Problem with the From mail header not working

Posted on 2011-10-25
Last Modified: 2012-05-12

I have this a feedback form go to my helpdesk. The back end code that makes it tick is attached.

I have it pipe into my helpdesk, and I get this error from my helpdesk, an dit does not parse: FROM header does not contain a valid email address.

I've set the from as a specific email address.

Any ideas?

 $return_arr = array();

if( !isset($_POST['message']) || trim($_POST['message'])=="")


// echo "{'errors': [{'field': 'message','error': 'This field is required.'}], 'success': false}";

 $return_arr["errors"]=array(array('field'=>'message','error'=>'This field is required.'));

 $return_arr["success"]= false;

 echo json_encode($return_arr);

 return ;


 else if(!isset($_POST['email']) || trim($_POST['email'])=="")


    // echo "{'errors': [{'field': 'email', 'error': 'Enter a valid e-mail address.'}], 'success': false}";

     $return_arr["errors"]=array(array('field'=>'email','error'=>'This field is required.'));

	 $return_arr["success"]= false;

	 echo json_encode($return_arr);





$to = '';

$server = '';

$subject = 'Feedback: ' .$_POST['webid'];

$from = $_POST['email'];


$edate= $_POST['edate'];














$message ="<table border='0' >".	  

	  "<tr><td>Email Address:</td><td>$from</td></tr>".

	  "<tr><td>Web ID:</td><td>$webid</td></tr>".

	  "<tr><td>Event Date:</td><td>$edate</td></tr>".

	  "<tr><td>Comments / Suggestions:</td><td>$msg</td></tr>".

	  "<tr><td>Easy To Use:</td><td>$rate1</td></tr>".

	  "<tr><td>Loading Speed:</td><td>$rate2</td></tr>".
	  "<tr><td>IP Address:</td><td>$IP</td></tr>".


if(mail($to, $subject, $message, "From: $server \r\nContent-type: text/html\r\n"))


  $return_arr["success"]= true;

  echo json_encode($return_arr);	 




	  $return_arr["success"]= false;

  echo json_encode($return_arr);	 



Open in new window

Question by:Computer Guy
    LVL 20

    Expert Comment

    by:Mark Brady
    Try testing ALL the posted data to make 100% CERTAIN that those fields are being sent correctly. Here's how you do it.

    In your php script that accepts/processes the form data, place this line of code then run the script after filling out the form.

    // leave all of your existing variable setups like $firname = $_POST['first'] and stuff like that in here.
    // then this code...


    That will print out every value sent to your form so you can check it and see where the problem is.

    Don't forget in your form you need to addslashes to the user input data for several reason but the main one is "security". You can be hacked very easily with your code (no protection again sql injection).

    $msg=$_POST['message'];     // should be

    $msg = addslashes($_POST['message']);

    Then you can put the data into the database of whatever you want. When you recall if from the database you do this...
    // the usual way
    $username = $row['username']; // etc... retrieving from database.

    // the safe way

    $username = stripslahes($row['username']);

    Or even better in my opinion is mysql_real_escape_string()

    If you have a current mysql connection open you should use this method.

    $firstname = mysql_real_escape_string($_POST['firstname']);

    There you have it, basic security.

    The other problem you have and is more than likely the culprit for why your code is not working is you have not "escaped" the users data as stated above so if a user was to add any quotes or ' marks then it would break the posted data and not display correctly.

    Consider this.

    $message = 'This is a message. It's a very short one.';

    Now try to post that message to a script and either enter it into a mysql table or echo it back to the screen and see what happens.

    The message will be read as 'This is a message. It'   - that is where it ends because it stops at the single quote mark.

    You must escape the quotes like this

    $message = "This is another message. It\'s a very short one and it\'s been escaped with backslashes.";

    Now you can save this to a database or echo it to a screen but before you display it, you need to run "stripslashes($message)" on it.
    LVL 107

    Accepted Solution

    Without inspecting your unique PHP installation we cannot be sure whether or not you have "magic quotes" so you may be getting the escape characters.  But you might want to read this article and understand the issue associated with magic quotes, since (like "register globals") they are going away.

    But that said, as I follow the $server variable through the code, it looks like the code is correct to me.  This variable is set on line 49 and used on line 109.  So the problem may be in the helpdesk software.  It may be looking for some special criteria surrounding the From address.  I think I would look there first.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Accessibility and Usability are two concepts that seem to be closely related.  But, too many people seem to have a distorted perception of them. During last five years, those two words have come to the day-to-day work of almost every web develope‚Ķ
    Read about why website design really matters in today's demanding market.
    This video teaches users how to migrate an existing Wordpress website to a new domain.
    The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now