www.webdeveloper.com
Results 1 to 5 of 5

Thread: Extra character showing up in PHP code

  1. #1
    Join Date
    Mar 2004
    Location
    Oklahoma, USA
    Posts
    260

    Extra character showing up in PHP code

    I am trying to set up an email submit form. I have the following PHP code which produces a > character which you can see in the attached image of the received email message. Can anyone tell me what is causing this extra character and how I can remove it?

    Code:
    <?php
    // define variables and set to empty values
    $name = $email = $message = $text = "";
    
    $to = "John@Jones.net";
    $subject = "From our company website";
    
    $name = $_POST["name"];
    $email = $_POST["email"];
    $message = $_POST["message"];
    
    $text = "";
    $text  = "From Email: ";
    $text .= $email;
    $text .= "\r\n";
    $text .= "Name: ";
    $text .= $_POST["name"];
    $text .= "\r\n";
    $text .= "Message: ";
    $text .= $_POST["message"];
    
    mail($to,$subject,$text);
    ?>
    Here is a screen capture of the email I received from this code:
    email.jpg

    Lawrence
    Last edited by lkeeney; 12-27-2017 at 04:59 PM.
    Larry

  2. #2
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    5,854
    I frickin hate GOOGL BROWSER. I wrote a clear message on what you needed to do to tidy up your code, make it secure and I hit my mouse and the browser decided to go somewhere random and buggerd the message completely.

    So to do this again is going to take too long. What you need to do is stop using the $_POST inputs directly, filter_var them in to safe variables and then use the variables.

    from: $email = $_POST["email"]; to: $email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL); and doing this
    PHP Code:
    $message $_POST["message"];
    ...
    ...
    $text .= "Message: ";
    $text .= $_POST["message"]; 
    is just silly, because you declare a varible but never actually use it.

    You also need to set the proper character set, any headers and also check with your server if you have any specific markers or hash tags to use so the server knows its genuine. If your website is hosted for you, check with the web hosting company on its requirements for sending email, I can see that you have it working from the image BUT it pays to do it right so that you don't look like a dork when the web host switches things around.

    One of the criteria my host has is that the email address is real and not a catch all configuration or a forwarding email method...

    Pays to check.
    --> JavaScript Frameworks like JQuery, Angular, Node <--
    ... and please remember to wrap code with forum BBCode tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  3. #3
    Join Date
    Mar 2004
    Location
    Oklahoma, USA
    Posts
    260
    I have cleaned up my code but have the same problem. However if I put any character in front of the "F" character in the "From Email" code the ">" character disappears.

    <?php
    // define variables and set to empty values
    $name = $email = $message = $text = "";

    $to = "lawrence.keeney@lkeeney.net";
    $subject = "From our company website";

    $name = $_POST["name"];

    $email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);

    $text = "From Email:";
    $text .= $email;
    $text .= "\r\n";
    $text .= "Name: ";
    $text .= $_POST["name"];
    $text .= "\r\n";
    $text .= "Message: ";
    $text .= $_POST["message"];

    mail($to,$subject,$text);
    ?>
    Last edited by lkeeney; 12-27-2017 at 06:57 PM.
    Larry

  4. #4
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    5,854
    Nope, you aint, I gave you one example of what you need to do to all inputs and use the right FILTER_SANITIZE_ option like FILTER_SANITIZE_STRING and FILTER_SANITIZE_NUMBER_INT or FILTER_SANITIZE_URL

    If any of the filters fails to sanitize, the out put is a boolean FALSE but if it passes, the output is the string result of the filter.
    You have no word wrap which should be part of your script to ensure that the character count does not exceed the mail protocols.

    So in a nutshell, this is the most basic of all mail sending routines

    PHP Code:
    $contact filter_var$_POST['email'], FILTER_SANITIZE_EMAIL);
    $message =  "From: filter_var( $_POST['name'], FILTER_SANITIZE_STRING) . PHP_EOL;
    $message .=  "Message " . filter_var( $_POST['message'], FILTER_SANITIZE_STRING) . PHP_EOL;
    $message .=  "Date Time " . date("r", $_SERVER['REQUEST_TIME']);
    $message = wordwrap($message, 70);
    $headers = "From$contact" . PHP_EOL .
        "
    Reply-Tocontact@*******.***"  . PHP_EOL .
        "
    X-MailerPHP/" . phpversion();

    mail("
    contact@*******.***", "Email from contact form.", $message$headers); 
    ALWAYS SANITIZE and email forms are never as simple as you first think...
    --> JavaScript Frameworks like JQuery, Angular, Node <--
    ... and please remember to wrap code with forum BBCode tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  5. #5
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    22,326
    You might want to determine if it's your text that's corrupted or if the mailer on your server is doing something.

    PHP Code:
    die('<pre>'.htmlspecialchars($text).'</pre>');
    // mail($to,$subject,$text); 
    As \\.\ alludes to above, you usually need to set some "additional headers", though it's not absolutely necessary if you php.ini or other config has the correct defaults defined -- but I would hate to depend on that.

    Personally, I almost always use PHPMailer to handle emails, and let it set content-type and other headers, and other nit-picky things.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center

"

"

X vBulletin 4.2.2 Debug Information

  • Page Generation 0.18947 seconds
  • Memory Usage 2,905KB
  • Queries Executed 16 (?)
More Information
Template Usage (35):
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)bbcode_code
  • (3)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (5)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (71):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • fetch_postattach_query
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • bbcode_parse_start
  • postbit_imicons
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates