Thanks for the feedback. I am going to take this in baby steps.
First I would like to validate and provide the user feedback using the following:
Firstname, Lastname and Comments should not be less than 3 character, but when I used the following it did not work:
Code: Select all
if ( $firstname < 3) {
echo "Please enter your first name";
}
I tried to use preg_match for my regular expression but seemed not work either:
Code: Select all
elseif ( $email == "" ) {
echo "Please enter an email address";
}
elseif (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {
echo "Please enter a valid e-mail address";
}
Once I get that squared away then I am going to tackle mysql_real_escape_string and htmlentities (which by the way I got thoroughly confused).
Here is the full code:
Code: Select all
<?php require_once('connection.php'); ?>
<?php
$firstname = "$_POST[firstname]";
$lastname = "$_POST[lastname]";
$company = "$_POST[company]";
$email = "$_POST[email]";
$phone = "$_POST[phone]";
$project = "$_POST[project_type]";
$comments = "$_POST[comments]";
if ( $firstname < 3) {
echo "Please enter your first name";
} elseif ( $lastname < 3 ) {
echo "Please enter your last name";
}
elseif ( $email == "" ) {
echo "Please enter an email address";
}
elseif (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {
echo "Please enter a valid e-mail address";
}
elseif ( $comments == "" ) {
echo "Please enter your comment";
}
else {
mysql_select_db($database_connUser);
$sql="INSERT INTO custquote_db (id,firstname,lastname,company,email,phone,project_type,comments)
VALUES('','$firstname','$lastname','$company','$email','$phone','$project','$comments')";
if (!mysql_query($sql,$connUser))
{
die('Error: ' . mysql_error());
}
echo 'Thank you '.$firstname.'. Your request for a '.$project.' quote has been received. You will receive contact from us soon via e-mail at '.$email.' or by phone at '.$phone.'. If you are not contacted by us, please e-mail Mr. Haynes at mhaynes@xyz.com.';
}
?>
Thanks for any help.