actually that’s not making a difference here. the difference between ‘string1’ and “string2” is that php will handle things like \n specially in string2 but not in string1. also string1 can contain double quotes without escaping them with a backslash and string2 can do the same with single quotes.
the reason cpwr49’s script works in php4 is that register_globals is on there (which i hear is a security risk, even though i don’t understand why). so everything like $name and $email are empty. as silkrooster started to explain, $name should probably be $_POST[‘name’] instead, assuming your form uses method=“post” like an e-mail form should. if you’re not expecting $to to come from the form, just use = instead of .= since you don’t need to append onto an already empty string.
as Atropos7 mentioned, this script is very insecure as someone can pass in data with line breaks in the subject field and add more e-mail addresses in the to/cc/bcc fields of the e-mail that gets sent. my understanding is you can prevent that by stripping line breaks from the subject field or just aborting the script if there are line breaks in the subject field.
get and post actually have meaning besides that one sends the data as part of the url and the other sends it a way that doesn’t show up in the url. get means you’re asking the web server to get certain information for you, while post means you are giving information to the webserver. so get is appropriate for a search form (asking the webserver to get information that matches your search criteria), while post is appropriate for an e-mail form (giving the webserver your message, which you then expect it to do something with).
track7 - my dream-hosted site