Thanks very much for any advice.
Brian
Code: Select all
/* Test whether the POST array has been set and makes certain variables are initialzed with no content. */
$pattern = '/^\w[-.\w]*@([-a-z0-9]+\.)+[a-z]{2,4}$/i';
if ($_POST && array_key_exists('sendCom',$_POST)) {
$messagefname='';
$trimedfirst_name = $_POST['first_name'];
$messagelname='';
$trimedlast_name = $_POST['last_name'];
$messageaddress='';
$trimedaddress = $_POST['address'];
$messageemail='';
$email= $_POST['email'];
$nospam='';
/* trim checks to see if space bar has been used and if so send an error
strip_tags strips out any unwanted HTML */
// First Name Conditional Statement
if (!trim($trimedfirst_name) && !empty($_POST['first_name'])) {
$messagefname = '<b>Required!</b>';
}
if (isset($_POST['first_name']) && !empty($_POST['first_name'])) {
$f_name_message=trim(strip_tags($_POST['first_name']));
}else{
$messagefname = '<b>Required</b>';
}
// LastName Conditional Statement
if (!trim($trimedlast_name) && !empty($_POST['last_name'])) {
$messagelname = '<b>Required</b>!';
}
if (isset($_POST['last_name']) && !empty($_POST['last_name'])) {
$l_name_message=trim(strip_tags($_POST['last_name']));
} else {
$messagelname = '<b>Required</b>';
}
// Address Conditional Statement
if (!trim($trimedaddress) && !empty($_POST['address'])) {
$messageaddress = '<b>Required!</b>';
}
if (isset($_POST['address']) && !empty($_POST['address'])) {
$address_message=trim(strip_tags($_POST['address']));
}else{
$messageaddress = '<b>Required</b>';
}
// EmailConditional Statement
if (isset($_POST['email']) && !empty($_POST['email'])) {
}else{
$messageemail= '<b>Required</b>';
}
// Stop Robots spaming form
// Conditional check for empty fields
$spammed = trim(strtolower($_POST['StopSpam']));
if ($spammed ==='monday' && !empty($_POST['StopSpam'])) {
}else{
$nospam = '<b> Error: You must answer the question </b>';
}
if (empty($_POST['email'])) {// validation of email if inserted otherwise ignore
} else {
if (!preg_match($pattern,$email)) $error_email['invalid'] = 'ERROR! Your email address seems to be invalid. <br> It should be similar to the following: info@me.com';
}
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{ etc etc….
}
return $theValue;
}
// If no errors, send email and redirect to acknowledgment page
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
if (!$messagefname && !$messagelname)
if (!$messagefname && !$messageaddress)
if (!$messagefname && !$messageemail)
if (!$messagefname && !$error_email)
if (!$nomessage && !$nospam)
{
$insertSQL = sprintf("INSERT INTO paypal_support (),
Etc etc
/*strip new lines and carriage returns from any PHP string
to comabt recent attack on vunerable form headers */
$original = $_POST['email'];
function stripNewLines($original) {
return preg_replace('/\r|\n/', ' ', $original);
}
Send mail etc
}}?>