I'm trying to figure out why my sanitize filter don't work. When entering an email with incorrect characters, it displays the email with incorrect characters. I would have thought it will strip out incorrect characters and only display the correct email address. Below is my code. What am I doing wrong?
<?php
if(filter_has_var(INPUT_POST, 'data')){
$email = $_POST['data'];
//Now remove illegal characters
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
echo $email;
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="text" name="data">
<button type="submit">Submit</button>
</form>
To me it seems to be working. I would however not want to store a different email than the exact input. If the incoming email adress is incorrect I would return an error message asking the user for a real email adress:
if(filter_has_var(INPUT_POST, 'data')){
$email = trim($_POST['data']);
$sanitized = filter_var($email, FILTER_SANITIZE_EMAIL);
if($email === $sanitized && filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "This is a valid email: " . $email;
} else {
echo "This is an invalid email: " . $email;
}
}
I don't know if this is exactly what's you're looking for but just give it a try.
<?php
function filter_mail($string) {
return preg_replace('/[^A-Za-z0-9.#\-]/', '', $string); // We remove special chars and accept only Alphs&Nums&.&#
}
$mail="jp)(*&#gmail)**&.com";
echo filter_mail($mail); //This will output the desired email
echo "<br>";
echo $mail; //This is how it was !
?>
It seems like only certain types of characters can get sanitized. For instance here are examples of wrong emails that will get sanitized:
(comment)localpart#example.com - After sanitization: commentlocalpart#example.com
"much.more unusual"#example.com - After sanitization: much.moreunusual#example.com
But these for instance will not get sanitized:
sarah{[#gmail}{[.com - After sanitization: sarah{[#gmail}{[.com
jp*&#gmail**&.com - After sanitization: jp*&#gmail**&.com
this may help, after sanitizing we need to check if it is a valid mail
<?php
if(filter_has_var(INPUT_POST, 'data')){
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
$email = $_POST['data'];
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (preg_match($regex, $email)) {
echo $email;
} else {
echo "invalid email";
}
}
?>
Related
I'm having some issues with getting the form content sent to email and saved to a session and then displayed on next page.
I have form on contact.shtml which action takes it to mail.php and when content are sent goes to thank_you.shtml.
I need the content shown on the thank_you -page.
All my pages are *.shtml - are this an disadvantage for this?
Codesnippets:
mail.php
$name = $_POST['name'];
$_SESSION['name'] = $name;
$email = $_POST['email'];
$_SESSION['email'] = $email;
$phone = $_POST['phone'];
$_SESSION['phone'] = $phone;
thank_you:
<?php
echo "Navn:" . "$_SESSION['name']";
echo "Email:" . "$_SESSION['email']";
echo "Telefon:" . "$_SESSION['phone']";
?>
I have the obvious on page thank_you and mail.php.
<?php
session_start();
?>
Beside these few lines i have several more with text input and also image files for which i want to show the filename and extensions and also a small preview.
Am i missing something or on the complete wrong track?
You could bypass using a session. While I like separation of concerns the following outline 'all-in-one' solution would satisfy your problem:
<?php
$email = null;
$sent = false;
$error = null;
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$email = isset($_POST['email']) ? $_POST['email'] : null;
if($email && filter_var($email, FILTER_VALIDATE_EMAIL)) {
// supplied email looks good, send email here.
$sent = true;
} else {
$error = 'Please enter a valid email address.';
}
}
?>
html goes here..
<?php if($sent) {
echo 'Thankyou. The email you supplied is: ' . htmlspecialchars($email);
?>
<?php } else { ?>
<?php echo $error ? '<p>' . $error . '</p>' : ''; ?>
<form method="POST">
Email:
<input type="text" name="email" value="<?php echo htmlspecialchars($email) ?>">
<input type="submit">
</form>
<?php } ?>
If a valid email is posted, you can then trigger your mail out.
Do you really need to display the gathered user data?
<?php
echo "Navn:" . htmlentities($_SESSION['name']);
echo "Email:" . htmlentities($_SESSION['email']);
echo "Telefon:" . htmlentities($_SESSION['phone']);
?>
You have to remove the quotes around the variables. Use htmlentities to convert all applicable characters to HTML entities
So I created a custom contact form in WordPress, using PHP. The form sends, and I am receiving emails. The problem I'm having is that once you hit submit, it goes to a post page, and doesn't stay on the original page.
I've tried using a session and header location (didn't work)
I also tried putting this in my action"<?php echo $_SERVER['PHP_SELF']; ?>", doesn't work either. (mail just doesn't send it and sends me to 404 page.
So I'm a little stuck, as to fix this problem. Normally I would have no problems if this was a static web page, but because I'm using WordPress, this task seems to be more troublesome.
Here is a link to the website http://www.indianpointresort.ca/
Here is the php validation:
<?php
/*session_start();
if(!isset($_SESSION['afaisfjisjfijfjiwaefjawsefijef'])){
$url = 'http://www.indianpointresort.ca/';
header("Location:home.php?url=$url");
}*/
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$phone = trim($_POST['phone']);
$subject = trim($_POST['subject']);
$message = trim($_POST['message']);
echo "$name | $email | $phone | $subject | $message";
if(isset($_POST['submit'])){
$boolValidationOK = 1;
$strValidationMessage = "";
//validate first name
//validate last name
if(strlen($name)<3){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill in a proper first and last name </br>";
}
//email validation:
$emailValidate = validate_email( $email );// calls the function below to validate the email addy
if(!$emailValidate ){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill in proper email address </br>";
}
//validate phone
$phone = checkPhoneNumber($phone);
if(!$phone){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill proper phone number </br>";
}
//validate subject
if(strlen($subject)<3){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill in a proper subject description </br>";
}
//validate description
if(strlen($message)<3){
$boolValidationOK = 0;
$strValidationMessage .= "Please fill in a proper message </br>";
}
if($boolValidationOK == 1){
//$strValidationMessage = "SUCCESS";
//MAIL SECURITY !!!!!!!
// WE MUST VALIDATE AGAINST EMAIL INJECTIONS; THE SPAMMERS BEST WEAPON
$badStrings = array("Content-Type:",
"MIME-Version:",
"Content-Transfer-Encoding:",
"bcc:",
"cc:");
foreach($_POST as $k => $v){// change to $_POST if your form was method="post"
foreach($badStrings as $v2){
if(strpos($v, $v2) !== false){
// In case of spam, all actions taken here
//header("HTTP/1.0 403 Forbidden");
echo "<script>document.location =\"http://www.bermuda-triangle.org/\" </script>";
exit; // stop all further PHP scripting, so mail will not be sent.
}
}
}
$ip = $_SERVER['REMOTE_ADDR'];
//echo $ip;
/* Spammer List: IP's that have spammed you before ***********/
$spams = array (
"static.16.86.46.78.clients.your-server.de",
"87.101.244.8",
"144.229.34.5",
"89.248.168.70",
"reserve.cableplus.com.cn",
"94.102.60.182",
"194.8.75.145",
"194.8.75.50",
"194.8.75.62",
"194.170.32.252"
//"S0106004005289027.ed.shawcable.net" Phil's IP as test
); // array of evil spammers
foreach ($spams as $site) {// Redirect known spammers
$pattern = "/$site/i";
if (preg_match ($pattern, $ip)) {
// whatever you want to do for the spammer
echo "logging spam activity..";
exit();
}
}
$to = "";
//$subject = " Indian Point";
// compose headers
$headers = "From: Indian Point Resort.\r\n";
$headers .= "Reply-To: $email\r\n";
$headers .= "X-Mailer: PHP/".phpversion();
$message = wordwrap($message, 70);
// send email
mail($to, $subject, $message, $headers);
}
}//end of submit
//validate phone number
function checkPhoneNumber($number){
$number = str_replace("-", "", $number);
$number = str_replace(".", "", $number);
$number = str_replace(" ", "", $number);
$number = str_replace(",", "", $number);
$number = str_replace("(", "", $number);
$number = str_replace(")", "", $number);
if((strlen($number) != 10) || (!is_numeric($number))){
return false;
}else{
return $number;
}
}
//email validation
function validate_email( $senderemail ){ // this is a function; it receives info and returns a value.
$email = trim( $senderemail ); # removes whitespace
if(!empty($email) ):
// validate email address syntax
if( preg_match('/^[a-z0-9\_\.]+#[a-z0-9\-]+\.[a-z]+\.?[a-z]{1,4}$/i', $email, $match) ):
return strtolower($match[0]); # valid!
endif;
endif;
return false; # NOT valid!
}
?>
Here is the form:
<div id="msgForm" class=" msgForm five columns">
<h4>Questions?</h4>
<h5>Send us a message!</h5>
<form id="contactForm" name="contactForm" method="post" action="<?php the_permalink(); ?>">
<p><input type="text" name="name" value="<?php echo $name; ?>" placeholder="name*"/></p>
<p><input type="email" name="email" placeholder="E-mail*"/></p>
<p><input type="text" name="phone" placeholder="Phone #*"/></p>
<p><input type="text" name="subject" placeholder="subject*"/></p>
<p><textarea name="message" placeholder="Message*"></textarea></p>
<p><input type="submit" name="submit" placeholder="Submit"/></p>
<div class="error">
<?php
if($strValidationMessage){
echo $strValidationMessage;
}
?>
</div>
</form>
</div><!--end of form-->
Well, to start off I would remove that gmail account from your info (just to be safe).
Secondly I would advise you to use the sendmail scripts provided by Wordpress.
There are plugins like gravityforms which allow you to make a form and decide all these options without making a static form, nor a new template file for that matter.
You can only change to which page the form will redirect after the refresh (the action will decide that)
If you want it to stay on the same page you can put the page itself in the action and on top put an if statement like
if(isset($_POST['submit'])){
//validation, sendmail, and possibly errors here
}
else{
//show the form
}
anyway, a refreshing webform is as standard as it gets. It's just how it submits things. The only way you could prevent a page is by using jquery or javascript like so: (give your submit an id)
$('#submit').on("click", function(e){
//this prevents any submit functionality (like refresh)
e.preventDefault();
//custom code to get values here and put them in the sendmail function like so:
var message = $('$message').text();
}
Try ajax form submission. And add the insert query in a separate file.
im getting the "invalid email address"
all is hardcoded for testing, what is missing? thanks!
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
/* All form fields are automatically passed to the PHP script through the array $HTTP_POST_VARS. */
$email = $HTTP_POST_VARS['example#example.com'];
$subject = $HTTP_POST_VARS['subjectaaa'];
$message = $HTTP_POST_VARS['messageeeee'];
/* PHP form validation: the script checks that the Email field contains a valid email address and the Subject field isn't empty. preg_match performs a regular expression match. It's a very powerful PHP function to validate form fields and other strings - see PHP manual for details. */
if (!preg_match("/\w+([-+.]\w+)*#\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>
Change
$email = $HTTP_POST_VARS['jaaanman2324#gmail.com'];
$subject = $HTTP_POST_VARS['subjectaaa'];
$message = $HTTP_POST_VARS['messageeeee'];
to
$email ='jaaanman2324#gmail.com';
$subject ='subjectaaa';
$message = 'messageeeee';
I think you want it to be hardcoded like this:
$email = 'jaaanman2324#gmail.com';
Otherwise you are trying to get the value out of HTTP_POST_VARS with the key of jaaanman2324#gmail.com
First, don't use $HTTP_POST_VARS, it's $_POST now.
Second, by writing $HTTP_POST_VARS['jaaanman2324#gmail.com'] you're looking for table element with juanman234#gmail.com key.
That's not what you wanted to do.
If you want to hardcode it, write
$email = 'jaaanman2324#gmail.com';`
if not, write
$email = $_POST['email'];
to get email field from form.
This question already has answers here:
How can I convert ereg expressions to preg in PHP?
(4 answers)
Closed 9 years ago.
Hi ı know that we do not eregi but preg_match but when ı change only eregi code it doesnt work, how can ı change the code below please just a little help, ı am a newbie
function verify_valid_email($emailtocheck)
{
$eregicheck = "^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+#([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.)+[a-zA-Z]{2,4}\$";
return eregi($eregicheck, $emailtocheck);
}
function verify_email_unique($emailtocheck)
{
global $config,$conn;
$query = "select count(*) as total from members where email='".mysql_real_escape_string($emailtocheck)."' limit 1";
$executequery = $conn->execute($query);
$totalemails = $executequery->fields[total];
if ($totalemails >= 1)
{
return false;
}
else
{
return true;
}
}
If you need to validate e-mail addresses, you can look at this page which provides a working example using only filter_var() :
if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) {
echo "This ($email_a) email address is considered valid.";
};
So in your code, you should just drop all the regex/eregi stuff and use this instead :
return filter_var($emailtocheck, FILTER_VALIDATE_EMAIL);
If you want to do it this way, you can base yourself on the following methods:
<?php
$email = \"abc123#somewhere\"; // Invalid email address
//$email = \"somebody#somesite.com\"; // Valid email address
// Set up regular expression strings to evaluate the value of email variable against
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
// Run the preg_match() function on regex against the email address
if (preg_match($regex, $email)) {
echo $email . \" is a valid email. We can accept it.\";
} else {
echo $email . \" is an invalid email. Please try again.\";
}
?>
or:
$string = "$emailtocheck";
if (preg_match(
'/^[^\W][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\#[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\.[a-zA-Z]{2,4}$/',
$string)) {
echo "Successful.";
}
or:
<?php
$email = "abc123#sdsd.com";
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
if (preg_match($regex, $email)) {
echo $email . " is a valid email. We can accept it.";
} else {
echo $email . " is an invalid email. Please try again.";
}
?>
Source: https://stackoverflow.com/a/13719991/1415724
or:
<?php
// check e-mail address
// display success or failure message
if (!preg_match("/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*#([a-zA-Z0-9_-
])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/", $_POST['e-mail'])) {
die("Invalid e-mail address");
}
echo "Valid e-mail address, processing...";
?>
Source: http://www.techrepublic.com/article/regular-expression-engine-simplifies-e-mail-validation-in-php/
Plus, you can try what André Daniel wrote as an answer as well. You have many choices.
Im new in php and this should be a easy to make, but I dont now how.
I want to check does $address has characters "#" and "."
<?php
function testEmail($address){
$a = strpos("/#/", $address);
$b = strpos("/./", $address);
if (($a != false) && ($b != false)) {
echo "Email is OK";
} else {
echo "Email is NOT OK";
}
}
testEmail("testmail#gmail.com");
?>
You can simply use filter_var to check validity of email.
$email = 'gaurang#gmail.com'
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Email correct
}
else {
//Email not correct
}
Is your question about this specific piece of code? Then #wroniasty's answer is correct.
But you really don't want to use a regex to test email validity, unless you want to use monstrosities like these.
However, if your question really is "How can I validate an email address?", then take a look at filter_var().
You can pass it the filter FILTER_VALIDATE_EMAIL, so it will validate the email address catching quite a bit of edge cases.
You can check an address using the following code:
if (filter_var($email_address, FILTER_VALIDATE_EMAIL)) {
// valid email
} else {
// invalid email
}
<?php
function testEmail($address) {
if (preg_match ( "/\.|#/", $address))
echo "Email OK";
else
echo "Email not OK";
}
?>
a better way to check for valid email address:
<?
function isValidEmail($email){
return preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $email);
}
?>