Stop a script after a series of if, else if statements..

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
penweb
Forum Newbie
Posts: 7
Joined: Mon Oct 07, 2013 12:32 pm

Stop a script after a series of if, else if statements..

Post by penweb »

I am very new PHP programmer and I am working on contact forms right now. I have a script that has a series of validations for each user input, i.e. FILTER_VALIDATE_EMAIL, and basic (empty($var) statements, etc. Anyhow, I noticed that sometimes when a validation fails it will still send out an email. I want to know where I can stop this script from running if validation fails until they resubmit the form..

Here is my code, go easy on me, I am new at this PHP thing..

Code: Select all

<?php

// Sanitize the data so its nice and clean..
	
function sanitize($data) {
	$data = htmlspecialchars(strip_tags(trim($data)));
	$search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
	$data = preg_replace($search, '', $data);
	return $data;
}

if(isset($_POST['submit'])){

$name = sanitize($_POST['name']);
$email = sanitize($_POST['email']);
$web = sanitize($_POST['web']);
$telephone = sanitize($_POST['telephone']);
$contact_option = sanitize($_POST['contact_option']);
$text = sanitize($_POST['text']);

if (empty($name)) {
	$errors = '<p>Name is Required.</p>';
}

if (empty($email)) {
	$errors .= '<p>Email is Required.</p>';
}

elseif (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
	$errors .= '<p>Please Enter A Valid Email. i.e. myemail@somesite.com.</p>';
}

if (empty($telephone)) {
	$errors .= '<p>Telephone Number is Required.</p>';
}

elseif (is_numeric($telephone) === FALSE) {
	$errors .= '<p>Please Enter A Valid 10 or 11 Digit Number. i.e. 19072994025, no () or + or - please.</p>';
}

if (empty($contact_option)) {
	$errors .= '<p>You Must Select a Contact Option.</p>';
}

if (empty($text)) {
	$errors .= '<p>You Must Enter a Message.</p>';
}

// How do I stop the script here if validation fails??

else {

$msg = "Name: " . $name . "<br />";
$msg .= "Email: " . $email . "<br />";
$msg .= "Website: " . $web . "<br />";
$msg .= "Telephone: " . $telephone . "<br />";
$msg .= "Preferred Contact Method: " . $contact_option . "<br />";
$msg .= "Customer Needs: " . $text;

$recipient = "support@mysite.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$mailheaders .= "From: <support@mysite.com>" . "\r\n";
mail($recipient, $subject, $msg, $mailheaders);

$success = '<p>Thank you for your submission! We will get back to you soon and we have mailed you a copy of this form.</p>';
unset($name, $email, $web, $telephone, $contact_option, $text);

}}
?>
phptraining
Forum Newbie
Posts: 1
Joined: Wed Oct 09, 2013 1:27 am

Re: Stop a script after a series of if, else if statements..

Post by phptraining »

I have made code correct use this...
never use empty() function .. user $title == ''..

empty() gets garbage value..

Code: Select all

<?php

// Sanitize the data so its nice and clean..
        
function sanitize($data) {
        $data = htmlspecialchars(strip_tags(trim($data)));
        $search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
        $data = preg_replace($search, '', $data);
        return $data;
}

if(isset($_POST['submit'])){

$name = sanitize($_POST['name']);
$email = sanitize($_POST['email']);
$web = sanitize($_POST['web']);
$telephone = sanitize($_POST['telephone']);
$contact_option = sanitize($_POST['contact_option']);
$text = sanitize($_POST['text']);

if ($name == '') {
        $errors = '<p>Name is Required.</p>';
}

if ($email == '') {
        $errors .= '<p>Email is Required.</p>';
}

if (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
        $errors .= '<p>Please Enter A Valid Email. i.e. myemail@somesite.com.</p>';
}

if ($telephone == '') {
        $errors .= '<p>Telephone Number is Required.</p>';
}

if (is_numeric($telephone) === FALSE) {
        $errors .= '<p>Please Enter A Valid 10 or 11 Digit Number. i.e. 19072994025, no () or + or - please.</p>';
}

if ($contact_option == '') {
        $errors .= '<p>You Must Select a Contact Option.</p>';
}

if ($text == '') {
        $errors .= '<p>You Must Enter a Message.</p>';
}

// How do I stop the script here if validation fails??

else {

$msg = "Name: " . $name . "<br />";
$msg .= "Email: " . $email . "<br />";
$msg .= "Website: " . $web . "<br />";
$msg .= "Telephone: " . $telephone . "<br />";
$msg .= "Preferred Contact Method: " . $contact_option . "<br />";
$msg .= "Customer Needs: " . $text;

$recipient = "support@mysite.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$mailheaders .= "From: <support@mysite.com>" . "\r\n";
mail($recipient, $subject, $msg, $mailheaders);

$success = '<p>Thank you for your submission! We will get back to you soon and we have mailed you a copy of this form.</p>';
unset($name, $email, $web, $telephone, $contact_option, $text);

}}
?>
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Stop a script after a series of if, else if statements..

Post by Celauran »

phptraining wrote:I have made code correct use this...
never use empty() function .. user $title == ''..

empty() gets garbage value..
Absolute nonsense. The problem is that the only condition for sending your message is that $text not be empty. This would likely have been more apparent had proper indentation been used.

Code: Select all

<?php

// Sanitize the data so its nice and clean..
       
function sanitize($data) {
        $data = htmlspecialchars(strip_tags(trim($data)));
        $search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
        $data = preg_replace($search, '', $data);
        return $data;
}

$errors = '';
if(isset($_POST['submit'])) {

	$name           = isset($_POST['name']) ? sanitize($_POST['name']) : '';
	$email          = isset($_POST['email']) ? sanitize($_POST['email']) : '';
	$web            = isset($_POST['web']) ? sanitize($_POST['web']) : '';
	$telephone      = isset($_POST['telephone']) ? sanitize($_POST['telephone']) : '';
	$contact_option = isset($_POST['contact_option']) ? sanitize($_POST['contact_option']) : '';
	$text           = isset($_POST['text']) ? sanitize($_POST['text']) : '';

	if (empty($name)) {
			$errors = '<p>Name is Required.</p>';
	}

	if (empty($email)) {
			$errors .= '<p>Email is Required.</p>';
	}

	elseif (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
			$errors .= '<p>Please Enter A Valid Email. i.e. myemail@somesite.com.</p>';
	}

	if (empty($telephone)) {
			$errors .= '<p>Telephone Number is Required.</p>';
	}

	elseif (is_numeric($telephone) === FALSE) {
			$errors .= '<p>Please Enter A Valid 10 or 11 Digit Number. i.e. 19072994025, no () or + or - please.</p>';
	}

	if (empty($contact_option)) {
			$errors .= '<p>You Must Select a Contact Option.</p>';
	}

	if (empty($text)) {
			$errors .= '<p>You Must Enter a Message.</p>';
	}
}
// How do I stop the script here if validation fails??

if (isset($_POST['submit']) && empty($errors)) {

	$msg  = "Name: " . $name . "<br />";
	$msg .= "Email: " . $email . "<br />";
	$msg .= "Website: " . $web . "<br />";
	$msg .= "Telephone: " . $telephone . "<br />";
	$msg .= "Preferred Contact Method: " . $contact_option . "<br />";
	$msg .= "Customer Needs: " . $text;

	$recipient    = "support@mysite.com";
	$subject      = "Contact Has Been Made..";
	$mailheaders  = "MIME-Version: 1.0" . "\r\n";
	$mailheaders .= "Content-type:text/html;charset=UTF-8" . "\r\n";
	$mailheaders .= "From: <support@mysite.com>" . "\r\n";
	
	$mail_sent = mail($recipient, $subject, $msg, $mailheaders);

	if ($mail_sent) {
		$success = '<p>Thank you for your submission! We will get back to you soon and we have mailed you a copy of this form.</p>';
	} else {
		$errors = "Mail could not be sent. Please try again later.";
	}
	unset($name, $email, $web, $telephone, $contact_option, $text);

}
User avatar
penweb
Forum Newbie
Posts: 7
Joined: Mon Oct 07, 2013 12:32 pm

Re: Stop a script after a series of if, else if statements..

Post by penweb »

Celauran wrote: Absolute nonsense. The problem is that the only condition for sending your message is that $text not be empty. This would likely have been more apparent had proper indentation been used.
What you provided makes sense, I will try this out later today and let you know how it worked out. From the looks of it, it appears solid and more thorough. Thank you.
User avatar
penweb
Forum Newbie
Posts: 7
Joined: Mon Oct 07, 2013 12:32 pm

Re: Stop a script after a series of if, else if statements..

Post by penweb »

The only thing I found wrong with it, is, if a person fills out the fields and gets one of them wrong, the $text field is cleared out and the $contact_option is cleared out. The rest of the fields retain the data right or wrong until the validation clears.

$contact_option is a radio input
$text is a textarea input

Here is the HTML behind these two and maybe that is my issue.

Code: Select all

<p class="question">
Preferred Contact Method&nbsp<span class="required">*</span>
</p>
<p id="preferred_question">
<input type="radio" name="contact_option" class="telephone_opt" value="Telephone" />
<label for="telephone_opt">Telephone</label>
<br />

<input type="radio" name="contact_option" class="email_opt" value="Email" />
<label for="email_opt">Email</label>
</p>

<p class="question">
Message To Us&nbsp<span class="required">*</span>
</p>
<p class="text">
<textarea name="text" value="<?php echo $text; ?>"></textarea>
</p>
I would just hate for someone to fill out a long detailed description of what they need and if they got their telephone number wrong before they pressed submit, then it cleared out all they typed. That would be frustrating..
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Stop a script after a series of if, else if statements..

Post by Celauran »

Code: Select all

	<input type="radio" name="contact_option" value="Telephone" <?= $_POST['contact_option'] == 'Telephone' ? 'checked="checked"' : ''; ?>>Telephone
	<input type="radio" name="contact_option" value="Email" <?= $_POST['contact_option'] == 'Email' ? 'checked="checked"' : ''; ?>>Email
	<textarea name="text"><?= $_POST['text']; ?></textarea>
User avatar
penweb
Forum Newbie
Posts: 7
Joined: Mon Oct 07, 2013 12:32 pm

Re: Stop a script after a series of if, else if statements..

Post by penweb »

Doing it via $_POST allows them to insert script tags. The radio input script you provided is spot on and I dont see how they could post <script> tags inside of a radio element so I kept that there.
I instead only changed one thing here:

<textarea name="text"><?= $_POST['text'}; ?></textarea>

to

<textarea name="text"><$php echo $text;?></textarea>

Doing it with an echo allows the sanitize function to run and it will strip out <script> tags...

It is keeping their text, unless its script etc, or stuff I want out using the validate function..

It is now working like I want it to and havent been able to find any loopholes yet...thanks Celauran I wish I could give you a + rep or something..
Post Reply