzo

 

Glad to see I wasn't the only one wondering about this.

 

There is nothing wrong with using $_REQUEST instead ofo $_GET/$_POST - in fact I'd say it is better to use $_REQUEST as it makes it easier to change from post/get requests, and makes debugging much easier.

Using $_REQUEST instead of $_GET/$_POST poses no security risk at all - all your input should be checked and validated no matter where it comes from.

 

That's the thing, we're talking reality here. We all know that with the ease of learning PHP in the beginning, that there are MANY web forms using PHP that do not validate their form data. Just a thought, I could be way off base though. What do you think?

 

If you think using $_POST instead of $_REQUEST gives you added security then I'd be really worried about your scripts! Just because you KNOW data is being posted doesn't make it any more secure, and not much more difficult to send malicious data.

 

First of all $_REQUEST is less strict than $_POST or $_GET and you can't ensure where your imputs are coming from and in that context it is less secure.

Suppose if you are relying on your POST data to be submited, then anybody can simply override it by passing a GET string eg: www.websitename.com?var=somevalue.

Again using $_REQUEST posses more risk of SQL injection vulnerability if your script is not properly coded.

If you are using cookies for tracking or authorization then this problem may arise if you are ignorant. As cookies are also put into $_REQUEST at last. Any data sent by $_POST or $_GET will be overwritten by cookie with same names.

eg:
$_POST[”username”] = “post value”; eg. Hari
$_GET[”username”] = “get value”; eg. Tom
$_COOKIE[”username”] = “cookie value"; eg. Jack

Now
$_REQUEST[”username”] = “Jack”;

Here $_REQUEST is overwritten by cookie value even thou your $_POST or $_GET values are different, but all have a common variable name i.e username.

I am not saying using $_REQUEST is security risk but it leads to security vulnerability with poor coding.

Regards,
Gonzo

 

No way your script will be secured even by using $_POST or $_GET instead of $_REQUEST. The only advantage is they are more strict compared to $_REQUEST which is less strict, as you know where your inputs are coming from. What makes the script more secure is the coding and handling of it.

Regards,
Gonzo

 

ok i understand you can use both and each has security issues, but can anyone tell me why my code doesnt work, or if its correct

 

Have you tried nico's solution

 

yes i have and it still doesnt work

 

It's been nearly a week now, and it's about time we fix this.

Let's see if your host allows the mail() function at all. What output does this give you?

<?php
$firstname = $_REQUEST['firstname'] ;
$lastname = $_REQUEST['lastname'] ;
$email= $_REQUEST['email'] ;
$comments= $_REQUEST['comments'] ;

$message = htmlspecialchars("{$firstname}, {$lastname} ({$email})\n\n{$comments}");

echo mail
(
    "........@hotmail.co.uk",
    "Feedback Form Results",
    $message,
    "From: " . preg_replace('~[^\w-\.@\+]+~', null, $email)
)
    ? 'Mail sent'
    : 'Error sending mail';

?>

PHP:

 

this gives me a blank page thats says mail sent, but no e-mail is sent to my e-mail destination