$_POST Var not showing up
Posted: Wed May 20, 2009 1:46 pm
Can't seem to make this work properly (file name is form.php referred to itself by <form>). The mail is sent and the file is written as long as I do not include the vars in the URL (Which, of course, does not suit my needs.)
Further in page these appear correctly (with URL VARS):
But when this form is submitted:
The notice is that the variables are undefined.
Code: Select all
<?php
// Clean incoming variables.
scrub_vars();
//get variables from URL
$AccountNumber = $_GET['AccountNumber'];
$AccountName = $_GET['AccountName'];
$ref = $_SERVER['HTTP_REFERER'];
$script = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'];
// Check for valid form submission
if( $_SERVER['REQUEST_METHOD'] == "POST" && $ref == $script ) {
// Set mail variables
$to = "user@email.org";
$subject = "form mail subject";
$headers = "From: contactform@" . $_SERVER["SERVER_NAME"] . "\n" .
"Reply-To: " . $_POST["email"] . "\n" .
"X-Mailer: PHP/" . phpversion();
$message = "A form has been filed on " . $_SERVER["SERVER_NAME"] . "\n" .
"\n" .
"Account Name: " . $_POST["$AccountName"] . "\n" .
"Account Number: " . $_POST["$AccountNumber"] . "\n" .
"Submitted By: " . $_POST["cert_FullName"] . "\n" .
"Thanks!";
mail($to,$subject,$message,$headers);
$f = fopen("_data/recert.csv","a");
fwrite($f,$_REQUEST["AccountNumber"].",".$_REQUEST["AccountName"].",".$_REQUEST["cert_FullName"]. "\n");
fclose($f);
$c = fopen("_data/cumulative_recert.csv","a");
fwrite($c,$_REQUEST["AccountNumber"].",".$_REQUEST["AccountName"].",".$_REQUEST["cert_FullName"]. "\n");
fclose($c);
} else {
$message = "";
}
// Function to prevent code injection
function scrub_vars() {
// Clear Get Variables
if (isset($_GET)){
foreach ($_GET as $getVarName=>$getVarValue) {
unset($getVarName);
}
}
// Clear Post Variables
function clearPost () {
if (isset($_POST)){
foreach ($_POST as $postVarName=>$postVarValue) {
unset($postVarName);
}
}
}
// Clean the request and get arrays.
cleanArray($_REQUEST);
cleanArray($_GET);
}
function cleanArray (&$Value) {
if(is_array($Value)) {
array_walk ($Value, 'cleanArray');
} else {
$Value = eregi_replace("['<'|'%3C'|'<'|'<']+script", "NOSCRIPT", $Value);
$Value = eregi_replace("['<'|'%3C'|'<'|'<']+\?", "NOPHP", $Value);
}
return;
}
?>
Code: Select all
<p class="paragraph">Blah blah text <b><?php echo "$AccountName"; ?></b>Blah blah text </p>
<p class="paragraph">Your Account Number is: <b><?php echo "$AccountNumber"; ?></b></p>Code: Select all
<form method="POST" action="form.php">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="50%" class="paragraph">Enter your Full Name:</td>
<td width="50%"> </td>
</tr>
<tr>
<td><label>
<input name="cert_FullName" type="text" id="cert_FullName" size="50" />
<input name="AccountNumber" type="hidden" value="<?php echo "$AccountNumber"; ?>" />
<input name="AccountName" type="hidden" value="<?php echo "$AccountName"; ?>" />
<input name="email" type="hidden" value="mail2@domain.com" />
</label></td>
<td><label>
<input name="PROCESS" type="submit" value="PROCESS"/>
</label></td>
</tr>
</table>
</form>