PHP Mailer failure
January 21, 2010 7:10 AM   Subscribe

Ok so I built a PHP order form that serves a dual purpose, it can be submitted electronically and then printed out and mailed it with the actual payment. Problem is the item name isnt showing up, even though everything else is. Look here for code, Any ideas would help, I'm stuck..
posted by tropikal to Technology (7 answers total)
$message="Line 1: $qty1,$item1,$price1 \n Ship items to $shipp";

Where you define variables "$qy1=$_POST['qty1'];"

So there's a variable mismatch right there.. I'll look to see if there's anything else.
posted by tehdiplomat at 7:30 AM on January 21, 2010

Best answer: Yep, you've got a typo on the quantity, but that's not the issue.

I'd suggest you do this at the top of your script:


That'll show you all the data coming from the form, and you can check that everything's there. I suspect you've misnamed one of your form fields.
posted by le morte de bea arthur at 7:44 AM on January 21, 2010

The label tag doesn't match the input id for shipping address. Also, where's the closing form tag? (Or maybe it's there but just got cut off the example code)
posted by aguy at 7:58 AM on January 21, 2010

Oh, and it's probably not a good idea to take data from a $_POST variable and just insert it into a mail header without doing some kind of validation first. The same goes for the rest of the data - check it against what you expect: Is it numeric/a string? Is it a resonable length? And make sure you escape the data adequately for whatever you're going to do with it.
posted by le morte de bea arthur at 8:03 AM on January 21, 2010 [1 favorite]

Response by poster: @aguy the label tags haven't made any difference so far, and I only posted part of the HTML form.

@ le morte de bea arthur, Any links to where I can find out how to do that? Most of the forms Ive seen are just enter an email and send a comment I need at least a 6 item order form.
posted by tropikal at 8:12 AM on January 21, 2010

There's a ton of advice on filtering input data here.

A lot of tutorial/sample scripts are intentionally very simple; the idea is to teach you the basics of what's going on without confusing you with all the extra stuff you need to do in a real-world application.

Your order form is basically fine. You just need to do a little bit of checking to ensure that the email address looks valid, that the quantity and price are numbers, and that other fields haven't been left empty.
posted by le morte de bea arthur at 8:30 AM on January 21, 2010

Best answer: Make sure you do do that filtering. As is, your script is basically a wide-open spam relay; all anyone would have to do is enter something like this as the "from" address:

"\nTo:\nSubject: FREE V1@GRA\n\nTheir message here"

Spammers love novice developers using sample email scripts.

the label tags haven't made any difference so far

Labels have nothing to do with the serverside script. They serve two purposes: screenreaders and other assistive tech make use of them, and most web browsers use them for field focus (if you click on the label, the associated form field will pick up focus. Very handy for radio buttons etc.) Not a huge deal, but there's no reason not to fix this, since you bothered to include labels in the first place.
posted by ook at 11:20 AM on January 21, 2010 [2 favorites]

« Older Getting penalised for over-contributing to my RRSP   |   Please help me find this magazine article Newer »
This thread is closed to new comments.