Page 1 of 1
Stop a script after a series of if, else if statements..
Posted: Tue Oct 08, 2013 11:03 pm
by penweb
I am very new PHP programmer and I am working on contact forms right now. I have a script that has a series of validations for each user input, i.e. FILTER_VALIDATE_EMAIL, and basic (empty($var) statements, etc. Anyhow, I noticed that sometimes when a validation fails it will still send out an email. I want to know where I can stop this script from running if validation fails until they resubmit the form..
Here is my code, go easy on me, I am new at this PHP thing..
Code: Select all
<?php
// Sanitize the data so its nice and clean..
function sanitize($data) {
$data = htmlspecialchars(strip_tags(trim($data)));
$search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
$data = preg_replace($search, '', $data);
return $data;
}
if(isset($_POST['submit'])){
$name = sanitize($_POST['name']);
$email = sanitize($_POST['email']);
$web = sanitize($_POST['web']);
$telephone = sanitize($_POST['telephone']);
$contact_option = sanitize($_POST['contact_option']);
$text = sanitize($_POST['text']);
if (empty($name)) {
$errors = '<p>Name is Required.</p>';
}
if (empty($email)) {
$errors .= '<p>Email is Required.</p>';
}
elseif (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
$errors .= '<p>Please Enter A Valid Email. i.e. myemail@somesite.com.</p>';
}
if (empty($telephone)) {
$errors .= '<p>Telephone Number is Required.</p>';
}
elseif (is_numeric($telephone) === FALSE) {
$errors .= '<p>Please Enter A Valid 10 or 11 Digit Number. i.e. 19072994025, no () or + or - please.</p>';
}
if (empty($contact_option)) {
$errors .= '<p>You Must Select a Contact Option.</p>';
}
if (empty($text)) {
$errors .= '<p>You Must Enter a Message.</p>';
}
// How do I stop the script here if validation fails??
else {
$msg = "Name: " . $name . "<br />";
$msg .= "Email: " . $email . "<br />";
$msg .= "Website: " . $web . "<br />";
$msg .= "Telephone: " . $telephone . "<br />";
$msg .= "Preferred Contact Method: " . $contact_option . "<br />";
$msg .= "Customer Needs: " . $text;
$recipient = "support@mysite.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$mailheaders .= "From: <support@mysite.com>" . "\r\n";
mail($recipient, $subject, $msg, $mailheaders);
$success = '<p>Thank you for your submission! We will get back to you soon and we have mailed you a copy of this form.</p>';
unset($name, $email, $web, $telephone, $contact_option, $text);
}}
?>
Re: Stop a script after a series of if, else if statements..
Posted: Wed Oct 09, 2013 1:40 am
by phptraining
I have made code correct use this...
never use empty() function .. user $title == ''..
empty() gets garbage value..
Code: Select all
<?php
// Sanitize the data so its nice and clean..
function sanitize($data) {
$data = htmlspecialchars(strip_tags(trim($data)));
$search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
$data = preg_replace($search, '', $data);
return $data;
}
if(isset($_POST['submit'])){
$name = sanitize($_POST['name']);
$email = sanitize($_POST['email']);
$web = sanitize($_POST['web']);
$telephone = sanitize($_POST['telephone']);
$contact_option = sanitize($_POST['contact_option']);
$text = sanitize($_POST['text']);
if ($name == '') {
$errors = '<p>Name is Required.</p>';
}
if ($email == '') {
$errors .= '<p>Email is Required.</p>';
}
if (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
$errors .= '<p>Please Enter A Valid Email. i.e. myemail@somesite.com.</p>';
}
if ($telephone == '') {
$errors .= '<p>Telephone Number is Required.</p>';
}
if (is_numeric($telephone) === FALSE) {
$errors .= '<p>Please Enter A Valid 10 or 11 Digit Number. i.e. 19072994025, no () or + or - please.</p>';
}
if ($contact_option == '') {
$errors .= '<p>You Must Select a Contact Option.</p>';
}
if ($text == '') {
$errors .= '<p>You Must Enter a Message.</p>';
}
// How do I stop the script here if validation fails??
else {
$msg = "Name: " . $name . "<br />";
$msg .= "Email: " . $email . "<br />";
$msg .= "Website: " . $web . "<br />";
$msg .= "Telephone: " . $telephone . "<br />";
$msg .= "Preferred Contact Method: " . $contact_option . "<br />";
$msg .= "Customer Needs: " . $text;
$recipient = "support@mysite.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$mailheaders .= "From: <support@mysite.com>" . "\r\n";
mail($recipient, $subject, $msg, $mailheaders);
$success = '<p>Thank you for your submission! We will get back to you soon and we have mailed you a copy of this form.</p>';
unset($name, $email, $web, $telephone, $contact_option, $text);
}}
?>
Re: Stop a script after a series of if, else if statements..
Posted: Wed Oct 09, 2013 6:52 am
by Celauran
phptraining wrote:I have made code correct use this...
never use empty() function .. user $title == ''..
empty() gets garbage value..
Absolute nonsense. The problem is that the only condition for sending your message is that $text not be empty. This would likely have been more apparent had proper indentation been used.
Code: Select all
<?php
// Sanitize the data so its nice and clean..
function sanitize($data) {
$data = htmlspecialchars(strip_tags(trim($data)));
$search = array('/[^A-Za-z0-9\. -\!\?\(\)\<\>\@]/');
$data = preg_replace($search, '', $data);
return $data;
}
$errors = '';
if(isset($_POST['submit'])) {
$name = isset($_POST['name']) ? sanitize($_POST['name']) : '';
$email = isset($_POST['email']) ? sanitize($_POST['email']) : '';
$web = isset($_POST['web']) ? sanitize($_POST['web']) : '';
$telephone = isset($_POST['telephone']) ? sanitize($_POST['telephone']) : '';
$contact_option = isset($_POST['contact_option']) ? sanitize($_POST['contact_option']) : '';
$text = isset($_POST['text']) ? sanitize($_POST['text']) : '';
if (empty($name)) {
$errors = '<p>Name is Required.</p>';
}
if (empty($email)) {
$errors .= '<p>Email is Required.</p>';
}
elseif (filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
$errors .= '<p>Please Enter A Valid Email. i.e. myemail@somesite.com.</p>';
}
if (empty($telephone)) {
$errors .= '<p>Telephone Number is Required.</p>';
}
elseif (is_numeric($telephone) === FALSE) {
$errors .= '<p>Please Enter A Valid 10 or 11 Digit Number. i.e. 19072994025, no () or + or - please.</p>';
}
if (empty($contact_option)) {
$errors .= '<p>You Must Select a Contact Option.</p>';
}
if (empty($text)) {
$errors .= '<p>You Must Enter a Message.</p>';
}
}
// How do I stop the script here if validation fails??
if (isset($_POST['submit']) && empty($errors)) {
$msg = "Name: " . $name . "<br />";
$msg .= "Email: " . $email . "<br />";
$msg .= "Website: " . $web . "<br />";
$msg .= "Telephone: " . $telephone . "<br />";
$msg .= "Preferred Contact Method: " . $contact_option . "<br />";
$msg .= "Customer Needs: " . $text;
$recipient = "support@mysite.com";
$subject = "Contact Has Been Made..";
$mailheaders = "MIME-Version: 1.0" . "\r\n";
$mailheaders .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$mailheaders .= "From: <support@mysite.com>" . "\r\n";
$mail_sent = mail($recipient, $subject, $msg, $mailheaders);
if ($mail_sent) {
$success = '<p>Thank you for your submission! We will get back to you soon and we have mailed you a copy of this form.</p>';
} else {
$errors = "Mail could not be sent. Please try again later.";
}
unset($name, $email, $web, $telephone, $contact_option, $text);
}
Re: Stop a script after a series of if, else if statements..
Posted: Wed Oct 09, 2013 11:53 am
by penweb
Celauran wrote:
Absolute nonsense. The problem is that the only condition for sending your message is that $text not be empty. This would likely have been more apparent had proper indentation been used.
What you provided makes sense, I will try this out later today and let you know how it worked out. From the looks of it, it appears solid and more thorough. Thank you.
Re: Stop a script after a series of if, else if statements..
Posted: Wed Oct 09, 2013 12:23 pm
by penweb
The only thing I found wrong with it, is, if a person fills out the fields and gets one of them wrong, the $text field is cleared out and the $contact_option is cleared out. The rest of the fields retain the data right or wrong until the validation clears.
$contact_option is a radio input
$text is a textarea input
Here is the HTML behind these two and maybe that is my issue.
Code: Select all
<p class="question">
Preferred Contact Method <span class="required">*</span>
</p>
<p id="preferred_question">
<input type="radio" name="contact_option" class="telephone_opt" value="Telephone" />
<label for="telephone_opt">Telephone</label>
<br />
<input type="radio" name="contact_option" class="email_opt" value="Email" />
<label for="email_opt">Email</label>
</p>
<p class="question">
Message To Us <span class="required">*</span>
</p>
<p class="text">
<textarea name="text" value="<?php echo $text; ?>"></textarea>
</p>
I would just hate for someone to fill out a long detailed description of what they need and if they got their telephone number wrong before they pressed submit, then it cleared out all they typed. That would be frustrating..
Re: Stop a script after a series of if, else if statements..
Posted: Wed Oct 09, 2013 12:36 pm
by Celauran
Code: Select all
<input type="radio" name="contact_option" value="Telephone" <?= $_POST['contact_option'] == 'Telephone' ? 'checked="checked"' : ''; ?>>Telephone
<input type="radio" name="contact_option" value="Email" <?= $_POST['contact_option'] == 'Email' ? 'checked="checked"' : ''; ?>>Email
<textarea name="text"><?= $_POST['text']; ?></textarea>
Re: Stop a script after a series of if, else if statements..
Posted: Wed Oct 09, 2013 1:11 pm
by penweb
Doing it via $_POST allows them to insert script tags. The radio input script you provided is spot on and I dont see how they could post <script> tags inside of a radio element so I kept that there.
I instead only changed one thing here:
<textarea name="text"><?= $_POST['text'}; ?></textarea>
to
<textarea name="text"><$php echo $text;?></textarea>
Doing it with an echo allows the sanitize function to run and it will strip out <script> tags...
It is keeping their text, unless its script etc, or stuff I want out using the validate function..
It is now working like I want it to and havent been able to find any loopholes yet...thanks Celauran I wish I could give you a + rep or something..