Send email with php with php variables

Question

I'm using a PHP script that send email with php variables (obtained by a form using POST method). This is my code:

<?php
/* These will gather what the user has typed into the fieled. */

$nameField = $_POST['name'];
$emailField = $_POST['email'];
$questionField = $_POST['question'];

/* These are the variable that tell the subject of the email and where the email will be sent.*/

$emailSubject = 'Recupero password LightSchool';
$mailto = $_POST['email'];
$mail->From = '[email protected]';
$mail->FromName = 'Mailer';

/* This takes the information and lines it up the way you want it to be sent in the email. */

$body = '<br><hr><br> Name: '.$name.' <br> Email: '.$email.' <br> Question: '.$question.' <br>';

$headers = "From: $email\r\n"; // This takes the email and displays it as who this email is from.
$headers .= "Content-type: text/html\r\n"; // This tells the server to turn the coding into the text.
$success = mail($mailto, $emailSubject, $body, $headers); // This tells the server what to send.

?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">  
    <head>  
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
    <title>MY Studenti</title>
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>  
    <body style="background-image:url(http://studenti.lightschool.it/new/bkg.png)">  
    <div id="main">
    <h1>
    <img src="http://images.lightschool.it/logo/medium250x250.png" alt="" height="66" style="float: left; margin-right: 20px" width="62" />MY Studenti</h1>
    <p>Recupera password ti permette di recuperare la tua password, tramite 
    l'inserimento del tuo nome utente.</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <form id="form1" name="form1" method="post" action="reset-pwd.php">
<table width="455" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="175" height="44" align="center"><label for"name">name</label></td>
    <td width="280"><input name="name" type="text" id="name" size="30" />
      </td>
  </tr>
  <tr>
    <td height="45" align="center"><label for="email">email</label></td>
    <td><input name="email" type="text" id="email" size="30" /></td>
  </tr>
  <tr>
    <td height="41" align="center"><label for="question">question</label></td>
    <td><textarea name="question" cols="30" rows="5" id="question"></textarea></td>
  </tr>
  <tr>
    <td height="38">&nbsp;</td>
    <td><label>
      <input type="submit" name="Submit" id="Submit" value="Submit" />
    </label></td>
  </tr>
</table>

</form>
    </div>
    </body>
    </html>

This PHP Script run successfully, but there are the three variables (name, email and question) that they won't showing into the sended e-mail. I've tried with this also var_dump($_POST['email']); without solving. How can I solve this problem?

Thanks.

PS: I know there are a lots of this questions posted in this website and others, but nothing of these posted solution helped me.

You variables are $nameField, $emailField and $questionField and not what you declared in $body. — Mihai Iorga
– Mihai Iorga, Commented Mar 28, 2013 at 14:34
What if the person types malicious HTML code in one of your inputs? — kero
– kero, Commented Mar 28, 2013 at 14:38
@kingkero my inputs don't allow HTML code, so I think there's no problem. Anyway, what do you suggest? — user1817843
– user1817843, Commented Mar 28, 2013 at 14:45
@FrancescoSorge what do you mean by don't allow? If you write <script>alert('im a bad boy');</script> in the question textarea, you will receive an email that has this script inside. Maybe your email client already prevents this, but its better to be cautious — kero
– kero, Commented Mar 28, 2013 at 14:48

Anyone · Accepted Answer · 2013-03-28 14:37:06Z

3

Change

$nameField = $_POST['name'];
$emailField = $_POST['email'];
$questionField = $_POST['question'];

to

$name = $_POST['name'];
$email = $_POST['email'];
$question = $_POST['question'];

answered Mar 28, 2013 at 14:37

Anyone

2,8251 gold badge25 silver badges27 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

AbsoluteƵERØ · Accepted Answer · 2013-03-28 14:39:51Z

1

You're calling your Vars two different things. You want to be careful with this. If you're not filtering out anyone's email then someone could feed it a list of addresses and start sending out Spam from your box.

answered Mar 28, 2013 at 14:39

AbsoluteƵERØ

7,8892 gold badges27 silver badges35 bronze badges

3 Comments

user1817843 Over a year ago

What do you suggest to prevent this?

Anyone Over a year ago

You want to filter the user input and validate it. You can validate the email for example with: filter_var($email, FILTER_VALIDATE_EMAIL); php.net/manual/en/filter.filters.validate.php

AbsoluteƵERØ Over a year ago

You could do something simple like make sure it has one @ symbol, but not two. I've got a full write-up about the ways to stop spam on my blog from earlier this month: the-analytical.blogspot.com/2013/03/…

Collectives™ on Stack Overflow

Send email with php with php variables

2 Answers 2

Comments

3 Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

Comments

3 Comments

Your Answer

Sign up or log in

Post as a guest

Related