Page 1 of 1

how to create missing fields message for a form

Posted: Sun Feb 02, 2003 2:19 pm
by twistbrain
hi i have the following script:

<?php
if ($REQUEST_METHOD == "POST") {

$realname = strip_tags($realname);
$email = strip_tags($email);
$feedback = strip_tags($feedback);

$sendto = "jeroen_pfeil@hotmail.com";
$subject = "GroundX.nl Medewerkers Contact";
$message = "$realname, $email\n\n$feedback";

mail($sendto, $subject, $message);

}

?>

<html>
<head>
<title>contact</title>
<meta name="author" value="Jeroen Pfeil">
<meta name="contact">
</head>
<body bgcolor="#cccccc">
<div align="left">
<h2>Helpen op groundX.nl</h2>
<p><font size="2" face="Arial,Arial Narrow,Geneva,Swiss,SunSans-Regular">Wij zoeken naar medewerkers. Kun je overweg met phpp, html of grafische programma's en zou je best wel willen meehelpen aan deze site! stuur dan nu een berichtje!</font></p>
<font size="2" face="Courier New,Courier,Monaco">ps. voor re-previewers is het een pr&eacute; om over goede nederlandse taalbeheersing te beschikken.</font></div>
<p>
<hr size=1 noshade></p>

<?
// if submitted form display sent message
if ($REQUEST_METHOD=="POST") {
echo("<P><b>je hebt dit verzonden:</b></p>\n");
echo("<blockquote><pre>\n");
echo("$message");
echo("</pre></blockquote>");
echo("<p><b>HEEL GRAPPIG...kappen nou!</b></p>\n");
}
// if not display form
else {
?>
<!-- *** START HTML FORM -->
<form action="<? echo("$script_name"); ?>" METHOD="POST">
<table cellpadding=4 cellspacing=0 border=0>
<tr><td><b>Naam: </b></td><td><input type="text" name="realname" size=25></td></tr>
<tr><td><b>Email:</b></td><td><input type="text" name="email" size=25></td></tr>
<tr><td colspan=2><b>over jezelf:</b><br>
<textarea name="feedback" rows=4 cols=40 wrap=physical></textarea>
</td></tr>
<tr><td colspan=2 align=right><input type="submit" value="verstuur"></td></tr>
</table>
</form>
<!-- *** END HTML FORM -->

<? } ?>

i need to know how to add a protection against not-filled fields, so if a field is missing that the mail wont be send and a message appears for the sender.

Posted: Sun Feb 02, 2003 3:30 pm
by redcircle
if(!$realname) $error = 'Must enter realname<br>'."\n";
if(!$email) = $error.='Must enter email<br>'."\n";
if(!$feedback) = $error.='Cannot send blank message<br>'."\n";

if(isset($error)) echo $error;

Posted: Sun Feb 02, 2003 4:38 pm
by lazy_yogi
Just a note : with php4.2 and onwards, you need to change

Code: Select all

if(!$realname) $error = 'Must enter realname<br>'."\n";
to

Code: Select all

if(!$_POST&#1111;'realname']) $error = 'Must enter realname<br>'."\n";
and similar for the others.

Posted: Sun Feb 02, 2003 4:50 pm
by redcircle
that is only if register_globals is turned off.

Posted: Sun Feb 02, 2003 5:59 pm
by Little Spy
something i dont think a lot of php programers notice is that register_globals is enabled on 99% of webservers

Posted: Mon Feb 03, 2003 12:03 am
by Stoker
it is enabled on 99% of the servers because there are so many scripts out there that don't use superglobals at all..

The new superglobals was introduced in version 4.1.0 and by default register_globals turned off in version 4.2.0, All for the purpose of security, so many amateur and very insecure scripts out there..

So I think that any programmer should in fact think about it as being disabled, but still explicit assign any used variable in case it is not..
If you want to be backwards compatible (pre 4.1.0) you can use $HTML_POST_VARS and such for now, but eventually they may go away as well (version 5?).

Posted: Mon Feb 03, 2003 12:16 am
by redcircle
People should keep thier softwares updated so it shouldn't be a problem anyways.

Posted: Mon Feb 03, 2003 2:55 am
by twigletmac
lazy_yogi wrote:Just a note : with php4.2 and onwards, you need to change

Code: Select all

if(!$realname) $error = 'Must enter realname&lt;br&gt;'."\n";
to

Code: Select all

if(!$_POST&#1111;'realname']) $error = 'Must enter realname&lt;br&gt;'."\n";
and similar for the others.
Just want to add that if error reporting is at its highest level, both of these would give an error, for testing if a variable is set or empty (equal to zero or an empty string) it is much, much better to use functions such as isset() and empty() instead:

Code: Select all

if(!isset($_POST['realname'])) {
    $error = 'Must enter realname<br>'."\n";
}
or

Code: Select all

if(empty($_POST['realname'])) {
    $error = 'Must enter realname<br>'."\n";
}
depending on your needs.

Mac

Posted: Mon Feb 03, 2003 3:01 am
by twigletmac
Little Spy wrote:something i dont think a lot of php programers notice is that register_globals is enabled on 99% of webservers
which is all well and good although aside from the insecure script malarky (insecure scripts can be written using the superglobals too) there is the fact that register_globals is deprecated. This means that in later versions of PHP it will not be available and will in effect be permanently off so new scripts should definitely be written with that in mind and older scripts should be updated.

The other thing is that a lot of hosts are upgrading their versions of PHP and using the default settings so that register_globals is off - considering the increasing number of posts in this forum along the lines of 'host upgraded PHP now my scripts don't work', this is happening more frequently and a percentage of those are not going to turn it back on citing security concerns.

Mac