form variable in message body of email 1

[Diggum1]

I have a script that takes the form submission of a user, creates a .csv and attaches it to an email, then sends the email.

The issue I have now is that I can't get the Price variable into the message body of the email. Currently is reads, "The Price is: $price." but when I receive the email it only displays "$price", not the actual value of that field.

Entire code is below.

Any ideas?
Thank
Rick



<?php
$name = $_POST["name"];
$cred = $_POST["cred"];
$title = $_POST["title"];
$phone = $_POST["phone"];
$voice = $_POST["voice"];
$cell = $_POST["cell"];
$address = $_POST["address"];
$fax = $_POST["fax"];
$email = $_POST["email"];
$company = $_POST["company"];
$price = $_POST["price"];


$cr = "\n";
$csvdata = "Name" . ',' . "Credentials" . ',' ."Title" . ',' ."Company Name" . ',' ."Company Address" . ',' ."City State Zip" . ',' ."Telephone" . ',' ."Voicemail" . ',' ."Cell" . ',' ."Fax" . ',' ."Email" . ',' .$cr;
$csvdata .= $name . ',' . $cred . ',' . $title . ',' . $company . ',' .$comaddress . ',' .$address . ',' .$phone . ',' .$voice . ',' .$cell . ',' .$fax . ',' .$email . ',' .$cr;

$thisfile = "$name.csv";

$encoded = chunk_split(base64_encode($csvdata));

// create the email and send it off

$toemail = "rk@abc.com";
$subject = "Business Card Submission from $name";
$from = "tg@abc.com";
$headers = 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-Type: multipart/mixed;
boundary="----=_NextPart_001_0011_1234ABCD.4321FDAC"' . "\n";


$message = '

This is a multi-part message in MIME format.

------=_NextPart_001_0011_1234ABCD.4321FDAC
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

The Price is: $price.


------=_NextPart_001_0011_1234ABCD.4321FDAC
Content-Type: application/octet-stream; name="';

$message .= "$thisfile";
$message .= '"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="';
$message .= "$thisfile";
$message .= '"

';
$message .= "$encoded";

$message .= '

------=_NextPart_001_0011_1234ABCD.4321FDAC--

';

// now send the email
mail($toemail, $subject, $message, $headers, "-f$from");
echo("Thank you for your submission. Your order has been received.");

?>

 

[jpadie]

that's because you have used a variable within single quotes, and they are not expanded within single quotes. the path of least resistance here is to break out of the string, concatenate the variable and then got back to the string.

The Price is: ' . $price . '.

 

[Diggum1]

Not quite sure how to do that...like this?

$message .= "$price";

 

[vacunita]

No, just the way he did:

$message = '

This is a multi-part message in MIME format.

------=_NextPart_001_0011_1234ABCD.4321FDAC
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: 7bit

The Price is:[red]' . $price . '[/red].


------=_NextPart_001_0011_1234ABCD.4321FDAC
Content-Type: application/octet-stream;  name="';

$message .= "$thisfile";
$message .= '"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="';
$message .= "$thisfile";
$message .= '"

';
$message .= "$encoded";

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[Diggum1]

ah great, thanks, appreciate it!

 

[bezking]

By the way, you really should do some checking on those variables - the way you have it set up a user could inject their own SQL into the query. Try addslashes() and stripslashes().

 

[jpadie]

I agree. Although in fact there is no SQL in this example. it's a mailer.and the way that the headers and the message body are constructed in the script and the $to variables being hard coded, makes this unlikely to be abused.