Form validation 2 errors


#1

Hi Sitepointer

Been awhile Since I posted here, Anyway I got back into the web design and improved my HTML and CSS coding but just as before I get stuck at a PHP error when dealing with PHP forms control and validations

Ive added comments on the PHP to show you what is really happening but the issue lies in the old function which w3school uses,

<?php

		if ($_SERVER["REQUEST_METHOD"] == "POST") {
			function test_input($data) {
			  $data = trim($data);
			  $data = stripslashes($data);
			  $data = htmlspecialchars($data);
			  return $data;
			}
		
		if (empty($_POST["name"])) {
		//checks for empty fields
			$firstname = "Please Insert Name";
			$num1 = 0;
			$name = "";
		} else {
			//checks if the input contains other characters
			if ( !preg_match ("/^[a-zA-Z\s]+$/",$_POST['name'])) {
				$firstname = "Must only contain letters!";
				$name = "";
				$num1 = 0;
			}else{
				$name = test_input($_POST['name']);
				$num1 = 1;
			}
		}
		//checks for empty fields
		if (empty($_POST["srname"])) {
			$lastname = "Please Insert Surname";
			$num2 = 0;
			$srn = "";
		} else {
			//checks if the input contains other characters
			if ( !preg_match ("/^[a-zA-Z\s]+$/",$_POST['srname'])) {
				$lastname = "Must only contain letters!";
				$srn = "";
				$num2 = 0;
			}else{
				$srn = test_input($_POST['srname']);
				$num2 = 1;
			}
		}
		//checks for empty fields
		if (empty($_POST["email"])) {
				$email = "Please insert Email Address"; 
				
				$num3 = 0;
		}else{	
			if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
			//checks if the input format is correct
				$email = "Please use valid email format"; 
				$send = "";
				$num3 = 0;
			}else{
				$send = "";
				$email = $_POST['email']; 
				$num3 = 1;
			
			}
		}
		
		//checks for empty fields
		if(empty($_POST['msg'])){
			 $textfield = "Please Insert Message";
			 $num4 = 0;
			 $msg = "";
		}else{
			$msg = test_input($_POST['msg']);
			$num4 = 1;
			$textfield = "";
		}
		//checks for attachments
		if(isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != ""){
			$file = "attachment/" . basename($_FILES['attachment']['name']);
			move_uploaded_file($_FILES['attachment']['tmp_name'], $file);
		}else{
			$file = "";
		}
			
		//checks if all fields return true
		if($num1 + $num2 + $num3 + $num4 = 4){
			$yes = "";
			include_once "PHPMailer.php";
			include_once "Exception.php";
			
			//creates an instance of email
			$send = new PHPMailer\PHPMailer\PHPMailer();
			$send->addAddress('XXXX@gmail.com','Nathan');
			$send->setFrom($send);
			$send->Subject = "My Website Form";
			$send->Body = $msg;
			$send->addAttachment($file);
			
			//checks if sent and than empty fields to avoid resubmits
			if($send->send()){
				$yes = "Your Email was Successful, Thank You!";
				$firstname = "First Name";
				$lastname = "Last Name";
				$email = "address@email.co.za";
				$textfield="Message";
				$name = $srn = $send = $msg = "";
			}else{
				$yes = "";
			}
		}
		
	}else{
	//waits for form submit
		$firstname = "First Name";
		$lastname = "Last Name";
		$email = "address@email.co.za";
		$textfield="Message";
		$name = $srn = $send = $msg = "";
		$yes="";
	}
?>

issues:

  1. The function test_input($data) display’s an error “: trim() expects parameter 1 to be string, object given in” and as you can see I have validations to make sure the fields are not empty, This function does not begin until form submission.

2.In the HTML section I echo the errors as a placeholder into the input fields, But when I echo out the email it gives me a “Warning htmlspecialchars() expects parameter 1 to be string, object given in”" inside the value field when I applied all errors to the placeholders, I tried using an If() function to check if the value is that error and than let it just display my original errors.

<form autocomplete="off" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>#send" method="post">
			<?php 
				include_once('../phpmailer/form.php');
			?>
				
				<div class="Img-attch">
					<h1>Contact Info</h1>
					
					<div class="company-img"></div>
					<div class="info">
						<div class="center">
							<div class="Region">Gauteng</div>
							<div class="Area">Boksburg North</div>
							<div class="Address">Cnr Trichards, Cason Rd, Arches Centre, Shop 14 </div>
						</div>
					</div>
					
					<div class="contact">
						<div class="tel" name="Call"></div>
						
						<div class="email" name="Email"></div>
					</div>
				
				</div>
				<div class="devide"></div>
				<div class="input-txt">
					<h1>Contact Us</h1>
					<input type="text" name="name" value="<?php echo htmlspecialchars($name); ?>" placeholder="<?php echo htmlspecialchars($firstname); ?>" />
					<input type="text" name="srname" value="<?php echo htmlspecialchars($srn); ?>" placeholder="<?php echo htmlspecialchars($lastname); ?>" />
					<input type="email" name="email" value="<?php echo htmlspecialchars($send)?>" placeholder="<?php echo htmlspecialchars($email); ?>" />
					<textarea name="msg" placeholder="<?php echo htmlspecialchars($textfield);?>"><?php echo htmlspecialchars($msg);?></textarea>
					
					<input type="file" name="files" name="files"/>
					<?php
						if( $yes != ""){
							echo '<div class="center" style="display:flex;justify-content:center;align-items:center;position:fixed;"><div class="success">$yes</div></div>';
						}else{
							echo '<div class="center" style="display:flex;justify-content:center;align-items:center;position:fixed;"><div class="success">There Appears to be an error</div></div>';
						}
					?>
					<input type="submit" value="Send" name="send" id="send" class="form-submit-button" method="POST">
				
				</div>
			</form>

Any help would be appreciated, Because I am stumped by this and I am wasting too much time trying to sort out a single error like this.


#2

Okay. So.

#1: test_input isnt testing anything. It’s cleaning (sanitizing) it.
#2: You should still sanitize the email address if you’re planning on storing it in a database. filter_var is insufficient.
#3: stripslashes is the wrong way to go with the data. If you’re going to be using this method, you should be adding slashes, not stripping them.
#4: The error indicates that one of the inputs that were sent was an object. var_dump($data) in the first line of the function and see 1) which of the calls is causing it, and 2) what object it’s receiving.


#3

Thank you M_hutley

Turns out the trim() error is caused by the phpmailer.php files and i am unsure how to go about fixing that, figured this out after completely removing the function and found out the error was there so i did investigating,

as for the error message occuring by the email input field still echoes out the warning message, how do I go about trying to check what seems to be the cause, as i have my suspicion on the HTML 5 Validations on input fields as the error message is the same as the error message given when I input an invalid email address.

I am currently checking up on how I should go about editing the PHPmailer or setting it up properly, While am still stumped by issue number 2.

out of curiosity why should I be adding the slashes instead of removing them, would that not cause issues for me regarding security?

and as for databases, i have not decided that as of now, just a simple contact form.


#4

#Update

Problem 1 has been solved due to my incompetence, I have found out that at the mail->setFrom() I was applying an empty $send veriable when I should have applied $email since that is the data attribute.

As for problem 2, I am still stumped and currently still looking for solutions regarding the issue of echoing an error within the field value When there are none applied

The confusion is that ALL errors are displayed in the Placeholder but the email error seems to appear inside of the Value.


#5

var_dump($email) directly after your include_once line. Let’s see what’s in the variable.


#6

alright So I did as u said, And it does echo whatever I put into there but if I echo it with htmlspeciacharset() than it comes with that error message with the warning, When i switched the two veriable names around I finally got it as a placeholder so you don’t see it unless the field is empty,

The only issue is that it still does show


#7

What does the code look like now? Above, you use $send in the value for your email, and $email in the placeholder. As $send seems to be either a blank string, or your PHPMailer object, neither seems correct to me.


#8

All I did was switch them around and it kind of did the same thing, the error message showed in the placeholder, But because I added a required on that field the error stopped, Now the issue is naturally when the value is empty than the placeholder suppose to appear, but if i don’t assign the value field that previous error message appears, and if I assign it as empty than the placeholder doesn’t show for some reason.

<?php

		if ($_SERVER["REQUEST_METHOD"] == "POST") {
		if (empty($_POST["name"])) {
		//checks for empty fields
			$firstname = "Please Insert Name";
			$num1 = 0;
			$name = "";
		} else {
			//checks if the input contains other characters
			if ( !preg_match ("/^[a-zA-Z\s]+$/",$_POST['name'])) {
				$firstname = "Must only contain letters!";
				$name = "";
				$num1 = 0;
			}else{
				$name = $_POST['name'];
				$num1 = 1;
			}
		}
		//checks for empty fields
		if (empty($_POST["srname"])) {
			$lastname = "Please Insert Surname";
			$num2 = 0;
			$srn = "";
		} else {
			//checks if the input contains other characters
			if ( !preg_match ("/^[a-zA-Z\s]+$/",$_POST['srname'])) {
				$lastname = "Must only contain letters!";
				$srn = "";
				$num2 = 0;
			}else{
				$srn = $_POST['srname'];
				$num2 = 1;
			}
		}
		//checks for empty fields
		if (empty($_POST["email"])) {
				$email = "";//value
				$send= "Please insert Email Address";//placeholder
				$num3 = 0;
		}else{	
			if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
			//checks if the input format is correct
				$email = ""; //value
				$send = "Please use valid email format";//placeholder
				$num3 = 0;
			}else{
				$send = "";//placeholder
				$email = $_POST['email']; //value
				$num3 = 1;
			
			}
		}
		
		//checks for empty fields
		if(empty($_POST['msg'])){
			 $textfield = "Please Insert Message";
			 $num4 = 0;
			 $msg = "";
		}else{
			$msg = $_POST['msg'];
			$num4 = 1;
			$textfield = "";
		}
		//checks for attachments
		if(isset($_FILES['attachment']['name']) && $_FILES['attachment']['name'] != ""){
			$file = "attachment/" . basename($_FILES['attachment']['name']);
			move_uploaded_file($_FILES['attachment']['tmp_name'], $file);
		}else{
			$file = "";
		}
			
		//checks if all fields return true
		if($num1 + $num2 + $num3 + $num4 = 4){
			$yes = "";
			include_once "PHPMailer.php";
			include_once "Exception.php";
			
			//creates an instance of email
			$send = new PHPMailer\PHPMailer\PHPMailer();
			$send->addAddress('nathangriesel@gmail.com','Nathan');
			$send->setFrom($email);
			$send->Subject = "My Website Form";
			$send->Body = $msg;
			$send->addAttachment($file);
			
			//checks if sent and than empty fields to avoid resubmits
			if($send->send()){
				$yes = "Your Email was Successful, Thank You!";
				$firstname = "First Name";
				$lastname = "Last Name";
				$send = "address@email.co.za";//placeholder
				$textfield="Message";
				$name = $srn = $email = $msg = "";
			}else{
				$yes = "";
			}
		}
		
	}else{
	//waits for form submit
		$firstname = "First Name";
		$lastname = "Last Name";
		$send = "address@email.co.za";//placeholder
		$email = "";//value
		$textfield="Message";
		$name = $srn = $send = $msg = "";
		$yes="";
	}
?>

So in a sense the error message was appearing coz the field was not defined but if I define the field as empty than the placeholder doesn’t exist.


#9

I have to wonder if having this in your form is causing issues…

Why are you giving name attributes to divs?


#10

because I am using the ::before and ::after css attributes for the following css line content:attr(name);

Apologies for scratching these out, as I need perms in case they plan to use a separate email address for business to avoid unnecessary spam.

as a result I echo the Name attribute as a header and I add the email address directly to the Css to avoid html bots from snuffing them out. As this use to be an issue in the past with people using these bots to add emails to their databases for spam, Since they can not read CSS this is most advantages, but the name tags I did on purpose as its an awesome trick for position:absolute; elements


#11

Well that’s fine, but the name attribute is a special one inside of a form tag, as it’s how the form collects its data.
FSAG, what happens if you change the name attribute of that div to be a… ‘fancyname=’ instead.

The reason i suggest this is because the only field you’re having problems with is the email one, and the only div that has a name attribute that matches one of your form fields, is the email one… which strikes me as a rather strong coincidence.


#12

alright I changed the input field name to “address” and it has stopped the value from receiving the Warning error, But Now I notice the error shows up in the placeholder, and I did not assign a value to the $send field so Its just plain text or just empty so the Specialhtmlcharset attribute is causing it to make an error.

So the validation seems to work as intended other than the placeholder but the if(send) function doesn’t go through validation I may have to add the debug options for that so perhaps I should make a seperate post regarding that if I get stumped on that.

So overall your idea was correct the name was sending an invalid input which was probably “false” and that obv didn’t have the “@” symbol or it returns “0” either case it got fixed but the issue is now regarding the placeholder text, would it be a good idea to remove the special charset on the placeholder as its not really sending through the form?