Greetings!

I am not new to web applications, but I just started learning PHP syntax this morning.

I had to help a friend today with a PHP survey and I'm trying to make sure I follow "best practices".

I created the form and the script that mails it out. The Mail works as intended, sends to the appropriate places, redirects, etc, but there is a TON of whitespace in the message body.

I have tried removing \n, tried str_replace( "\n", "\r\n", $message), and a few other things trying to get it to work, but no matter what I do, there is WAY too much white space on the "other side".

If I output the contents of $message in a string using a PRE tag, I am able to reproduce it, but without that PRE formatting, it's just one long string.

My other question is: where can I find information about the best way to prevent form spamming in PHP? I found several instances of avoiding injections, but I'm not sure this applies as I'm not having them enter an e-mail address as it's just a survey.

Any pointers would be greatly appreciated!

TIA!
Sunshine

<?php

$RnB_Soul=($_POST['RnB_Soul'])?"RnB Soul":"";
$Blues=($_POST['Blues'])?"Blues":"";
$Rock=($_POST['Rock'])?"Rock":"";
$Reggae=($_POST['Reggae'])?"Reggae":"";
$Heavy_Metal=($_POST['Heavy_Metal'])?"Heavy Metal":"";
$Country=($_POST['Country'])?"Country":"";
$Classical=($_POST['Classical'])?"Classical":"";
$Jazz=($_POST['Jazz'])?"Jazz":"";
$Gospel=($_POST['Gospel'])?"Gospel":"";


$musictypes="\n$RnB_Soul\n$Blues\n$Rock\n$Reggae\n$Heavy_Metal\n$Country\n$Classical\n$Jazz\n$Gospel\n$Contemporary_Christian\n$Praise_and_Worship";


$Contemporary_Christian=($_POST['Contemporary_Christian'])?"Contemporary Christian":"";
$Praise_and_Worship=($_POST['Praise_and_Worship'])?"Praise and Worship":"";
$Contemporary_Gospel=($_POST['Contemporary_Gospel'])?"Contemporary Gospel":"";
$Christian_Rap_=($_POST['Christian_Rap_'])?"Christian Rap":"";
$Contemporary_Praise_and_Worship=($_POST['Contemporary_Praise_and_Worship'])?"Contemporary Praise and Worship":"";
$Spirituals=($_POST['Spirituals'])?"Spirituals":"";
$Christian_Jazz=($_POST['Christian_Jazz'])?"Christian Jazz":"";
$Traditional_Hymns=($_POST['Traditional_Hymns'])?"Traditional Hymns":"";


$musicstyles="\n$Contemporary_Christian\n$Praise_and_Worship\n$Contemporary_Praise_and_Worship\n$Contemporary_Gospel\n$Christian_Rap_\n$Christian_Jazz\n$Spirituals\n$Traditional_Hymns";


$Favorite_Artists = $_POST["Favorite_Artists"];

$TimePreference = $_POST["TimePreference"];
$TimePreferenceOther = $_POST["TimePreferenceOther"];


$message = "Favorite Music Types:
$musictypes
What Are Your Preferences of Musical Styles In Worship?
$musicstyles
Who Are Your Favorite Musical Artists?
$Favorite_Artists


What time would you prefer to go to church?\n
$TimePreference\n

Other:\n
$TimePreferenceOther\n

";
$to = "myAddress@MyDomain.com";
$subject = "Web site Survey results";
$headers = "From: website@theirdomain.com\r\n" .
           "CC: anotheraddress@yetanotherdomain.com\r\n" .
    "X-Mailer: php";
if (mail($to, $subject, $message, $headers)) {
  header( "Location: http://www.domaintoredirect.org/thanks.html" );
 } else {
  echo("<p>Message delivery failed...</p>");
 }

?>

(Changed CODE tags to PHP tags -- NogDog)

    SunshineFreedom wrote:

    - The Mail works as intended, sends to the appropriate places, redirects, etc,
    - but there is a TON of whitespace in the message body.

    • If I output the contents of $message in a string using a PRE tag, I am able to reproduce it,
    • but without that PRE formatting, it's just one long string.

    My other question is:
    - the best way to prevent form spamming in PHP?
    I found several instances of avoiding injections, but I'm not sure this applies as
    I'm not having them enter an e-mail address as it's just a survey.

    You think you can copy and paste from an email you received, with 'tons of whitespaces'.
    Use 'code' tags around it.
    I like to see what it looks like.
    Maybe you mean that there are many EMPTY LINES.

    I see some are replacing every "\r" with "" = removing this char from mail message.

    regars 🙂
    halojoy

      halojoy wrote:

      You think you can copy and paste from an email you received, with 'tons of whitespaces'.
      Use 'code' tags around it.
      I like to see what it looks like.
      Maybe you mean that there are many EMPTY LINES.

      I see some are replacing every "\r" with "" = removing this char from mail message.

      Here is a direct paste from the e-mail I receive. It has a few more fields in it than I included in my example here, but I left them in to show how many lines were being added. Also, I understand why there is so much space for the first 2 question/answers because those are check boxes and if there is no value, an LF is still being returned by \ n between each list item.

      Favorite Music Types:


RnB Soul











What Are Your Preferences of Musical Styles In Worship?




Contemporary Praise and Worship






Who Are Your Favorite Musical Artists?

sdfsdf



What time would you prefer to go to church?


9:00 am




Other:







Ideally, how long should worship last?


1 hour 15 minutes




If other, please explain:


sdfsdf




What is most important for you when choosing a church?


Children and Youth Ministry




If other, please explain:


sdf




What worship style do you prefer?


Traditional




How often do you attend church?


On Holidays

      Thanks for your help!
      Sunshine

        Assuming you want to send plain text email, you might see if it helps to add this to your mail headers:

        $headers = "MIME-Version: 1.0\r\n" .
           "Content-type: text/plain; charset=iso-8859-1\r\n" .
           "From: website@theirdomain.com\r\n" .
           "CC: anotheraddress@yetanotherdomain.com\r\n" .
           "X-Mailer: php";

        Not sure if it will make a difference, but it shouldn't hurt, at least.

          NogDog wrote:

          Assuming you want to send plain text email, you might see if it helps to add this to your mail headers:

          $headers = "MIME-Version: 1.0\r\n" .
           "Content-type: text/plain; charset=iso-8859-1\r\n" .
           "From: website@theirdomain.com\r\n" .
           "CC: anotheraddress@yetanotherdomain.com\r\n" .
           "X-Mailer: php";

          Not sure if it will make a difference, but it shouldn't hurt, at least.

          Thank you! It didn't help much this time, but that's good information that I had not seen before. 🙂

            My latest guess is that your mail server is automatically converting any "\n" in the message to "\r\n". When I tried a test mail() to myself using "\r\n" for line breaks, my Thunderbird mail client interprets that as two consecutive line breaks. Unfortunately, I don't know of any simple work-around (other than sending HTML email instead of plain text).

              Write a Reply...