Strange Result With HTML contact/mail Form Using PHP File

Question

I have a problem getting the data from my mail form being sent correctly in an email. It does something strange with the email message.

Original form message:

Enter Name: Fake Name
Enter Email Address: fake.name@doesnotexist.com
Enter Message: Email test number 4(four).

Submit
_____________________________________________

The email message I received:

From: <fake.name@doesnotexist.com>
Subject: <New Form submission>
Reply to: <warnerheston@sungraffix.net>
To: Me <web289portfolio@sungraffix.net>
_____________________________________________

You have received a new message from the user Fake Name.
Here is the message:
Email test number 4(four).web289portfolio@sungraffix.net
_____________________________________________

The email in the message body is "(four).web289portfolio@sungraffix.net" and is underlined/hyperlinked... STRANGE!!

IT IS NOT SUPPOSED TO HAVE ANY EMAIL ADDRESS IN THE MESSAGE BODY AT ALL. THE USER DID NOT TYPE AN EMAIL ADDRESS AT THE END OF THE MESSAGE. SOMEHOW, THE PHP CODE IS DROPPING THE DESTINATION EMAIL ADDRESS INTO THE MESSAGE BODY AND ATTACHING THE LAST "WORD" OF THE USER'S MESSAGE TO THAT EMAIL ADRESS WHEN IT SENDS IT.

Can someone tell me what I am doing wrong?

<?php
if(!isset($_POST['submit']))
{
    //This page should not be accessed directly. Need to submit the form.
    echo "error; you need to submit the form!";
}
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];



//Validate first
if(empty($name)||empty($visitor_email)||empty($message)) 
{
    header('Location: contact-form-incomplete.html');
    exit;
}

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}

$email_from = $_POST['email']; //<== update the email address
$email_subject = "New Form submission";
$email_body = "You have received a new message from the user $name.\n".
    "Here is the message:\n $message".

$to = "web289portfolio@sungraffix.net";//<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: contact-thankyou.html');


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}

?> 

This is the HTML Form:

<form method="post" name="myemailform" action="form-to-email.php">
        <p>
            <label for='name'><span class='form'>Enter Name:</span></label><br>
            <input type="text" name="name" size="36">
        </p>
        <p>
            <label for='email'><span class='form'>Enter Email Address:</span></label><br>
            <input type="email" name="email" size="36">
        </p>
        <p>
            <label for='message'><span class='form'>Enter Message:</span></label> <br>
            <textarea name="message" cols='48' rows='9' maxlength='300'></textarea>
        </p>
    <input type="submit" name='submit' value="submit">&nbsp;&nbsp;&nbsp;<input type="reset">
</form>

Answer 1

Look carefully at your code on $email_body , you actually concatenate the $email_body with $to . the concatenation . at the end of your $email_body should be ; .