Home/ Questions/Q 6116761
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T15:14:36+00:00

Seriously. My hosting company says that there’s something wrong with my Php code. I’m

  • 0

Seriously. My hosting company says that there’s something wrong with my Php code. I’m not getting any errors from them, and they say it’s not my CSS. Please help.

    <?php

/* Subject and Email Variables */

    $emailSubject = 'Bookem danno!';
    $webMaster = 'info@mywebsite.com';

/* Gathering Data Variables */

    $nameField = $_POST['name'];
    $cellField = $_POST['cell'];
    $emailField = $_POST['email'];
    $dateField = $_POST['date'];
    $timeField = $_POST['time'];
    $lengthField = $_POST['length'];
    $inoutField = $_POST['inout'];
    $seenbeforeField = $_POST['seenbefore'];
    $detailsField = $_POST['details'];
    $p411Field = $_POST['p411'];
    $datecheckField = $_POST['datecheck'];
    $tobField = $_POST['tob'];
    $terField = $_POST['ter'];
    $otherField = $_POST['other'];
    $screennameField = $_POST['screenname'];
    $companyField = $_POST['company'];
    $worknoField = $_POST['workno'];
    $switchboardnoField = $_POST['switchboardno'];
    $memoField = $_POST['memo'];
    $subscribeField = $_POST['subscribe'];

    $body = <<<EOD
<br><hr><br>
Name: $name <br>
Cellphone: $cell <br>
Email: $email <br>
Date: $date <br>
Time: $time <br>
Length of appointment: $length <br>
Incall Outcall: $inout <br>
Have I seen you before: $seenbefore <br>
Details: $details <br>
P411: $p411 <br>
Datecheck: $datecheck <br>
TOB: $tob <br>
TER: $ter <br>
Other: $other <br>
Screen Name: $screenname <br>
Company: $company <br>
Direct Line: $workno <br>
Switchboard: $switchboardno <br>
Memo: $memo <br>
Subscribe Me: $subscribe <br>
EOD;

    $headers = "From: $email\r\n";
    $headers .= "Content-type: text/html\r\n";
    $success = mail($webMaster, $emailSubject, $body, $headers);

echo "$result";


?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ahem. You’re not using any of the variables you instantiated. For example, initially you say this:

    $emailField = $_POST['email'];

    And then you say this:

    $headers = "From: $email\r\n";

    There is no variable called $email. There is one called $emailField, but you’re not using that. In fact, ALL of the variables from your $_POST are getting renamed with “Field” at the end, and then you’re trying to refer to them later without the Field part. Won’t work.

    Also, You’ve got a security vulnerability in that code. Look:

    $headers = "From: $email\r\n";

    You’re assuming that $email is a nice safe value. Suppose somebody fills in your form and tells it their email address is 0wned@example.com\r\nBcc: emai1@example.net, email2@example.org, etc..., thereby causing your email server to send out hundreds or thousands of emails.

    A spammer might do it for the sake of sending spam — without having to maintain their own email server.

    A bored and malicious person might do it just for the kick of seeing your domain blacklisted as a spammer.

    An unethical corporate rival might do it to throw a monkey wrench into your ordering procedures in the hopes of driving your out of business. I am cursed with a good imagination…

    Do yourself a favor and try this:

    $email = str_replace( "\r\n", '', $_POST['email'] );

    That will strip out any potential CR/LF pairs, so that nobody can inject their own headers into your email.

    • 0