views:

50

answers:

3

OK, so I have this undefined index error occurring when I'm defining some variables to be used in a email contact form in PHP.

Here is my script (email address omitted for privacy sake:

<?php
  $to = "[email protected]";
  $subject = "Aquadual Contact Form Message";
  $email = $_REQUEST['email'];
  $message = $_REQUEST['message'];
  mail($to,$subject,$message,"From: $email" );
?>

And here is my HTML form:

<form method="post" action="sendmail.php">
  Email: <input name="email" type="text" /><br />
  Message:<br />
  <textarea name="message" rows="15" cols="40">
  </textarea><br />
  <input type="submit" />
</form>

There are two notices, occurring on the following two lines:

$email = $_REQUEST['email'];
$message = $_REQUEST['message'];
+3  A: 

The $_REQUEST array doesn't contain one of those indexes.

It's like having $arr = array('one', 'two', 'three'); echo $arr['four'];.

$arr['four'] doesn't exist therefore it will throw a Notice.

As for the $_REQUEST array, be sure you are sending those indexes (email and message) to the php script as either GET, POST or COOKIE.

Luca Matteis
So, what exactly do I need to change in the above script?
BOSS
+2  A: 

You could wrap your $_REQUEST in something like

if(isset($_POST['email']) && isset($_POST['message']))
{
  $to = "[email protected]";
  $subject = "Aquadual Contact Form Message";
  $email = $_POST['email'];
  $message = $_POST['message'];
  mail($to,$subject,$message,"From: $email" );

}

I wouldn't use $_REQUEST by the way. you snag all $_GET, $_POST, $_SESSION and $_COOKIE with that and if you have a conflict it may choose the wrong one. ie: $_POST['email'] is set as well as $_SESSION['email']. You may send the wrong person an email.

Per request - this is a way to return the user after mail:

<?php // this is assumed to be sendmail.php
    $message = array();

    if(isset($_POST['email']) && isset($_POST['message']))
    {
      $to = "[email protected]";
      $subject = "Aquadual Contact Form Message";
      $email = $_POST['email'];
      $message = $_POST['message'];
      if(mail($to,$subject,$message,"From: $email" ))
          $message = array(true, 'Thank you for your message.');
      else
          $message = array(false, 'Email failed. Please try again.');
    }

    if(!empty($message))
    {
         if($message[0] === true)
             echo '<span style="color:green;">'.$message[1].'</span>';
         else
             echo '<span style="color:red;">'.$message[1].'</span>';

    }
?>
html form here

I would probably suggest setting the message and form to a session variable so the user can't send more than 3 messages per session - to avoid spamming. Something like:

<?php
    session_start();
    if(!$_SESSION['count'])
        $_SESSION['count'] = 0;

    if(isset($_POST['email']) && isset($_POST['message']) && $_SESSION['count'] < 4)
    {
         $to = "[email protected]";
         $subject = "Aquadual Contact Form Message";
         $email = $_POST['email'];
         $message = $_POST['message'];
         if(mail($to,$subject,$message,"From: $email" ))
         {
             $_SESSION['count'] = $_SESSION['count'] + 1;
             $message = array(true, 'Thank you for your message.');
         }
         else
             $message = array(false, 'Email failed. Please try again.');

    }

    if(!empty($message))
    {
         if($message[0] === true)
             echo '<span style="color:green;">'.$message[1].'</span>';
         else
             echo '<span style="color:red;">'.$message[1].'</span>';

    }
?>

Hope it helps

Kai Qing
Thanks for the post, just for usability concerns, what should the loaded "success" page look like? Should it just have a statement saying that your message has been sent successfully, with a link back to the contact.php page?
BOSS
Well, that's up to you to decide the flow of your site, but in general it is a good idea to return people to the page they were on with a success message. This can get complicated, so I'll edit my answer with a basic method for doing so...
Kai Qing
+1  A: 

Add this on top of your script

$errata = ini_get('error_reporting');
error_reporting($errata ^ E_NOTICE); // hide 'HARMLESS' PHP Notices 

or if you want to hide error reporting try this

error_reporting(0);

Also it is a good practice to handle variables with conditions, and use $_POST[] instead of $_REQUEST[] for added security.

//check that $_POST['foo'] exists 
if (isset($_POST['foo'])) { 
    //$_POST['foo'] exists 
    $foo = $_POST['foo']; //we might perform input validation here 
} else { 
    //$_POST['foo'] does not exist 
    $foo = ''; //assign a default value 
} 

//use $foo 
echo $foo;

Better yet is use form validation on your page before submitting the form.

Mark Guadalupe