Here is the code

Here is the code

am 10.09.2007 07:57:53 von John

class="cssform" action="">















Morning:

Afternoon:

Night


















Re: Here is the code

am 10.09.2007 08:59:42 von Lammi

i assume you wanna get the form via email? thescript below will give
you a text-formatted email, listing all fields and the given values.


if (isset($_POST['Send']))


$to = 'you@email.com';
$subject = 'Request from Website';

$myEmail = "A new request was sent:\n";
foreach ($_POST as $key => $value)
$myEmail .= $key.". ".$value."\n";

mail ($to, $subject, $myEmail);
?>








value="" />








Morning:

Afternoon:

Night
















do some

Re: Here is the code

am 10.09.2007 10:39:31 von Robin Goodall

Lammi wrote:
> i assume you wanna get the form via email? thescript below will give
> you a text-formatted email, listing all fields and the given values.
>
> >
> if (isset($_POST['Send']))
>
>
> $to = 'you@email.com';
> $subject = 'Request from Website';
>
> $myEmail = "A new request was sent:\n";
> foreach ($_POST as $key => $value)
> $myEmail .= $key.". ".$value."\n";
>
> mail ($to, $subject, $myEmail);
> ?>
>
>


>


>
>
>


>


>
> > value="" />
>


>


>
>
>


>


>
> Morning:
>
> Afternoon:
>
> Night
>
>


>


>
>



>


>
>
>


>
>
>

>
> do some

>

You will need a { after the if and a } after the mail().

I would do some validation of the POST data before sending possibly
malicious data to myself.

Note that Lammi added name="xxx" to the input tags (you cannot use just
id="xxx" they aren't the same thing).

Also, he added a value for the action attribute of the form, though
using $_SERVER['PHP_SELF'] is no longer considered a good idea due to
XSS exploits.

Re: Here is the code

am 10.09.2007 11:08:42 von Lammi

> You will need a { after the if and a } after the mail().

of course he need, my fault. sorry.

> I would do some validation of the POST data before sending possibly
> malicious data to myself.

i would do such validation too - but john asked only for a way to
transfer the data :-)

> Also, he added a value for the action attribute of the form, though
> using $_SERVER['PHP_SELF'] is no longer considered a good idea due to
> XSS exploits.

i wouldn't realize the validation, emailing and form in one single
page, i would create a simple html-file containing the form and
nothing else, a small validation-class and a class to create the
email. it's never a good idea to mix html- and php-code i think.

Re: Here is the code

am 10.09.2007 18:21:57 von John

>>> I would do some validation of the POST data before sending possibly
malicious data to myself.



Can you write out how I would do validation in the code?


Thanks for all of the help so far.




Also I tried this and named it mail.php:



if (isset($_POST['Send']))
{

$to = 'primster7@gmail.com';
$subject = 'Request from Website';

$myEmail = "A new request was sent:\n";
foreach ($_POST as $key => $value)
$myEmail .= $key.". ".$value."\n";

mail ($to, $subject, $myEmail);
}
?>


with the } line but it didn't send me the email.



I have this for the form:



class="cssform" action="mail.php" method="post">















Morning:

Afternoon:

Night
















Re: Here is the code

am 11.09.2007 07:35:53 von Lammi

you need to add a "name='xxxxx'" to every form-field, as i did in my
example.
does the script run on windows or *nix? if on windows, you need to
add the mailserver-information to php.ini.

to validate the form-data you've only to do things like strip_tags,
addslashes, check for forbidden signs.