Cant Figure this one out?
Posted: Mon Jul 30, 2007 4:36 pm
I have a mailing list page that signs up a user, and puts them in our db.
The form is working just fine and it does save them to the db the problem is it also saves blank info, meaning if you hit the submit button with nothing filled out it will put a line in the db and send me an e-mail.
I don't know how it is doing this since the mail() line requires $process == 2, and I don't see the "thank you"
The form is working just fine and it does save them to the db the problem is it also saves blank info, meaning if you hit the submit button with nothing filled out it will put a line in the db and send me an e-mail.
I don't know how it is doing this since the mail() line requires $process == 2, and I don't see the "thank you"
Code: Select all
//Post form data
$process = pnVarCleanFromInput('process'); //used in form to tell what stage we are at
$name = pnVarCleanFromInput('name');
$barn = pnVarCleanFromInput('barn');
$address = pnVarCleanFromInput('address');
$city = pnVarCleanFromInput('city');
$state = pnVarCleanFromInput('state');
$zip = pnVarCleanFromInput('zip');
$email = pnVarCleanFromInput('email');
$phone = pnVarCleanFromInput('phone');
$fax = pnVarCleanFromInput('fax');
$pony_kids = pnVarCleanFromInput('pony_kids');
$horse_masters = pnVarCleanFromInput('horse_masters');
$schooling_shows = pnVarCleanFromInput('schooling_shows');
if (empty($process)) // the user has not submitted the form so show it to them
{
include 'mailing_list_form.php';
}
if($process == '1') // form was submitted
{
// set up error message if needed...
$error_msg='';
//Now lets do some input checking
if(trim("$name") == '' || strlen(trim("$name")) < 2)
{
$error_msg.="<li>Please enter a name.</li>";
$error_1 = ' class="formerror"'; // the space in front of the class="formerror" is required!
}
if(trim("$address") =='' || strlen(trim("$address")) < 6)
{
$error_msg.="<li>Please enter an address.</li>";
$error_2 = ' class="formerror"';
}
if(trim("$city") =='' || strlen(trim("$city")) < 4)
{
$error_msg.="<li>Please enter a city.</li>";
$error_3 = ' class="formerror"';
}
if(trim("$state") =='' || strlen(trim("$state")) != 2)
{
$error_msg.="<li>Please enter a state.</li>";
$error_4 = ' class="formerror"';
}
if(trim("$zip") =='' || strlen(trim("$zip")) < 5)
{
$error_msg.="<li>Please enter a zip code.</li>";
$error_5 = ' class="formerror"';
}
if (!empty($phone))
{
if(strlen(trim("$phone")) != 12)
{
$error_msg.="<li>Please enter a valid phone number, ex. 425-457-5555.</li>";
$error_6 = ' class="formerror"';
}
}
// see if an e-mail address was entered
if (!empty($email))
{
// now check if email is a valid address in this format username@domain.com
if(!ereg("[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]", "$email"))
{
$error_msg.="<li>Please enter a valid email address.</li>";
$error_7 = ' class="formerror"';
}
}
// validate the check boxes
if (!empty($schooling_shows))
{
if(trim("$schooling_shows") !='Yes')
{
$error_msg.="<li><h1>Stop Hacking our Form!</h1></li>";
}
}
if (!empty($pony_kids))
{
if(trim($pony_kids) !='Yes')
{
$error_msg.="<li><h1>Stop Hacking our Form!</h1></li>";
}
}
if (!empty($horse_masters))
{
if(trim("$horse_masters") !='Yes')
{
$error_msg.="<li><h1>Stop Hacking our Form!</h1></li>";
}
}
}
//***************************************************
// display error message if any, if not, proceed to other processing
//***************************************************
if($error_msg=='') // if there are no errors do this
{
// check to see if this person is in the DB
$query = "SELECT * FROM mailing_list
WHERE name='".pnVarPrepForStore($name)."'
AND address='".pnVarPrepForStore($address)."'";
$result = mysql_query($query);
$numrows = mysql_num_rows($result);
if($numrows == 0) // 0 means this person is NOT in the db
{
//This person is new insert them
mysql_query ("INSERT INTO mailing_list (name, address, city, state, zip, phone, fax,
email, schooling_shows, pony_kids, horse_masters, barn)
VALUES ('".pnVarPrepForStore($name)."',
'".pnVarPrepForStore($address)."',
'".pnVarPrepForStore($city)."',
'".pnVarPrepForStore($state)."',
'".pnVarPrepForStore($zip)."',
'".pnVarPrepForStore($phone)."',
'".pnVarPrepForStore($fax)."',
'".pnVarPrepForStore($email)."',
'".pnVarPrepForStore($schooling_shows)."',
'".pnVarPrepForStore($pony_kids)."',
'".pnVarPrepForStore($horse_masters)."',
'".pnVarPrepForStore($barn)."' )")
or die ("Error - Could not insert you into our system, please try again, if problem persists contact us.");
}else{
// they are already in the db so just update everything
$query = "UPDATE mailing_list
SET
name='".pnVarPrepForStore($name)."',
address='".pnVarPrepForStore($address)."',
city='".pnVarPrepForStore($city)."',
state='".pnVarPrepForStore($state)."',
zip='".pnVarPrepForStore($zip)."',
phone='".pnVarPrepForStore($phone)."',
fax='".pnVarPrepForStore($fax)."',
schooling_shows='".pnVarPrepForStore($schooling_shows)."',
pony_kids='".pnVarPrepForStore($pony_kids)."',
horse_masters='".pnVarPrepForStore($horse_masters)."',
barn='".pnVarPrepForStore($barn)."'
WHERE name='".pnVarPrepForStore($name)."'
AND address='".pnVarPrepForStore($address)."'";
$result = mysql_query($query)
or die ("Error - could not update information.");
}
// IMPORTANT LINE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$process = '2'; // allow us to go to the conformation page
} else {
//this is the error message if validation fails
// set $error_message_html... to be used in html
$error_message_html= '<div align="center">
<table border="0" cellpadding="10"style="border-collapse: collapse" width="600" id="table2"><tr class="formerror">
<td width="50" align="left"><img src="/images/error.gif" alt="ERROR!" width="48" height="48" /></td>
<td width="500" align="left"><h2>Please correct the following errors:</h2><ul>'.$error_msg.'</ul></td>
<td width="50" align="right"><img src="/images/error.gif" alt="ERROR!" width="48" height="48" /></td></tr>
</table></div><br />';
// display the form so they can make the corrections
include 'mailing_list_form.php';
}
if($process == '2') //form data should have been validated and saved at this point
{
echo'<h2>Thank you your information was submitted.</h2>';
// send an e-mail
$to = "me@myweb.com";
$subject = "Mailing List";
$body = "Please add $name to the maling list,\n\nThey are intrested in getting information on:\nPony Kids: $pony_kids\nHorsemasters: $horse_masters\nHorse Shows: $schooling_shows\n\nAddress:\n$name\n$address\n$city $state $zip\n\nPhon: $phone\nFax: $fax\n\nE-mail: $email";
mail($to, $subject, $body);
}