[thelist] More PHP Contact form trouble

Joost van Velzen joost at nr6.nl
Tue Jun 5 02:07:33 CDT 2007

> $headers =    "From: $name" . "\r\n" .
>             "Reply-To: $email" . "\r\n" .

Where did you set $name and $email? 

Do you have front-end (javascript) validation on  your form? Try to:
a-z]{2,6})$~i", $_POST['email'])) {
  // valid email address, we have a go! (so send the mail here)
  // maybe you need a check on the name variable too.



Tom Dell'Aringa wrote:
> Well I had this form working, then my client moved the site over to Yahoo!
> web hosting. I didn't think it would matter, but now the info does not get
> mailed to the recipient, although the page does not error out and goes to
> the thank you page no problem. Here is the simple code I am using to
> process:
> <?php
> $name = $_POST["name"];
> $email = $_POST["email"];
> $to      = 'myemail at gmail.com';
> $subject = 'OraTechNet Form Feedback';
> $message = $_POST['comments'];
> $headers =    "From: $name" . "\r\n" .
>             "Reply-To: $email" . "\r\n" .
>             'X-Mailer: PHP/' . phpversion();
> mail($to, $subject, $message, $headers);
> Header("Location:http://www.oratechnet.com/thank-you.php");
> ?>
> I ran phpinfo() and the server is running PHP Version 4.3.11, so I don't
> think anything is wrong with the code - does there appear to be anything
> wrong? I can take it up with their hosting support but I wanted to check
> I am missing anything obvious first. Please CC me at pixelmech at gee mail
> dot com with any answers.
> Thanks!
> Tom

Mail transfer agents are generally set up to refuse to honor "From:" headers
that don't match the actual user process that submits the mail.  The refusal
can either be a "Screw You" with a bounce, or a "I'll send it under protest,
and include the real sender From: address".

The trouble with 1) is that the bounce goes to the web server process' user,
which just throws it away.

I suggest you run a test without the "From:" header, just to see what gets

Meanwhile, you are exposing yourself to classic form spam by placing POST
variables directly into the headers argument.  You definitely need to check
those fields for \r and \n, at a minimum.

It's also possible that Yahoo! just doesn't permit form-mail (so that
like yours can't put their servers on spam blacklists).



* * Please support the community that supports you.  * *

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 

More information about the thelist mailing list