PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am very new PHP programmer and I am working on contact forms right now. I have a script that has a series of validations for each user input, i.e. FILTER_VALIDATE_EMAIL, and basic (empty($var) statements, etc. Anyhow, I noticed that sometimes when a validation fails it will still send out an email. I want to know where I can stop this script from running if validation fails until they resubmit the form..
Here is my code, go easy on me, I am new at this PHP thing..
<?php
// Sanitize the data so its nice and clean..
function sanitize($data) {
$data = htmlspecialchars(strip_tags(trim($data)));
$search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
$data = preg_replace($search, '', $data);
return $data;
}
if(isset($_POST['submit'])){
$name = sanitize($_POST['name']);
$email = sanitize($_POST['email']);
$web = sanitize($_POST['web']);
$telephone = sanitize($_POST['telephone']);
$contact_option = sanitize($_POST['contact_option']);
$text = sanitize($_POST['text']);
if (empty($name)) {
$errors = '<p>Name is Required.</p>';
}
if (empty($email)) {
$errors .= '<p>Email is Required.</p>';
}
elseif (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
$errors .= '<p>Please Enter A Valid Email. i.e. myemail@somesite.com.</p>';
}
if (empty($telephone)) {
$errors .= '<p>Telephone Number is Required.</p>';
}
elseif (is_numeric($telephone) === FALSE) {
$errors .= '<p>Please Enter A Valid 10 or 11 Digit Number. i.e. 19072994025, no () or + or - please.</p>';
}
if (empty($contact_option)) {
$errors .= '<p>You Must Select a Contact Option.</p>';
}
if (empty($text)) {
$errors .= '<p>You Must Enter a Message.</p>';
}
// How do I stop the script here if validation fails??
else {
$msg = "Name: " . $name . "<br />";
$msg .= "Email: " . $email . "<br />";
$msg .= "Website: " . $web . "<br />";
$msg .= "Telephone: " . $telephone . "<br />";
$msg .= "Preferred Contact Method: " . $contact_option . "<br />";
$msg .= "Customer Needs: " . $text;
$recipient = "support@mysite.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$mailheaders .= "From: <support@mysite.com>" . "\r\n";
mail($recipient, $subject, $msg, $mailheaders);
$success = '<p>Thank you for your submission! We will get back to you soon and we have mailed you a copy of this form.</p>';
unset($name, $email, $web, $telephone, $contact_option, $text);
}}
?>
<?php
// Sanitize the data so its nice and clean..
function sanitize($data) {
$data = htmlspecialchars(strip_tags(trim($data)));
$search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
$data = preg_replace($search, '', $data);
return $data;
}
if(isset($_POST['submit'])){
$name = sanitize($_POST['name']);
$email = sanitize($_POST['email']);
$web = sanitize($_POST['web']);
$telephone = sanitize($_POST['telephone']);
$contact_option = sanitize($_POST['contact_option']);
$text = sanitize($_POST['text']);
if ($name == '') {
$errors = '<p>Name is Required.</p>';
}
if ($email == '') {
$errors .= '<p>Email is Required.</p>';
}
if (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
$errors .= '<p>Please Enter A Valid Email. i.e. myemail@somesite.com.</p>';
}
if ($telephone == '') {
$errors .= '<p>Telephone Number is Required.</p>';
}
if (is_numeric($telephone) === FALSE) {
$errors .= '<p>Please Enter A Valid 10 or 11 Digit Number. i.e. 19072994025, no () or + or - please.</p>';
}
if ($contact_option == '') {
$errors .= '<p>You Must Select a Contact Option.</p>';
}
if ($text == '') {
$errors .= '<p>You Must Enter a Message.</p>';
}
// How do I stop the script here if validation fails??
else {
$msg = "Name: " . $name . "<br />";
$msg .= "Email: " . $email . "<br />";
$msg .= "Website: " . $web . "<br />";
$msg .= "Telephone: " . $telephone . "<br />";
$msg .= "Preferred Contact Method: " . $contact_option . "<br />";
$msg .= "Customer Needs: " . $text;
$recipient = "support@mysite.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$mailheaders .= "From: <support@mysite.com>" . "\r\n";
mail($recipient, $subject, $msg, $mailheaders);
$success = '<p>Thank you for your submission! We will get back to you soon and we have mailed you a copy of this form.</p>';
unset($name, $email, $web, $telephone, $contact_option, $text);
}}
?>
phptraining wrote:I have made code correct use this...
never use empty() function .. user $title == ''..
empty() gets garbage value..
Absolute nonsense. The problem is that the only condition for sending your message is that $text not be empty. This would likely have been more apparent had proper indentation been used.
Celauran wrote:
Absolute nonsense. The problem is that the only condition for sending your message is that $text not be empty. This would likely have been more apparent had proper indentation been used.
What you provided makes sense, I will try this out later today and let you know how it worked out. From the looks of it, it appears solid and more thorough. Thank you.
The only thing I found wrong with it, is, if a person fills out the fields and gets one of them wrong, the $text field is cleared out and the $contact_option is cleared out. The rest of the fields retain the data right or wrong until the validation clears.
$contact_option is a radio input
$text is a textarea input
Here is the HTML behind these two and maybe that is my issue.
I would just hate for someone to fill out a long detailed description of what they need and if they got their telephone number wrong before they pressed submit, then it cleared out all they typed. That would be frustrating..
Doing it via $_POST allows them to insert script tags. The radio input script you provided is spot on and I dont see how they could post <script> tags inside of a radio element so I kept that there.
I instead only changed one thing here: