In the following code the email sanitizing and validation:
if ($_POST['email'] != "") {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";
}
} else {
$errors .= 'Please enter your email address.<br/>';
}
is allowing:
ck#////bushidodee/xom
New to filters, and don't get why this is not sanitized?
Full Code:
if (isset($_POST['Submit'])) {
if ($_POST['name'] != "") {
$_POST['name'] = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
if ($_POST['name'] == "") {
$errors .= 'Please enter a valid name.<br/><br/>';
}
} else {
$errors .= 'Please enter your name.<br/>';
}
if ($_POST['email'] != "") {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";
}
} else {
$errors .= 'Please enter your email address.<br/>';
}
if ($_POST['homepage'] != "") {
$homepage = filter_var($_POST['homepage'], FILTER_SANITIZE_URL);
if (!filter_var($homepage, FILTER_VALIDATE_URL)) {
$errors .= "$homepage is <strong>NOT</strong> a valid URL.<br/><br/>";
}
} else {
$errors .= 'Please enter your home page.<br/>';
}
if ($_POST['message'] != "") {
$_POST['message'] = filter_var($_POST['message'], FILTER_SANITIZE_STRING);
if ($_POST['message'] == "") {
$errors .= 'Please enter a message to send.<br/>';
}
} else {
$errors .= 'Please enter a message to send.<br/>';
}
if (!$errors) {
// $mail_to = 'me#somewhere.com';
// $subject = 'New Mail from Form Submission';
// $message = 'From: ' . $_POST['name'] . "\n";
// $message .= 'Email: ' . $_POST['email'] . "\n";
// $message .= 'Homepage: ' . $_POST['homepage'] . "\n";
// $message .= "Message:\n" . $_POST['message'] . "\n\n";
// mail($to, $subject, $message);
print_r($_POST);
echo "Thank you for your email!<br/><br/>";
} else {
echo '<div style="color: red">' . $errors . '<br/></div>';
}
}
?>
<form name="form1" method="post" action="form-email.php">
Name: <br/>
<input type="text" name="name" value="<?php echo $_POST['name']; ?>" size="50" /><br/><br/>
Email Address: <br/>
<input type="text" name="email" value="<?php echo $_POST['email']; ?>" size="50"/> <br/><br/>
Home Page: <br/>
<input type="text" name="homepage" value="<?php echo $_POST['homepage']; ?>" size="50" /> <br/><br/>
Message: <br/>
<textarea name="message" rows="5" cols="50"><?php echo $_POST['message']; ?></textarea>
<br/>
<input type="submit" name="Submit" value="Submit Form Data" />
</form>
Hm, I do not get your problem, you first sanitize the input from $_POST and store it in $email if you print that var you will see it is ck#bushidodeexom and then you validate the sanitized input -- of course it passes.
Try this...
<?php
if ($_POST['email'] != ""){
$_POST['email'] = stripslashes(trim($_POST['email']));
$tmpEmail=filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if ( filter_var($tmpEmail, FILTER_VALIDATE_EMAIL) == TRUE) {
}
else{
$errors .= "Invalid Email";
}
}
else{
$errors .= "Please enter email";
}
?>
Related
I'm making a form using PHP and HTML. I want the form to use a predetermined value if the user does not fill out the form.
Default value:
Name: Jhon
Email: #example.com
Message: Without message
This is the PHP code that I use to process data:
if(isset($_POST['submitted'])) {
if(trim($_POST['contactName']) === '') {
$nameError = 'Please enter your name.';
$hasError = true;
} else {
$name = trim($_POST['contactName']);
}
if(trim($_POST['email']) === '') {
$emailError = 'Please enter your email address.';
$hasError = true;
} else if (!preg_match("/^[[:alnum:]][a-z0-9_.-]*#[a-z0-9.-]+\.[a-z]{2,4}$/i", trim($_POST['email']))) {
$emailError = 'You entered an invalid email address.';
$hasError = true;
} else {
$email = trim($_POST['email']);
}
if(trim($_POST['comments']) === '') {
$commentError = 'Please enter a message.';
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$comments = stripslashes(trim($_POST['comments']));
} else {
$comments = trim($_POST['comments']);
}
}
if(!isset($hasError)) {
$emailTo = get_option('tz_email');
if (!isset($emailTo) || ($emailTo == '') ){
$emailTo = get_option('admin_email');
}
$subject = '[PHP Snippets] From '.$name;
$body = "Name: $name \n\nEmail: $email \n\nComments: $comments";
$headers = 'From: '.$name.' <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email;
wp_mail($emailTo, $subject, $body, $headers);
$emailSent = true;
}
}
And here is the HTML I used:
<?php if(isset($emailSent) && $emailSent == true) { ?>
<div class="thanks">
<p>Thanks, your email was sent successfully.</p>
</div>
<?php } else { ?>
<?php the_content(); ?>
<?php if(isset($hasError) || isset($captchaError)) { ?>
<p class="error">Sorry, an error occured.<p>
<?php } ?>
<form action="<?php the_permalink(); ?>" id="contactForm" method="post">
<ul class="contactform">
<li>
<label for="contactName">Name:</label>
<input type="text" name="contactName" id="contactName" value="<?php if(isset($_POST['contactName'])) echo $_POST['contactName'];?>" class="required requiredField" />
<?php if($nameError != '') { ?>
<span class="error"><?=$nameError;?></span>
<?php } ?>
</li>
<li>
<label for="email">Email</label>
<input type="text" name="email" id="email" value="<?php if(isset($_POST['email'])) echo $_POST['email'];?>" class="required requiredField email" />
<?php if($emailError != '') { ?>
<span class="error"><?=$emailError;?></span>
<?php } ?>
</li>
<li><label for="commentsText">Message:</label>
<textarea name="comments" id="commentsText" rows="20" cols="30" class="required requiredField"><?php if(isset($_POST['comments'])) { if(function_exists('stripslashes')) { echo stripslashes($_POST['comments']); } else { echo $_POST['comments']; } } ?></textarea>
<?php if($commentError != '') { ?>
<span class="error"><?=$commentError;?></span>
<?php } ?>
</li>
<li>
<input type="submit">Send email</input>
</li>
</ul>
<input type="hidden" name="submitted" id="submitted" value="true" />
</form>
<?php } ?>
How do I make the values sent use the default values if the user does not fill out the form?
use ?: ( Ternary Operator)
$email = $_POST['email'] ?: 'default Email';
The above is identical to this if/else statement
if (empty($_POST['email'])) {
$email = 'default Email';
} else {
$email = $_POST['email'];
}
use this logic for those element you want to set a default value.
You can use the ?? operator:
$email = $_POST['email'] ?? 'defaultemail#example.com';
It's the equivalent to doing a empty() and assigning the default value if it is empty:
$email = NULL;
if (!empty($_POST['email'])) {
$email = $_POST['email'];
} else {
$email = 'defaultemail#example.com';
}
I have the following HTML:
<form method="post" action="https://www.domain.co.uk/v2/contact.php" id="contactform">
<p><label for="name"><span class="required">*</span> Your Name</label><br>
<input name="name" type="text" id="name" size="30" value="" class="input" required> </p>
<p><label for="email"><span class="required">*</span> Email</label><br>
<input name="email" type="email" id="email" size="30" value="" class="input" required></p>
<p><label for="phone">Phone</label><br>
<input name="phone" type="tel" id="phone" size="30" value="" class="input"></p>
<p><label for="subject">Subject</label><br>
<select name="subject" id="subject" class="input">
<option value="Not sure" selected="selected">Not sure</option>
<option value="this">this</option>
<option value="that">that</option>
</select></p>
<p><label for="comments"><span class="required">*</span> Message</label><br>
<textarea name="comments" cols="40" rows="3" id="comments" class="input" required></textarea></p>
<p><input type="submit" class="submit" id="submit" value="Submit"></p>
</form>
and the following in contact.php
<?php
if ($_POST['name'] != "") {
$_POST['name'] = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
if ($_POST['name'] == "") {
$errors .= 'Please enter a valid name.<br/><br/>';
}
} else {
$errors .= 'Please enter your name.<br/>';
}
if ($_POST['email'] != "") {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";
}
} else {
$errors .= 'Please enter your email address.<br/>';
}
if ($_POST['phone'] != "") {
$_POST['phone'] = filter_var($_POST['phone'], FILTER_SANITIZE_STRING);
if ($_POST['phone'] == "") {
$errors .= 'Please enter your phone number.<br/>';
}
} else {
$errors .= 'Please enter your phone number.<br/>';
}
if ($_POST['subject'] != "") {
$_POST['subject'] = filter_var($_POST['subject'], FILTER_SANITIZE_STRING);
if ($_POST['subject'] == "") {
$errors .= 'Please choose a subject.<br/>';
}
} else {
$errors .= 'Please choose a subject.<br/>';
}
if ($_POST['comments'] != "") {
$_POST['comments'] = filter_var($_POST['comments'], FILTER_SANITIZE_STRING);
if ($_POST['comments'] == "") {
$errors .= 'Please enter a message.<br/>';
}
} else {
$errors .= 'Please enter a message.<br/>';
}
if (!$errors) {
$mail_to = 'info#myemails.co.uk';
$subject = 'Enquiry';
$message .= 'Regarding: ' . $_POST['subject'] . "\n\n";
$message .= 'Name: ' . $_POST['name'] . "\n\n";
$message .= 'Email: ' . $_POST['email'] . "\n\n";
$message .= 'Phone: ' . $_POST['phone'] . "\n\n";
$message .= 'Message ' . $_POST['comments'] . "\n\n";
$success = mail($mail_to, $subject, $message, "From: <$email>");
if ($success){
print "sent";
}
else{
print "failed";
}
}
?>
no matter what I change or try I end up on a blank white page for contact.php instead of seeing the sent or failed message (having removed my javascript validation incase I was causing issue there), likewise there is nothing in the error log and despite having gone back over the code I can't spot the issue? Unsure if I have stared at it for too long and missing something obvious or there is a deeper problem?
Any pointers appreciated.
var_dump shows it is getting the information:
array(5) { ["name"]=> string(10) "Joe Bloggs" ["email"]=> string(16) "joe#anyemail.com" ["phone"]=> string(11) "07123456789" ["subject"]=> string(8) "Not sure" ["comments"]=> string(17) "test message here" }
You used string concatenation, but you didn't defined your variables before that, if you change your code, like this:
<?php
$errors = '';
if ($_POST['name'] != "") {
$_POST['name'] = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
if ($_POST['name'] == "") {
$errors .= 'Please enter a valid name.<br/><br/>';
}
} else {
$errors .= 'Please enter your name.<br/>';
}
if ($_POST['email'] != "") {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";
}
} else {
$errors .= 'Please enter your email address.<br/>';
}
if ($_POST['phone'] != "") {
$_POST['phone'] = filter_var($_POST['phone'], FILTER_SANITIZE_STRING);
if ($_POST['phone'] == "") {
$errors .= 'Please enter your phone number.<br/>';
}
} else {
$errors .= 'Please enter your phone number.<br/>';
}
if ($_POST['subject'] != "") {
$_POST['subject'] = filter_var($_POST['subject'], FILTER_SANITIZE_STRING);
if ($_POST['subject'] == "") {
$errors .= 'Please choose a subject.<br/>';
}
} else {
$errors .= 'Please choose a subject.<br/>';
}
if ($_POST['comments'] != "") {
$_POST['comments'] = filter_var($_POST['comments'], FILTER_SANITIZE_STRING);
if ($_POST['comments'] == "") {
$errors .= 'Please enter a message.<br/>';
}
} else {
$errors .= 'Please enter a message.<br/>';
}
$message = '';
if (empty($errors)) {
$mail_to = 'info#myemails.co.uk';
$subject = 'Enquiry';
$message .= 'Regarding: ' . $_POST['subject'] . "\n\n";
$message .= 'Name: ' . $_POST['name'] . "\n\n";
$message .= 'Email: ' . $_POST['email'] . "\n\n";
$message .= 'Phone: ' . $_POST['phone'] . "\n\n";
$message .= 'Message ' . $_POST['comments'] . "\n\n";
$success = mail($mail_to, $subject, $message, "From: <$email>");
if ($success){
print "sent";
}
else{
print "failed";
}
} else {
echo $errors;
}
?>
It works. You said that you are at live site, so probably errors are not show up, if you want you can add this lines:
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
at the top of your php file, to see errors, but clients also would see these errors. You can add IP Check for your IP around them.
I am not very good with php and my friend helped me with this php contact form script. But this does not seem to send emails to the desired address. Can you please suggest what might be the problem with this script?
I really appreciate it. Thanks
<?php
$error = array();
if(!empty($_POST['contact_submit']) && ($_POST['contact_submit'] == 'submit') ) {
if(!empty($_POST['name'])) {
$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
} else {
$error[] = 'Please enter your name.';
}
if(!empty($_POST['email'])) {
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
} else {
$error[] = 'Please enter a correct email address.';
}
} else {
$error[] = 'Please enter your email address.';
}
if(!empty($_POST['phone'])) {
if(filter_var($_POST['phone'], FILTER_VALIDATE_INT)) {
$phone = filter_var($_POST['phone'], FILTER_SANITIZE_NUMBER_INT);
} else {
$error[] = '<i>Phone number</i> only expects number';
}
} else {
$error[] = 'Please enter your email address.';
}
if(!empty($_POST['time'])) {
$time = filter_var($_POST['time'], FILTER_SANITIZE_STRING);
} else {
$error[] = 'Please enter your best time to contact.';
}
if(!empty($_POST['msg'])) {
$msg = filter_var($_POST['msg'], FILTER_SANITIZE_STRING);
} else {
$error[] = 'Please enter your message.';
}
if(empty($error)) {
$to = 'your#email.com';
$subject = 'from contact form';
$message = $phone . "\r\n";
$message .= $time . "\r\n";
$message .= $msg;
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.$name.' <'. $email.'>' . "\r\n" .
'Reply-To: '.$name.' <'. $email . '>' ."\r\n";
//echo '<pre>'; var_dump($to, $subject, $message, $headers); echo '</pre>'; die();
mail($to, $subject, $message, $headers);
}
}
?>
<?php
if(!empty($error)) {
echo '<ul class="error">';
echo '<li>' . implode('</li><li>', $error) . '</li>';
echo '</ul>';
}
?>
<form method="post" action="">
<input type="text" name="name" value="" placeholder="Enter your name" class="email_form"/>
<input type="text" name="email" value="" placeholder="Enter your email address" class="email_form"/>
<input type="text" name="phone" value="" placeholder="Phone number" class="email_form"/>
<input type="text" name="time" value="" placeholder="Best time to contact. e.g. 3 am" class="email_form"/>
<textarea name="msg" placeholder="Your message" class="email_form"></textarea>
<input type="image" value="submit" name="contact_submit" src="images/submit.png" width="96" height="43" class="email_button">
</form>
Change this line:
if(!empty($_POST['contact_submit']) && ($_POST['contact_submit'] == 'submit') ) {
to
if(isset($_POST['contact_submit']) ) {
and
<input type="image" value="submit" name="contact_submit" src="images/submit.png" width="96" height="43" class="email_button">
to
<input type = "submit" value="submit" name="contact_submit">
PHP is looking for a submit type, and you're using an image type.
If you still want to use the image as the submit button:
You will need to change:
if(!empty($_POST['contact_submit']) && ($_POST['contact_submit'] == 'submit') )
to another conditional statement.
For example:
if(!empty($_POST['email'])){
You can always add on to that conditional statement with the other fields you wish to check if they are set/empty.
For example:
if(!empty($_POST['email']) || !empty($_POST['name'])){
Upon testing your code, the code did not work till those changes were made.
N.B.: If mail is still not being sent/received, you will need to make sure that mail() is indeed available for you to use, and/or check your logs and the Spam box.
Add error reporting to the top of your file(s) which will help during production testing.
error_reporting(E_ALL);
ini_set('display_errors', 1);
Which will trigger any errors found.
Footnotes:
The phone field needs to be all numbers, otherwise it will fail.
I.e.: 555-234-5678 did not work, but 5552345678 did, therefore you will need to inform your users of how it should be entered.
Edit: (full code) - copy exactly as shown while changing email#example.com to your own Email.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$error = array();
if(isset($_POST['contact_submit']) ) {
if(!empty($_POST['name'])) {
$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
} else {
$error[] = 'Please enter your name.';
}
if(!empty($_POST['email'])) {
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
} else {
$error[] = 'Please enter a correct email address.';
}
} else {
$error[] = 'Please enter your email address.';
}
if(!empty($_POST['phone'])) {
if(filter_var($_POST['phone'], FILTER_VALIDATE_INT)) {
$phone = filter_var($_POST['phone'], FILTER_SANITIZE_NUMBER_INT);
} else {
$error[] = '<i>Phone number</i> only expects number';
}
} else {
$error[] = 'Please enter your email address.';
}
if(!empty($_POST['time'])) {
$time = filter_var($_POST['time'], FILTER_SANITIZE_STRING);
} else {
$error[] = 'Please enter your best time to contact.';
}
if(!empty($_POST['msg'])) {
$msg = filter_var($_POST['msg'], FILTER_SANITIZE_STRING);
} else {
$error[] = 'Please enter your message.';
}
if(empty($error)) {
$to = 'email#example.com';
$subject = 'from contact form';
$message = $phone . "\r\n";
$message .= $time . "\r\n";
$message .= $msg;
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.$name.' <'. $email.'>' . "\r\n" .
'Reply-To: '.$name.' <'. $email . '>' ."\r\n";
//echo '<pre>'; var_dump($to, $subject, $message, $headers); echo '</pre>'; die();
mail($to, $subject, $message, $headers);
}
}
?>
<?php
if(!empty($error)) {
echo '<ul class="error">';
echo '<li>' . implode('</li><li>', $error) . '</li>';
echo '</ul>';
}
?>
<form method="post" action="">
<input type="text" name="name" value="" placeholder="Enter your name" class="email_form"/>
<input type="text" name="email" value="" placeholder="Enter your email address" class="email_form"/>
<input type="text" name="phone" value="" placeholder="Phone number" class="email_form"/>
<input type="text" name="time" value="" placeholder="Best time to contact. e.g. 3 am" class="email_form"/>
<textarea name="msg" placeholder="Your message" class="email_form"></textarea>
<input type = "submit" value="submit" name="contact_submit">
</form>
You can also show a message if it was sent successfully by replacing:
mail($to, $subject, $message, $headers);
with:
if(mail($to, $subject, $message, $headers)){
echo "Mail sent, thank you.";
}
else{
echo "There was an error.";
}
You can also log the error:
http://php.net/manual/en/function.error-log.php
0 message is sent to PHP's system logger, using the Operating System's system logging mechanism or a file, depending on what the error_log configuration directive is set to. This is the default option.
1 message is sent by email to the address in the destination parameter. This is the only message type where the fourth parameter, extra_headers is used.
2 No longer an option.
3 message is appended to the file destination. A newline is not automatically added to the end of the message string.
4 message is sent directly to the SAPI logging handler.
I.e.:
if(mail($to, $subject, $message, $headers)){
echo "Mail sent, thank you.";
}
else{
error_log("Error!", 3, "/var/tmp/mail-errors.log");
}
I am not a PHP programmer, but have used it a touch, enough to put in a contact form. However, I am trying to add a captcha field, which now works but the form does not validate it - so it submits no matter what
Can anybody help please? sorry if the code is messy and thanks in advance
code at the top of my page
<?php session_start() ?>
<?php
//If the form is submitted
if(isset($_POST['submit'])) {
//Check to make sure that the name field is not empty
if(trim($_POST['name']) == '') {
$hasError = true;
} else {
$name = trim($_POST['name']);
}
//Check to make sure that the subject field is not empty
if(trim($_POST['subject']) == '') {
$hasError = true;
} else {
$subject = trim($_POST['subject']);
}
//Check to make sure sure that a valid email address is submitted
if(trim($_POST['email']) == '') {
$hasError = true;
} else if (!eregi("^[A-Z0-9._%-]+#[A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['email'])))
{
$hasError = true;
} else {
$email = trim($_POST['email']);
}
//Check to make sure comments were entered
if(trim($_POST['message']) == '') {
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$message = stripslashes(trim($_POST['message']));
} else {
$message = trim($_POST['message']);
}
/*captcha 2*/
if(isset($_POST["captcha"])) {
$hasError = true;
} else {
if($_SESSION["captcha"]==$_POST["captcha"]) {
}
}
//CAPTHCA is valid; proceed the message: save to database, send by e-mail ...
//If there is no error, send the email
if(!isset($hasError)) {
$emailTo = 'email address'; //Put your own email address here
$emailTo = 'email address'; //Put your own email address here
$body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nMessage:\n $message";
$headers = 'From: website form <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' .
$email;
mail($emailTo, $subject, $body, $headers);
$emailSent = true;
}
}
?>
Code in the form:
[php]<?php if(isset($hasError)) { //If errors are found ?>
<p class="error">Please check if you've filled all the fields with valid information. Thank you.</p>
<?php } ?>
<?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?>
<p><strong>Email Successfully Sent!</strong></p>
<p>Thank you <strong><?php echo $name;?></strong> for contacting us. Your email was successfully sent and we will be in touch with you soon.</p>
<?php } ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform">
<div>
<p>
<label for="name">Name</label><br />
<input type="text" name="name" value="" id="name" class="required">
</p>
</div>
<div>
<p>
<label for="email">Email</label><br />
<input type="text" name="email" value="" id="email" class="required">
</p>
</div>
<div>
<p>
<label for="subject">Subject</label><br />
<input type="text" name="subject" value="" id="subject" class="required">
</p>
</div>
<div style="margin-bottom:25px;">
<p>
<label for="message">Message</label><br />
<textarea rows="5" name="message" value="" id="message" class="required"></textarea>
</p>
</div>
<div style="margin-bottom:25px;">
<img src="captcha.php" alt="captcha image">
<p>
<label for="captcha">(antispam code, 3 black symbols)</label><br />
<input type="text" name="captcha" maxlength="3" id="captcha" class="required">
</p>
</div>
<input type="submit" value="Send Message" name="submit" />
</form>
[/php]
[edit ] 2011-12-20 8:22pm CST - updated the second block of code with the final code that the OP is using - based on off site chat.
There's a better way to write the code. I'm putting an example of this below. Ask questions and I'll update the code with comments explaining. I revamped the if statement you had for the captcha so that it didn't need a double if. Using || (or) in the if statement causes PHP to stop after testing the first condition (if the first condition evaluates to true). Therefore, if the variable is not set it never moves on to the comparison of POST with SESSION.
Also, I defaulted your hasError variable to false, and am testing for the boolean value. This is better because it makes sense. Think about the programmers who will come after you. If it makes sense, it'll be easier to work with. You might be that programmer :)
[edited to add session_start();]
<?php
session_start();
// default value
$hasError = false;
//If the form is submitted
if(isset($_POST['submit'])) {
//Check to make sure that the name field is not empty
if(trim($_POST['name']) == '') {
$hasError = true;
} else {
$name = trim($_POST['name']);
}
//Check to make sure that the subject field is not empty
if(trim($_POST['subject']) == '') {
$hasError = true;
} else {
$subject = trim($_POST['subject']);
}
//Check to make sure sure that a valid email address is submitted
if(trim($_POST['email']) == '') {
$hasError = true;
} else if (!eregi("^[A-Z0-9._%-]+#[A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['email']))) {
$hasError = true;
} else {
$email = trim($_POST['email']);
}
//Check to make sure comments were entered
if( trim($_POST['message']) == '') {
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$message = stripslashes(trim($_POST['message']));
} else {
$message = trim($_POST['message']);
}
}
if( ! isset( $_POST["captcha"] ) || $_SESSION["captcha"] != $_POST["captcha"] ) {
$hasError = true;
echo 'CAPTHCA is not valid; ignore submission<br>';
echo $_POST['captcha' . ' != ' . $_SESSION['captcha'] . '<br>';
}
//If there is no error, send the email
if( $hasError == false ) {
$emailTo = 'email#email.com'; //Put your own email address here
$emailTo = 'email#email.com'; //Put your own email address here
$body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nMessage:\n $message";
// !!!!!!!!!!!!!!!! REMOVE \r\n from $emailTo or your form will be hacked !!!!!!!!!!!!!!!!!!!!!!
$headers = 'From: website form <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email;
mail($emailTo, $subject, $body, $headers);
$emailSent = true;
} else {
}
}
[edit - full code, edited and (hopefully) improved]
<?php
session_start();
function clean_for_email( $inbound )
{
return str_replace( array( "\n", "\r" ), "", $inbound );
}
// I really like the name of this function. :D
function outputInput( $name, $required )
{
$attribs[] = "name=\"{$name}\"";
$attribs[] = "id=\"{$name}\"";
$attribs[] = $required?'class="required"':'';
$attribs[] = 'type="text"';
if ( count( $_POST ) && array_key_exists( $name, $_POST ) )
{
$attribs[] = 'value="' . htmlspecialchars( $_POST[$name] ) . '"';
}
echo '<input ' . implode( ' ', $attribs ) . '>';
}
//------------------------------------------------------------------------
function outputTextarea( $name, $required, $rows = 5 )
{
$attribs[] = "name=\"{$name}\"";
$attribs[] = "id=\"{$name}\"";
$attribs[] = $required?'class="required"':'';
$attribs[] = 'rows="5"';
$value = '';
if ( count( $_POST ) && array_key_exists( $name, $_POST ) )
{
$value = htmlspecialchars( $_POST[$name] );
}
echo '<textarea ' . implode( ' ', $attribs ) . '>' . $value . '</textarea>';
}
// default value
$hasError = false;
$emailSent = false;
//If the form is submitted
if( count( $_POST ) && isset($_POST['submit'] ) ) {
//Check to make sure that the name field is not empty
if(trim($_POST['name']) == '') {
$hasError = true;
} else {
$name = trim($_POST['name']);
}
//Check to make sure that the subject field is not empty
if(trim($_POST['subject']) == '') {
$hasError = true;
} else {
$subject = trim($_POST['subject']);
}
//Check to make sure sure that a valid email address is submitted
if(trim($_POST['email']) == '') {
$hasError = true;
} else if ( ! preg_match( '/^.+#.+$/i', trim( $_POST['email'] ) ) ) {
$hasError = true;
} else {
$email = trim($_POST['email']);
}
//Check to make sure comments were entered
if( trim($_POST['message']) == '') {
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$message = stripslashes(trim($_POST['message']));
} else {
$message = trim($_POST['message']);
}
}
if ( ! array_key_exists( 'captcha', $_POST ) || $_SESSION['captcha'] != $_POST["captcha"] ) {
$hasError = true;
}
if( ! $hasError )
{
$captchaValid = true;
//If there is no error, send the email
if( $hasError == false ) {
$emailTo = 'xxx'; //Put your own email address here
$body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nMessage:\n $message";
$headers = 'From: website form <'.clean_for_email( $emailTo ).'>' . "\r\n" . 'Reply-To: ' . clean_for_email( $email );
mail($emailTo, $subject, $body, $headers);
$emailSent = true;
} else {
}
}
}
?>
<? if( $hasError ) : ?>
<p class="error">Please check if you've filled all the fields with valid information Thank you.</p>
<? endif; ?>
<? if( $emailSent == true) : ?>
<p><strong>Email Successfully Sent!</strong></p>
<p>Thank you <strong><?php echo $name;?></strong> for contacting us. Your email was successfully sent and we will be in touch with you soon.</p>
<? endif; ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform">
<div>
<p>
<label for="name">Name</label><br />
<? outputInput( 'name', true ); ?>
</p>
</div>
<div>
<p>
<label for="email">Email</label><br />
<? outputInput( 'email', true ); ?>
</p>
</div>
<div>
<p>
<label for="subject">Subject</label><br />
<? outputInput( 'subject', true ); ?>
</p>
</div>
<div style="margin-bottom:25px;">
<p>
<label for="message">Message</label><br />
<? outputTextarea( 'message', true ); ?>
</p>
</div>
<div style="margin-bottom:25px;">
<img src="captcha.php" alt="captcha image">
<p>
<label for="captcha">(antispam code, 3 black symbols)</label><br />
<? outputInput( 'captcha', true ); ?>
</p>
</div>
<input type="submit" value="Send Message" name="submit" />
</form>
if(isset($_POST["captcha"]))
You're missing a bracket.
Edited to show entire code.... Brackets added for captcha conditionals which were missing. As is, your code did not check if the captcha was set via post. It was only checking the session variable against the post variable. If both were blank, the form would mail. You may still have issues with captcha.php or the session variable.
<?php
//If the form is submitted
if(isset($_POST['submit'])) {
//Check to make sure that the name field is not empty
if(trim($_POST['name']) == '') {
$hasError = true;
} else {
$name = trim($_POST['name']);
}
//Check to make sure that the subject field is not empty
if(trim($_POST['subject']) == '') {
$hasError = true;
} else {
$subject = trim($_POST['subject']);
}
//Check to make sure sure that a valid email address is submitted
if(trim($_POST['email']) == '') {
$hasError = true;
} else if (!eregi("^[A-Z0-9._%-]+#[A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['email'])))
{
$hasError = true;
} else {
$email = trim($_POST['email']);
}
//Check to make sure comments were entered
if(trim($_POST['message']) == '') {
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$message = stripslashes(trim($_POST['message']));
} else {
$message = trim($_POST['message']);
}
}
/*captcha 2*/
if(isset($_POST["captcha"])) {
if($_SESSION["captcha"]==$_POST["captcha"])
{
//CAPTHCA is valid; proceed the message: save to database, send by e-mail ...
//If there is no error, send the email
if(!isset($hasError)) {
$emailTo = 'enquiries#sjbprojects.com'; //Put your own email address here
$emailTo = 'sjbullen#gmail.com'; //Put your own email address here
$body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nMessage:\n $message";
$headers = 'From: SJB Projects website form <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email;
mail($emailTo, $subject, $body, $headers);
$emailSent = true;
}
else
{
echo 'CAPTHCA is not valid; ignore submission';
}
}
} else {
///message here if CAPTCHA is not set (via post)
}
}
?>
<?php if(isset($hasError)) { //If errors are found ?>
<p class="error">Please check if you've filled all the fields with valid information. Thank you.</p>
<?php } ?>
<?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?>
<p><strong>Email Successfully Sent!</strong></p>
<p>Thank you <strong><?php echo $name;?></strong> for contacting SJB Projects. Your email was successfully sent and we will be in touch with you soon.</p>
<?php } ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform">
<div>
<p>
<label for="name">Name</label><br />
<input type="text" name="name" value="" id="name" class="required">
</p>
</div>
<div>
<p>
<label for="email">Email</label><br />
<input type="text" name="email" value="" id="email" class="required">
</p>
</div>
<div>
<p>
<label for="subject">Subject</label><br />
<input type="text" name="subject" value="" id="subject" class="required">
</p>
</div>
<div style="margin-bottom:25px;">
<p>
<label for="message">Message</label><br />
<textarea rows="5" name="message" value="" id="message" class="required"></textarea>
</p>
</div>
<div style="margin-bottom:25px;">
<img src="captcha.php" alt="captcha image">
<p>
<label for="captcha">(antispam code, 3 black symbols)</label><br />
<input type="text" name="captcha" maxlength="3" id="captcha" class="required">
</p>
</div>
<input type="submit" value="Send Message" name="submit" />
</form>
I am a PHP newb. I have the following code for a web form. It works fine as is, but I would like to do the following:
Return the errors as an array (?) so I can display errors as individual lines under each input.
and
Disallow the form from being able to be submitted twice.
Any help would be greatly appreciated.
<form id="form1" method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
<fieldset>
<legend>Contact Me</legend>
<?php
if (isset($_POST['Submit'])) {
if ($_POST['firstname'] != "") {
$_POST['firstname'] = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
if ($_POST['firstname'] == "") {
$errors .= 'Please enter a valid first name.<br/><br/>';
}
} else {
$errors .= 'Please enter your first name.<br/>';
}
if ($_POST['lastname'] != "") {
$_POST['lastname'] = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
if ($_POST['lastname'] == "") {
$errors .= 'Please enter a valid last name.<br/><br/>';
}
} else {
$errors .= 'Please enter your last name.<br/>';
}
if ($_POST['email'] != "") {
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors .= "$email is <strong>NOT</strong> a valid email address.<br/><br/>";
}
} else {
$errors .= 'Please enter your email address.<br/>';
}
if ($_POST['message'] != "") {
$_POST['message'] = filter_var($_POST['message'], FILTER_SANITIZE_STRING);
if ($_POST['message'] == "") {
$errors .= 'Please enter a message to send.<br/>';
}
} else {
$errors .= 'Please enter a message to send.<br/>';
}
if (!$errors) {
$mail_to = '***#****.com';
$subject = 'New Mail from Web Site';
$message = 'From: ' . $_POST['firstname'] . " " . $_POST['lastname'] . "\n";
$message .= 'Email: ' . $_POST['email'] . "\n";
$message .= "Message:\n" . $_POST['message'] . "\n\n";
mail($mail_to, $subject, $message);
echo "<p>Thank you for your email!<br/><br/></p>";
} else {
echo '<div style="color: #00CC00">' . $errors . '<br/></div>';
}
}
?>
<label>First Name:</label>
<input type="text" name="firstname" value="<?php echo $_POST['firstname']; ?>" size="50" />
<label>Last Name:</label>
<input type="text" name="lastname" value="<?php echo $_POST['lastname']; ?>" size="50" />
<label>Email Address:</label>
<input type="text" name="email" value="<?php echo $_POST['email']; ?>" size="50"/>
<label>Message:</label>
<textarea name="message" rows="5" cols="50"><?php echo $_POST['message']; ?></textarea>
<br/>
<input type="submit" class="moveright" name="Submit" value="Submit" />
</fieldset>
</form>
You can use an array for the errors instead of concatenating them into one string. Then you can check for each error at the specified form input.
Sample error check
// instead of: $errors .= 'Please enter a message to send.<br/>';
if ($_POST['message'] == "")
$errors['message'] = 'Please enter a message to send.<br/>';
Sample error display
<label>Message:</label>
<?php if ($errors['message'] != "") echo $errors['message']; ?>
<textarea name="message" rows="5" cols="50"><?php echo $_POST['message']; ?></textarea>
Instead of appending each error to the string, do like the following:
$errors[] = 'error text';
EDIT: as the others have said, it's good practice to initialize the array before starting to set the values, like so: $errors = array();
As for the disallowing the form to be submitted twice, that needs javascript. Here's a link to help: http://www.webmasterworld.com/forum91/3781.htm
To make your errors into an array, initialize it before form processing as:
$errors = array();
if (isset($_POST['Submit'])) {
...
Each time you have an error, rather than concatenating it on with .=, use the [] array append syntax:
$errors[] = 'Please enter a message to send.';
To prevent the form from being submitted twice, we often use a variable in $_SESSION to indicate that it has been completed. On successful submission, set a $_SESSION['success'] flag. Don't forget also to initialize the session at the start of the script:
session_start();
$_SESSION['success'] = FALSE;
$errors = array();
// Only process the form if the session flag isn't set:
if (isset($_POST['Submit']) && !$_SESSION['success']) {
...
// Later, on success,
echo "<p>Thank you for your email!<br/><br/></p>";
// Set the flag to prevent resubmission.
$_SESSION['success'] = TRUE;