The return value of http://php.net/mail only says whether or not PHP managed to queue up the email to go out. It does *NOT* imply that the email actually went anywhere. If your server isn't running through the queues and sending the emails, they don't go out. If your server is rejecting the emails as it runs through the queue, they don't go out. If your mail reader is marking them as spam and trashing them before you see them, they went out, but you never got them. *ALSO*, and this is aboslutely crucial, if you DO get email to go out, you've just built an OPEN RELAY that will cheerfully send out MILLIONS of spam mail! DON'T DO THAT!!! The problem is that a Bad Guy can put something like this in POST['contact']: "example@xxxxxxxxxxx> victim1@xxxxxxxxxxx victim2@xxxxxxxxxxx victim3@xxxxxxxxxxx . . . victim999@xxxxxxxxxxx <example@xxxxxxxxxxx" YOUR email script will then spew the same message to 1000 users! You need to sanitize user input -- Emails and names, for example, should NOT contain newlines. On Fri, June 8, 2007 8:48 pm, Austin C wrote: > Hello, I just finished making a PHP contact form for my webite, and I > can > run through the whole thing, and get no errors, but it doesnt email me > the > form contents. > > *Here is th actual form page:* > <?php include("../header.php"); ?> > <td bgcolor="#BFC4CB"><b><font color="#333333">Contact > Me</font></b></td> > </tr> > </table> > </td> > </tr> > <tr> > <td bgcolor="#BFC4CB"> > <p> > <font color="#333333"> > Please use this form to contact me: > <p> > <br><center><form action="processcontactform.php" method="post"> > Name: <input type="text" name="name" size="20"> > <br>Email Address/Method of Contact: <input type="text" name="contact" > size="30"> > <br>Reason for Contact: <select name="reasonforcontact"> > <option value="question">Question</option> > <option value="suggestion">Suggestion</option> > <option value="gcomment">General Comment</option> > <option value="fanmail">Fan Mail</option> > <option value="other">Other</option> > </select> > <br>Message: <br><textarea name="message1" rows="10" > cols="30"></textarea> > <br><input type="submit" value="send"> > </form></center> > <?php include("../footer.php"); ?> > > *Here is the form page processor:* > <?php include("../header.php"); ?> > <td bgcolor="#BFC4CB"> > <b> > <font color="#333333">Processing your information . . > .</font></b></td> > </tr> > </table> > </td> > </tr> > <tr> > <td bgcolor="#BFC4CB"> > <p> > <font color="#333333"> > <?php > $name = $_POST['name']; > $email = $_POST['contact']; > $reason = $_POST['reasonforcontact']; > $message = $_POST['message1']; > > $to = "webmaster@xxxxxxxxxxxxxxxxxxxxxx"; > > $subject = "Contact Form Submitted at GWD-Dev"; > > $body = "Hello Austin, > > ".$name." has sent in a contact form at GWD-Dev. The reason he/she > contacted you was for ".$reason.". Here is the message they submitted > with > their form: > > > > ".$message." > > The contact field of the form contained the following information: > ".$email." > Please remember to get back to them ASAP!!"; > > $headers = "From: ".$name." <".$email.">\n"; > > > > echo "Collecting information . . . . . . . . . . DONE!<p>"; > > $mail_sent = @mail($to, $subject, $body, $headers); > > echo $mail_sent ? "<br>Sending contact form to webmaster . . . . . . > . . > DONE!<p>" : "<script>alert('The mail did not go through')</script>"; > > > echo "<br>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > . . . > . . . .<p>"; > > echo "<br>Thank you for contacting us, please expect a reply in > anywhere > from 1 to 24 hours. Make sure that our email address, > galacticneo@xxxxxxxxx& > webmaster@xxxxxxxxxxxxxxxxxxxxxx, are not sent to your spam folder."; > > > include("../footer.php"); ?> > > -- > Thanks, the webmaster of Galacticneo > -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
