Getting emailed blank results...

Jords18K

I've created a HTML form and used PHP to get the results emailed to me but Im having problems...

I have a PHP fiile called contact.php and the code is

<?php

$email = $REQUEST['emails'] ;
$password = $REQUEST['pass'] ;

mail("MYEMAIL", "Form Results", "You have received a new message. Email: $email Password: $password");
?>

And my HTML is

<form action="contact.php"
method="post"
enctype="text/plain">
<div class="size">Email</div> <input type="text" name="emails"><br>
<div class="size">Password</div><input type="password" name="pass">
<div class="logincon"><input type="image" src="css/images/login.png" value="submit" /></div><br><br>

</form>

When I fill out the form, I get a email saying

You have received a new message. Email: Password:

The email and password isn't being displayed. Can anyone help? Thanks!

Bonesnap

When submitting a form it's usually good practice to check if you're actually getting values before trying to use them. In your case, emailing them. You can use [man]isset/man to see if $REQUEST['emails'] and $REQUEST['pass'] are set or not, and then take appropriate action if they are not. Also I would consider using $POST instead of $REQUEST especially since you have designated the form to use $POST, and keep in mind the $REQUEST superglobal is a combination of both $GET and $POST, which could possibly lead to security concerns.

Additionally I would consider using <label></label> tags for your field labels since that is their intended use (and I believe are required for passing certain standards, such as accessibility standards).

And lastly, please consider the implications of sending plain-text passwords through email.

Jords18K

Bonesnap;11043085 wrote:
When submitting a form it's usually good practice to check if you're actually getting values before trying to use them. In your case, emailing them. You can use [man]isset/man to see if $REQUEST['emails'] and $REQUEST['pass'] are set or not, and then take appropriate action if they are not. Also I would consider using $POST instead of $REQUEST especially since you have designated the form to use $POST, and keep in mind the $REQUEST superglobal is a combination of both $GET and $POST, which could possibly lead to security concerns.

Additionally I would consider using <label></label> tags for your field labels since that is their intended use (and I believe are required for passing certain standards, such as accessibility standards).

And lastly, please consider the implications of sending plain-text passwords through email.

Thanks for replying.

How would I go about using isset()?
Also I changed REQUEST to POST but I'm still not getting results.

And yeh I know LOL this isnt a form thats going to be available to the public.

Bonesnap

Check the manual (I linked it in my reply) on how to use isset(). If the variable exists and has a value other than NULL, it will return true. Otherwise it returns false. You can use that logic to take action that's appropriate to your situation.

As long as you know, though I would advise to write all your code with best practices in mind so it comes naturally when you need to.

Also try using [man]var_dump/man on your variables to see what they contain.

Jords18K

Cant edit soz, I used the isset tags and it's telling me Email is not set, how could I go about fixing this?

Bonesnap

You're using <input type="image" />. What you want is <input type="submit" />.

There's some more info here.

You can style your input button via CSS.