«

Hi Guys,
I'm building a email form in a XHTML Strict page. I want to have a drop down
selector box with 3 options in it (x,y,z for example). If x is selected I
want x to be in the subject line of the email. How can I do this? Can it be
done without Javascript?

Cheers ans TIA,

--

Paul Watt
http://www.paulwatt.info

Fleeing from the madness of the jungle
Paul Watt <> stumbled into
news:alt.html,alt.www.webmaster
and said:

> Hi Guys,
> I'm building a email form in a XHTML Strict page. I want to have a drop
> down
> selector box with 3 options in it (x,y,z for example). If x is selected I
> want x to be in the subject line of the email. How can I do this? Can it
> be
> done without Javascript?

yes - the script that processes the form makes all the decisions about
what data to use.

--
William Tasso

http://williamtasso.com/words/what-is-usenet.asp

In message <>, Paul Watt
<> writes
>I'm building a email form in a XHTML Strict page. I want to have a drop down
>selector box with 3 options in it (x,y,z for example). If x is selected I
>want x to be in the subject line of the email. How can I do this? Can it be
>done without Javascript?

Do you want to send the email using a mailto link, such as:

<a href="private.php?do=newpm&u=?subject=Email subject"> ?

Selecting the subject from a drop down menu without using a script isn't
possible.

Another thing to bear in mind is that not everyone has a default email
client set up on the computer they're using, so this sort of link may
fail.
--
Martin Jay

"Martin Jay" <> wrote in message
news:...
> In message <>, Paul Watt
> <> writes
>>I'm building a email form in a XHTML Strict page. I want to have a drop
>>down
>>selector box with 3 options in it (x,y,z for example). If x is selected I
>>want x to be in the subject line of the email. How can I do this? Can it
>>be
>>done without Javascript?
>
> Do you want to send the email using a mailto link, such as:
>
> <a href="private.php?do=newpm&u=?subject=Email subject"> ?
>
> Selecting the subject from a drop down menu without using a script isn't
> possible.
>
> Another thing to bear in mind is that not everyone has a default email
> client set up on the computer they're using, so this sort of link may
> fail.

I wasn't going to use a mailto link, proberbly a cgi or php processor

In message <>, Paul Watt
<> writes
>"Martin Jay" <> wrote in message
>news:...
>> In message <>, Paul Watt
>> <> writes
>>>I'm building a email form in a XHTML Strict page. I want to have a drop
>>>down
>>>selector box with 3 options in it (x,y,z for example). If x is selected I
>>>want x to be in the subject line of the email. How can I do this? Can it
>>>be
>>>done without Javascript?

>> Do you want to send the email using a mailto link, such as:
>>
>> <a href="private.php?do=newpm&u=?subject=Email subject"> ?
>>
>> Selecting the subject from a drop down menu without using a script isn't
>> possible.
>>
>> Another thing to bear in mind is that not everyone has a default email
>> client set up on the computer they're using, so this sort of link may
>> fail.

>I wasn't going to use a mailto link, proberbly a cgi or php processor

Okay, that's good.

So in your HTML you'll have something like the:

<select name="subject">
<option value="Subject 1" SELECTED>Subject 1</option>
<option value="Subject 2">Subject 2</option>
<option value="Subject 3">Subject 3</option>
</select>

Just POST that off to your PHP script and then use the mail command:

$subject = $_POST['subject'];

/* It's probably a good idea to include this so you don't end up with \'
and \" in the subject */

$subject = stripslashes($subject);

mail($to, $subject, $message);
--
Martin Jay

Martin Jay wrote:
> In message <>, Paul Watt
> <> writes
>
>>"Martin Jay" <> wrote in message
>>news:...
>>
>>>In message <>, Paul Watt
>>><> writes
>>>
>>>>I'm building a email form in a XHTML Strict page. I want to have a drop
>>>>down
>>>>selector box with 3 options in it (x,y,z for example). If x is selected I
>>>>want x to be in the subject line of the email. How can I do this? Can it
>>>>be
>>>>done without Javascript?
>
>
>>>Do you want to send the email using a mailto link, such as:
>>>
>>><a href="private.php?do=newpm&u=?subject=Email subject"> ?
>>>
>>>Selecting the subject from a drop down menu without using a script isn't
>>>possible.
>>>
>>>Another thing to bear in mind is that not everyone has a default email
>>>client set up on the computer they're using, so this sort of link may
>>>fail.
>
>
>>I wasn't going to use a mailto link, proberbly a cgi or php processor
>
>
> Okay, that's good.
>
> So in your HTML you'll have something like the:
>
> <select name="subject">
> <option value="Subject 1" SELECTED>Subject 1</option>
> <option value="Subject 2">Subject 2</option>
> <option value="Subject 3">Subject 3</option>
> </select>
>
> Just POST that off to your PHP script and then use the mail command:
>
> $subject = $_POST['subject'];
>
> /* It's probably a good idea to include this so you don't end up with \'
> and \" in the subject */
>
> $subject = stripslashes($subject);
>
> mail($to, $subject, $message);

Do this and you will be ripe for becoming a spam relay. At a minimum you need to
ensure there are no newline characters in the input.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

==================

In message <XMednXc->, Jerry Stuckle
<> writes
>Martin Jay wrote:
>> Okay, that's good.
>> So in your HTML you'll have something like the:
>> <select name="subject">
>> <option value="Subject 1" SELECTED>Subject 1</option>
>> <option value="Subject 2">Subject 2</option>
>> <option value="Subject 3">Subject 3</option>
>> </select>
>> Just POST that off to your PHP script and then use the mail command:
>> $subject = $_POST['subject'];
>> /* It's probably a good idea to include this so you don't end up
>>with \'
>> and \" in the subject */
>> $subject = stripslashes($subject);
>> mail($to, $subject, $message);

>Do this and you will be ripe for becoming a spam relay. At a minimum
>you need to ensure there are no newline characters in the input.

Please explain why.
--
Martin Jay

Martin Jay wrote:
> In message <XMednXc->, Jerry Stuckle
> <> writes
>
>> Martin Jay wrote:
>>
>>> Okay, that's good.
>>> So in your HTML you'll have something like the:
>>> <select name="subject">
>>> <option value="Subject 1" SELECTED>Subject 1</option>
>>> <option value="Subject 2">Subject 2</option>
>>> <option value="Subject 3">Subject 3</option>
>>> </select>
>>> Just POST that off to your PHP script and then use the mail command:
>>> $subject = $_POST['subject'];
>>> /* It's probably a good idea to include this so you don't end up
>>> with \'
>>> and \" in the subject */
>>> $subject = stripslashes($subject);
>>> mail($to, $subject, $message);
>
>
>> Do this and you will be ripe for becoming a spam relay. At a minimum
>> you need to ensure there are no newline characters in the input.
>
>
> Please explain why.


Google "Email injection" for a lot more info. But basically - the user could
enter something like:

This is a spammer subject
bcc: ,

And so on. Quit easy to do - and used by a lot of spammers. Unsecured scripts
are used by a lot of spammers. Try another search on

spam formmail

And see what pops up.




--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

==================

In message <ve-dnQNo9JQ->, Jerry Stuckle
<> writes
>Martin Jay wrote:
>> In message <XMednXc->, Jerry
>>Stuckle <> writes
>>
>>> Martin Jay wrote:
>>>
>>>> Okay, that's good.
>>>> So in your HTML you'll have something like the:
>>>> <select name="subject">
>>>> <option value="Subject 1" SELECTED>Subject 1</option>
>>>> <option value="Subject 2">Subject 2</option>
>>>> <option value="Subject 3">Subject 3</option>
>>>> </select>
>>>> Just POST that off to your PHP script and then use the mail command:
>>>> $subject = $_POST['subject'];
>>>> /* It's probably a good idea to include this so you don't end up
>>>>with \'
>>>> and \" in the subject */
>>>> $subject = stripslashes($subject);
>>>> mail($to, $subject, $message);

>>> Do this and you will be ripe for becoming a spam relay. At a minimum
>>>you need to ensure there are no newline characters in the input.
>> Please explain why.

>Google "Email injection" for a lot more info. But basically - the user
>could enter something like:
>
> This is a spammer subject
> bcc: ,
>
>And so on. Quit easy to do - and used by a lot of spammers. Unsecured
>scripts are used by a lot of spammers. Try another search on
>
> spam formmail
>
>And see what pops up.

I (think) I understand the principle, but I cannot replicate it.

The 'hack' seems to rely on email being routed by the 'to,' 'cc,' and
'bcc' fields in its header, which is isn't. Well, not until it reaches
its destination, maybe.

I emailed Paul an example script earlier. I've also uploaded it to:
<http://www.spam-free.org.uk/pages/email_test.php>.

I would be interested to see how the spamming technique you mention can
be used with it. I have changed the form method from POST to GET to
make it easier to 'hack.'
--
Martin Jay

Martin Jay wrote:
> In message <ve-dnQNo9JQ->, Jerry Stuckle
> <> writes
>
>> Martin Jay wrote:
>>
>>> In message <XMednXc->, Jerry
>>> Stuckle <> writes
>>>
>>>> Martin Jay wrote:
>>>>
>>>>> Okay, that's good.
>>>>> So in your HTML you'll have something like the:
>>>>> <select name="subject">
>>>>> <option value="Subject 1" SELECTED>Subject 1</option>
>>>>> <option value="Subject 2">Subject 2</option>
>>>>> <option value="Subject 3">Subject 3</option>
>>>>> </select>
>>>>> Just POST that off to your PHP script and then use the mail command:
>>>>> $subject = $_POST['subject'];
>>>>> /* It's probably a good idea to include this so you don't end up
>>>>> with \'
>>>>> and \" in the subject */
>>>>> $subject = stripslashes($subject);
>>>>> mail($to, $subject, $message);
>
>
>>>> Do this and you will be ripe for becoming a spam relay. At a minimum
>>>> you need to ensure there are no newline characters in the input.
>>>
>>> Please explain why.
>
>
>> Google "Email injection" for a lot more info. But basically - the
>> user could enter something like:
>>
>> This is a spammer subject
>> bcc: ,
>>
>> And so on. Quit easy to do - and used by a lot of spammers.
>> Unsecured scripts are used by a lot of spammers. Try another search on
>>
>> spam formmail
>>
>> And see what pops up.
>
>
> I (think) I understand the principle, but I cannot replicate it.
>
> The 'hack' seems to rely on email being routed by the 'to,' 'cc,' and
> 'bcc' fields in its header, which is isn't. Well, not until it reaches
> its destination, maybe.
>
> I emailed Paul an example script earlier. I've also uploaded it to:
> <http://www.spam-free.org.uk/pages/email_test.php>.
>
> I would be interested to see how the spamming technique you mention can
> be used with it. I have changed the form method from POST to GET to
> make it easier to 'hack.'

Either way. I just make a local copy of your form, edit it to add the headers I
want, and post it back to you. For instance, I place in the subject field:

This is spam
bcc:

And off it goes. The more fields I add, the more I'm sending.

Not hard at all.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

==================