CODEWITHSUNDEEP
php
user1098813
user1098813

Reputation: 41

Old PHP code reason for not working?

Thanks everyone who answered my recent related question here, all the answers helped and it has given me progress, and a bit of education. I do not know how long ago the original author wrote the code so there might be archaic ways in amongst there.

Carrying on further would similar principles apply for later in the code where the form captures some user input and assigns a variable name such as $dateofbirth below and is used later in an email to the owner? In other words at the moment the date of birth and other fields are not being included in the email

<p>Date of Birth <i>(dd/mm/yyyy)</i><br /><input name="dateofbirth" value="<? echo $dateofbirth;?>" type="text" style="width: 350px;" /></p>


<p><br /><input type="hidden" name="service" value="<?
echo $service;
?>" />

<input type="hidden" name="p" value="<?
echo $p;
?>" />
<input type="submit" value="Order now" /></p>
</form>

The sending email code is here

$emailtext = "From: " . $clientname . "\r\n";
$emailtext .= "Service ordered: " . $service . "\r\n";
$emailtext .= "Price to pay: £" . $p . "\r\n";
$emailtext .= "Date of birth: " . $dateofbirth . "\r\n";
$emailtext .= "Questions:\r\n\r\n" . $questions . "\r\n\r\n";
$emailtext .= "Comments:\r\n\r\n" . $comments . "\r\n\r\n";
$emailtext .= $email;

In summary, is the code above old, archaic, unsupported and in need of modernising to make it work?

Thanks.

Upvotes: 0

Views: 124

Answers (1)

Rylab
Rylab

Reputation: 1295

Yes, the above code would have only worked as-is, if the PHP configuration option register_globals was turned on. Enabling this PHP option is HIGHLY INSECURE and not recommended at all. You simply need to replace all of the variables in the email template with the actual $_POST array values:

$emailtext = "From: " . $_POST['clientname'] . "\r\n";
$emailtext .= "Service ordered: " . $_POST['service'] . "\r\n";
$emailtext .= "Price to pay: £" . $_POST['p'] . "\r\n";
$emailtext .= "Date of birth: " . $_POST['dateofbirth'] . "\r\n";
$emailtext .= "Questions:\r\n\r\n" . $_POST['questions'] . "\r\n\r\n";
$emailtext .= "Comments:\r\n\r\n" . $_POST['comments'] . "\r\n\r\n";
$emailtext .= $_POST['email'];

I am assuming all these variables were sent through the form in this modified code. Any variables that are set in the processing function above these lines, do not need to be converted as above.

Upvotes: 1

Related Questions