Page 1 of 1

This Sticky Form tutorial doesn't work

Posted: Thu Feb 08, 2007 2:43 am
by SoreE yes
I got this tutorial off the web from http://www.weberdev.com/ViewArticle-67.html, but when I run it, it give these errors:
  • Notice: Undefined variable: sender_name in c:\appserv\www\giftwaremarketing-uptodatalinks\rubbish2.php on line 15

    Notice: Undefined variable: sender_email in c:\appserv\www\giftwaremarketing-uptodatalinks\rubbish2.php on line 19

    Notice: Undefined variable: message in c:\appserv\www\giftwaremarketing-uptodatalinks\rubbish2.php on line 26

    Notice: Undefined variable: op in c:\appserv\www\giftwaremarketing-uptodatalinks\rubbish2.php on line 35
The errors are what you would expect from looking at the code. Problem is, this script, without errors, is just the ticket for me. Is the jigsaw piece that is missing from the code or my brain?

Code: Select all

<HTML> 
<HEAD> 
<TITLE>Feedback</TITLE> 
</HEAD> 
<BODY> 

<? 

$form_block = " 

<FORM method=\"POST\" action=\"$PHP_SELF\"> 

<P>Your Name:<br> 
<INPUT type=\"text\" name=\"sender_name\" 
value=\"$sender_name\" size=30></p> 

<P>Your E-Mail Address:<br> 
<INPUT type=\"text\" name=\"sender_email\" 
value=\"$sender_email\" size=30></p> 

<P>Your Message:<br> 
<textarea name=\"message\" cols=30 
rows=5>$message</textarea> 
</p> 

<INPUT type=\"hidden\" name=\"op\" value=\"ds\"> 


<P><INPUT type=\"submit\" value=\"Send This Form\"></p> 

</FORM> 

"; 

if ($op != "ds") { 

// they need to see the form 

echo "$form_block"; 

} else if ($op == "ds") { 

// check each required field and create an error message. 
// if any of the required fields are blank, set $send to 0. 

if ($sender_name == "") { 

$name_err = " 
<font color=red>Please enter your name!</font><br> 
"; 
$send = 0; 

} 

if ($sender_email == "") { 

$email_err = " 
<font color=red>Please enter your e-mail address!</font><br> 
"; 
$send = 0; 

} 

if ($message == "") { 

$message_err = " 
<font color=red>Please enter a message!</font><br> 
"; 
$send = 0; 

} 



// now do something depending value of $send 

if ($send != "0") { 

$headers = "From: \"$sender_name\" <$sender_email>\n"; 
mail("you@yourdomain.com", "Feedback", $message, $headers); 
echo "<P>Mail sent!</p>"; 

} else if ($send == "0") { 

echo "$name_err"; 
echo "$email_err"; 
echo "$message_err"; 
echo "$form_block"; 

} 


} 

?> 

</BODY> 
</HTML> [php][/php]

Posted: Thu Feb 08, 2007 3:02 am
by CoderGoblin
The problem is the code relies on a setting called register_globals that used to default to on (PHP 4) but now defaults to off and is going to be removed in future for security reasons.

Instead of

Code: Select all

if ($op == "ds") {
try

Code: Select all

if ((!empty($_POST['op'])) && ($_POST['op']=='ds')) {
if the form is being sent as a POST (the forms method) or

Code: Select all

if ((!empty($_GET['op'])) && ($_GET['op']=='ds')) {
if sent as a GET.

Always remember the saying... NEVER TRUST USER INPUT !

Posted: Thu Feb 08, 2007 3:11 am
by Christopher
You could also do something like:

Code: Select all

$op = isset($_POST['op']) ? $_POST['op'] : '';
if ($op != "ds") {

No joy.

Posted: Thu Feb 08, 2007 3:57 am
by SoreE yes
Thank you both, but it didn't work. Perhaps I need to turn something on, on my installed version of php. Could you run it on your computer; it's just the one page to see if it works. Thanks.

Posted: Thu Feb 08, 2007 4:26 am
by Mordred
Forget this tutorial, it is outdated and teaches bad practices.

Posted: Thu Feb 08, 2007 9:30 am
by feyd
Mordred wrote:Forget this tutorial, it is outdated and teaches bad practices.
I must agree.