Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING

clairedavis

I have an error:

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/sites/trainingonsite.co.uk/public_html/sendmail.php on line 16 in the following PHP code:

<?php

foreach ($_POST as $key => $value)
{
	if ($key == "submit") continue;

	if ($value = "") {
		echo "<script>alert('Please fill all form fields'); href.location = 'history.back()';</script>";
		die();
	}

	$message = $key.":".$value."\r\n";
}


mail('example@example.com',*'Form filled at CTS: '.$_POST['course'],*$message);

Please help me? Thanks in advance!

djjjozsi

You put jokers in the mail() parameters

While you list the value=>key you did not add the message variable.

If you did not fill for example the 5th textfield, that value won't be send with the form! that's why your
logic is not a good idea.

You should use header ?

And please use the [ php][/code] BB tags around your php codes.

<?php
if ( isset( $_POST["submit"] ) )
{
		$message = '';
		foreach ( $_POST as $key => $value )
		{
				if ( $key == "submit" ) continue;

			if ( $value = "" )
			{
					echo "<script>alert('Please fill all form fields'); href.location = 'history.back()';</script>";
					die();
			} 

			$message .= "$key:$value\r\n";
	} 
	$headers = 'MIME-Version: 1.0' . "\r\n";
	$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
	// Additional headers
	$headers .= "From: SOMEBODY <{$_POST["mail"]}>";

	$subject = 'Form filled at CTS: ' . $_POST['course'];
	mail( 'example@example.com', $subject, $message , $headers ) or die( "error while mail send" );
} 

?>

clairedavis

So sorry, I do apologise! Thanks very much for your help, will give it a go. I know nothing about PHP - been given this by a colleague to do!

clairedavis

Oh dear, now when I submit the form it comes across blank, saying there is no data in the form? Sorry to be so useless with PHP :-(

bradgrafelman

This if() statement:

if ( $value = "" )

doesn't do what you (probably) think it does; you're telling PHP to set the value of $value equal to "". I believe you meant to use the comparison operator, ==, perhaps?

EDIT: Also, why are you outputting Javascript code? If you really want to use Javascript code, then use the full benefit of Javascript - do the value checks on the client-side before the form is submitted. Since standard security practice dictates that Javascript/client-side scripting can never be trusted, however, you should also leave the duplicate check in your PHP code.

EDIT2: Also, allowing the From header to be specified by user-input (e.g. the user's e-mail address) is a very bad practice; it will most likely get you labeled as an open relay and blocked by many SMTP servers and/or RBLs. The From header should always be a valid e-mail address at your domain; if you want to incorporate the user's e-mail address, do so in a "Reply-To:" header instead.