Maybe some of you can take a look at the code I came up with (I tried really hard to keep it simple):
Code: Select all
<?php
require_once('Validate.php');
// Include file to strip quotes if needed
// require_once('MagicQuotes/strip_quotes.php');
$errors = array('name'=>'','email'=>'','message'=>''); // Initialize errors array
$ok = false;
if (isset ($_POST['submit'])) { // If the form is submitted...
$ok = true;
$name_options = array('format'=>VALIDATE_ALPHA.VALIDATE_SPACE,'min_length'=>3);
$message_options = array('min_length'=>3);
if (!Validate::string($_POST['name'],$name_options)) {
$errors['name']=' class="error"';
$ok = false;
}
if (!Validate::email($_POST['email'])) {
$errors['email']=' class="error"';
$ok = false;
}
if (!Validate::string($_POST['message'],$message_options)) {
$errors['message']=' class="error"';
$ok = false;
}
}
if ($ok) {
mail('myemail@gmail.com', 'Test', $_POST['message']);
echo "<b>Thanks for your message!</b>";
}
else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Form</title>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>
<form method="post">
<div>
<label<?php echo ($errors['name']); ?>>Name:</label>
<span><input type="text" name="name" value="<?php echo(@$_POST['name']);?>"></span>
</div>
<div>
<label<?php echo ($errors['email']); ?>>Email:</label>
<span><input type="text" name="email" value="<?php echo(@$_POST['email']);?>"></span>
</div>
<div>
<label<?php echo ($errors['message']); ?>>Message:</label>
<span><input type="text" name="message" value="<?php echo(@$_POST['message']);?>"></span>
</div>
<div>
<span><input type="submit" name="submit" value="send"></span>
</div>
</form>
<?php
}
?>
</body>
</html>
The code seems to work ok, but is it really safe? How could it be further improved? Thanks for any feedback...