E-Mail form 1

[welshspoon]

Hi

I was wondering could anybody please help. I'm new to PHP and trying to write an e-mail form.

I want the form to send the e-mail to the address on the previously viewed page (i.e. the user selects a link to email that person and it the loads the email form). However, I can get the form to work if i enter an address into the code, but when I use $To = $_GET['FEEmail'] and $output = "<a href='mail.php?FEEmail=".mysql_result($result, $i, "FEEmail")."'>E-mail: </a>";
it wont work. The address is being passed to the form so I can't see why it wont work.

 <?php
 $username1="";
 $password1="";
 $database1="";
 $host1="";
 $username = $_COOKIE['ID_my_site']; 
 $Client = stripslashes($username);
 $To = $_GET['FEEmail'];
 
 mysql_connect($host1,$username1,$password1);
 @mysql_select_db($database1) or die( "Unable to select database");
 $query="SELECT * FROM Client WHERE ClientID = $Client";
 $result=mysql_query($query);
 mysql_close();
 
	$id = mysql_result($result,$i,"ClientID");
	$first=mysql_result($result,$i,"ClientName");
	$add1=mysql_result($result,$i,"Address1");
	$add2=mysql_result($result,$i,"Address2");
	$add3=mysql_result($result,$i,"Address3");
	$Town=mysql_result($result,$i,"Town");
	$County=mysql_result($result,$i,"County");
	$postcode=mysql_result($result,$i,"Postcode");

 
 
 if (!isset($_POST["send"])){
   // no post data -> display form
   ?>
   <form method="POST" action="<?=$_SERVER['PHP_SELF'];?>">
   To:
   Subject : <input type="text" name="subject">
   Message : 
   <textarea name="message" rows="10" cols="60" lines="20"></textarea>
   <input type="submit" name="send" value="Send">
   </form>
   <? 
 }else{
   // found post data .. deal with it
   $from=$id;
   // send mail :
   if (mail($to,$_POST['subject'],$_POST['message'],"From: $from\n")){
     // display confirmation message if mail sent successfully
     echo "Your mail was sent to $to.";
 }else{
   // sending failed, display error message
    echo "Your mail could not be sent.";
   }
 }
 ?>

Thanks in advance for any help

 

[jpadie]

change this

<form method="POST" action="<?=$_SERVER['PHP_SELF'];?>">

to

<form method="POST" action="<?=$_SERVER['PHP_SELF']."?".$_GET['FEEmail']?>">

and this

if (mail($to,$_POST['subject'],$_POST['message'],"From: $from\n")){
[code]

to 

[code]
if (mail($To,$_POST['subject'],$_POST['message'],"From: $from\n")){
[code]

but your code is very insecure and appears to be usable as a mail relay system by unsavoury characters.  read up on form mailer security.

 

[welshspoon]

Thank you for your reply but it is still jumping straight to

 }else{
   // sending failed, display error message
    echo "Your mail could not be sent.";

 

[jpadie]

is $id a validly formed email?
i am assuming you have correctly configured your stmp server and or MTA for incoming connections to your webserver?

by the way, you are closing the connection to mysql before you retrieve the data. thus the mysql_result() calls will not work. delete mysql_close() and repeat the test.

 

[welshspoon]

I found the problem and solved it thanks for your help!

 

[Olavxxx]

You need to secure those variables.
They are accepting now:
XSS
mySQL Injection
Form Abuse

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster