PHP help - turning a variable into non-html text

[konerboy]

hey guys i have a problem here i borrowed a email system from a tutorial but whenever i get the mails the text variables isn't converted so i basicly get a message, with the subject: message from $strname, with a message that reads: $straddress, is there anyone here that can make the subject be the actual name and make the mail contain the right comment?

Html if needed

Spoiler

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<title>Untitled Document</title>
</head>

<body style="padding:3px; margin:0px;" bgcolor="#FFFFFF">
<table cellpadding="0" cellspacing="0" border="0" width="440">

<tr><td style="height:10px"></td></tr>
<tr>
<td colspan="2" style="text-align:justify; line-height:15px;" class="body">

<form name="frm" method="POST" action="careersuccess2.php" enctype="multipart/form-data">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>

<td width="183px" height="23px" class="body">name</td></tr>
<tr>
<td width="74%"><input type="text" name="strname" class="textfield"></td>
</tr>
<tr><td style="height:3px"></td></tr>
<tr>
<td width="224px" height="21px" class="body">comment</td></tr>
<tr>
<td width="74%"><textarea cols="16" name="straddress"></textfield></td>
</tr>
<tr><td style="height:10px"></td></tr>
<tr>
<td colspan="3" align="center">
<input type="submit" value="Send" name="submit" onClick="return validate();"> <input type="reset" value="Reset" name="reset">
</td>
</tr>

</table>

</body>
</html>

Php

Spoiler

<?php

$strname=ucfirst($_REQUEST["strname"]);
$straddress=ucfirst($_REQUEST["straddress"]);
$strcity=ucfirst($_REQUEST["strcity"]);
$strstate=ucfirst($_REQUEST["strstate"]);

$stremail=$_REQUEST["stremail"];
$strcomments=ucfirst($_REQUEST["strcomments"]);







$message= '

$straddress.


';

// MAIL SUBJECT

$subject = " message from $strname ";

// TO MAIL ADDRESS


$to="[email protected]";

/*
// MAIL HEADERS

$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "From: Name <[email protected]>\n";

*/



// MAIL HEADERS with attachment

$num = md5(time());

//Normal headers

$headers = "From: Name<[email protected]>\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: multipart/mixed; ";
$headers .= "boundary=".$num."\r\n";
$headers .= "--$num\r\n";

// This two steps to help avoid spam

$headers .= "Message-ID: <".$now." TheSystem@".$_SERVER['SERVER_NAME'].">\r\n";
$headers .= "X-Mailer: PHP v".phpversion()."\r\n";

// With message

$headers .= "Content-Type: text/html; charset=iso-8859-1\r\n";
$headers .= "Content-Transfer-Encoding: 8bit\r\n";
$headers .= "".$message."\n";
$headers .= "--".$num."\n";





// SEND MAIL

@mail($to, $subject, $message, $headers);

?>

can this be fixed or do i need MySql or w/e to do this?

 

[monoVertex]

Where did you learn php from?

$subject = ' message from $strname ';

Should be

$subject = " message from $strname ";
or
$subject = " message from ".$strname;

Same for the others. Stop putting variables directly inside "". It's more comfortable, but it can lead to such problems.

. is a concatenation operator for strings. Put actual text inside "" and variables outside it.

Example:

echo "Hello " . $guest_name . "!";

 

[enouwee]

You have to validate the user input. Any user-provided data must not contain any linebreaks, otherwise your script will be used to spam whatever a malicious user gets paid for.

Otherwise, I'll submit a subject like " --- BUY VIAGRA NOW!!!\nTo: [long list of email addresses\n[my other mail content...]".

If you'd like to send email using PHP, use the PEAR packages Mail and Mail_Mime.

While we're at it, don't use $_REQUEST, but either $_GET or $_POST, whatever you're expecting in your form. It's much safer than a magic array that's a mix of cookie content and HTTP headers.

 

[phyrex1an]

Read this before putting that script live, then read it again.

Variables inside ' ' isn't substituted for their value like when you are using " ".

Edit: I really thought I would steal this one from enouwee, apparently I was wrong

 

[konerboy]

ok it worked now. now another thing.

how can i make the "stradress" and "strname" appear next to each other in the $message?

i've tried echo ad other things but they've just been giving trouble

 

[UndeadDragon]

$message= $stradress . $strname;

might work.

 

[konerboy]

$message= "$stradress " . $strname;

worked ty guys!

 

[duyen]

If you have the quote marks there it won't work.

 

[SFilip]

> it won't work
Why not?

 

[JerseyFoo]

It'll work, but it's silly imo for just a space.

Say a $var is = to "pie"

$str = 'I like ' . $var; I like pie
$str = "I like $var"; I like pie
$str = 'I like $var'; I like $var

 

[Samuraid]

Embedding a variable in a double-quoted string is faster than concatenation, in terms of execution speed.

If you are worried about readability, just use braces {} around the variable:

$food = 'Ice cream';
$str = "I think {$food} tastes great!"; // I think Ice cream tastes great!