Unfortunately that made no difference. The form was still sent, although “product” was empty:
Could I post the whole form process to see if that makes things clearer (it’s a bit of a mess, I’m no PHP expert!)
<?php
// start form processing
if($_POST['submit']){
// form feedback and errors
$error = false;
// check for hidden field content
if (!empty($_POST['subject'])){
echo 'critical error';
exit(); // generic fail message and kill form process
}
// check input fields against blacklisted words and spam phrases
$badwords = array("adult", "beastial", "bestial", "blowjob", "clit", "cum", "cunilingus", "cunillingus", "cunnilingus", "cunt", "ejaculate", "fag", "felatio", "fellatio", "fuck", "fuk", "fuks", "gangbang", "gangbanged", "gangbangs", "hotsex", "hardcode", "jism", "jiz", "orgasim", "orgasims", "orgasm", "orgasms", "phonesex", "phuk", "phuq", "pussies", "pussy", "spunk", "xxx", "viagra", "phentermine", "tramadol", "adipex", "advai", "alprazolam", "ambien", "ambian", "amoxicillin", "antivert", "blackjack", "backgammon", "texas", "holdem", "poker", "carisoprodol", "ciara", "ciprofloxacin", "debt", "dating", "porn", "link=", "voyeur", "content-type", "bcc:", "cc:", "document.cookie", "onclick", "onload", "javascript", "http", "https", "www", "href", "script");
foreach ($badwords as $word)
if (
strpos(strtolower($_POST['name']), $word) !== false ||
strpos(strtolower($_POST['comments']), $word) !== false
)
{
echo $error = '<p class="error">Error Invalid content</p>';
exit(); // generic fail message and kill form process
}
// regex for input field validation
if (!preg_match('/^[a-zA-Z \' \. \, \" \: \; \? \- \!]*$/', $_POST['name'])){
$error = '<p class="error">Name error: only letters, punctuation and white space allowed</p>';
}
if (!preg_match('/^[a-zA-Z0-9 \' \. \, \" \: \; \? \- \!]*$/', $_POST['company'])){
$error = '<p class="error">Company error: only letters and white space allowed</p>';
}
if (!preg_match('/^[a-zA-Z0-9 \' \. \, \" \: \; \? \- \!]*$/', $_POST['comments'])){
$error = '<p class="error">Comments error: only letters and white space allowed</p>';
}
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
$error = '<p class="error">Invalid email format</p>';
}
if (!preg_match('/^[0-9 \- \+ \( \) ]*$/', $_POST['phone'])){
$error = '<p class="error">Phone error: only numbers and white space allowed</p>';
}
// capture IP and host detail of user
$show_ip_hostname = TRUE;
if ($show_ip_hostname) {
$show_ip_hostname .= 'IP: ' . $_SERVER['REMOTE_ADDR'] . "\n" . 'HOST: ' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . "\n";
}
// switch loop to handle distributor email allocation
$country = $_POST['country'];
switch($country) {
default :
$to = "";
break;
case "Argentina" :
$to = "";
break;
case "Austria" :
$to = "";
break;
}
// check submitted content for errors and validation on POST
$from = "From: \"".$_POST['name']."\" <".$_POST['email'].">";
$subject = "Website: Request for information - [$country]";
if (!empty($_POST['name'])){
$name = htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8');
}else{
$name = NULL;
echo '<p class="error">Missing required field: please enter your name!</p>';
}
$company = htmlentities($_POST['company'], ENT_QUOTES, 'UTF-8');
if (!empty($_POST['email'])){
$email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');
}else{
$email = NULL;
echo '<p class="error">Missing required field: please enter an email address!</p>';
}
$phone = htmlentities($_POST['phone'], ENT_QUOTES, 'UTF-8');
$comments = htmlentities($_POST['comments'], ENT_QUOTES, 'UTF-8');
$newsletter = htmlentities($_POST['mail-list'], ENT_QUOTES, 'UTF-8');
// checkbox validation - has the user selected a product?
//if (!empty($_POST['product'])){
if (isset($_POST['product'])){
$P = count($product);
$products = "";
for($i=0; $i < $P; $i++)
{
$products = $products . $product[$i];
if($i < $P -1)
$products = $products . (", ");
}
}else{
$product = NULL;
echo '<p class="error">Please select a product.</p>';
}
// checkbox validation - has the user selected a enquiry method?
if (!empty($_POST['requesting'])){
$requesting = ($_POST['requesting']);
$R = count($requesting);
$reqs = "";
for($i=0; $i < $R; $i++)
{
$reqs = $reqs . $requesting[$i];
if($i < $R -1)
$reqs = $reqs . (", ");
}
} else {
$requesting = $error;
echo '<p class="error">Please select a service.</p>';
}
// output and format message content to email
htmlentities($body = "
This message has been generated by the website in response to a customer enquiry for $country.\n\n
SALES ENQUIRY\n
Name: $name
Company: $company
Email: $email
Phone: $phone
Product: $products
Request: $reqs \n
Comments: $comments \n
Mailing List: $newsletter \n
IP: $show_ip_hostname \n
", ENT_QUOTES, 'UTF-8');
if(!$error){
echo "<p class='success' id='contactAction'>Your request has been submitted, a representative will contact you shortly.</p>";
mail($to, $subject, $body, $from );
} else {
echo "<p class='error' id='contactAction'>Your message has not been sent.. $error </p>";
echo "<p><a href='customerRequest2.php'>Try again?</a></p>";
}
}
// end form processing
?>