PHP Form Validation (newbie!)

timmah1980 · May 28, 2010, 8:35am

Hi guys!

I’m new to PHP, but have managed to get a basic form to work on my website. There is currently no validation on the form, however, which is what I want to get fixed. I’ve tried several tutorials and looked at a number of discussion threads, but there’s nothing that I’m able to follow to get my form validated.

So… here’s the code I’m using for the form:

<?php
if (isset($_REQUEST['email']))
//if "email" is filled out, send email
  {
  //send email
  $name = $_REQUEST['name'] ;
  $email = $_REQUEST['email'] ;
  $subject = $_REQUEST['subject'] ;
  $message = $_REQUEST['message'] ;
  mail( "email@address.com", "$subject", "
Name:		$name
Message:	$message", "From: $email" );
  echo "<p>Thanks, $name.</p><p>Your message was sent successfully and I'll get back to you as soon as possible.</p>";
  }
else
//if "email" is not filled out, display the form
  {
  echo "<div id='messageBubble'></div>
        <form id='contactForm' action='index.php#contact' method='post'>
        <ul>
        <li><input type='text' name='name' id='name' value='Your Name' onfocus='if (this.value == \\"Your Name\\") {this.value = \\"\\";}' onblur='if (this.value == \\"\\") {this.value = \\"Your Name\\";}' /></li>
        <li><input type='text' name='email' id='email' value='Your Email' onfocus='if (this.value == \\"Your Email\\") {this.value = \\"\\";}' onblur='if (this.value == \\"\\") {this.value = \\"Your Email\\";}' /></li>
        <li><input type='text' name='subject' id='subject' value='Subject' onfocus='if (this.value == \\"Subject\\") {this.value = \\"\\";}' onblur='if (this.value == \\"\\") {this.value = \\"Subject\\";}' /></li>
        <li><textarea name='message' id='message' cols='20' rows='5' onfocus='if (this.value == \\"Message\\") {this.value = \\"\\";}' onblur='if (this.value == \\"\\") {this.value = \\"Message\\";}' >Message</textarea></li>
        <li><input type='submit' id='submit' value='Press'/><input type='reset' id='reset' value='Do not press'/> </li>
        </ul>
        </form>";
  }
?>

Can someone please give me some pointers to get the form working with some form of validation? I need all fields to be completed, with a valid email address.

Also, the form is currently attracting spam messages which include HTML/hyperlinks - if at all possible, I’d like to reject any messages which have HTML in them. This isn’t essential though, if it’s too complicated.

Thanks,

Tim

timmah1980 · May 28, 2010, 12:58pm

I put the function in and it only seems to work when I remove the following code from the inputs:

value='Your Name' onfocus='if (this.value == \\"Your Name\\") {this.value = \\"\\";}' onblur='if (this.value == \\"\\") {this.value = \\"Your Name\\";}'

Is there a way to have the two work together?

timmah1980 · May 28, 2010, 10:57am

Hi - thanks for the suggestions.

I’ve altered the code to reflect your first suggestion.

How and where should I add the “check_input” function, and the same for the “emailPattern” suggestion?

(Sorry - I really am very new to PHP!)

esearing · May 28, 2010, 9:45am

I found these solutions a while back, and it seems to work.

Change

$name = $_REQUEST['name'] ;

to

$name= check_input($_REQUEST['name'], "Please enter your Name");
//repeat for other fields.

add this function

function check_input($data, $problem='')
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if ($problem && strlen($data) == 0)
    {
        die($problem);
    }
    return $data;
}

For validating the email pattern add:

$emailPattern = '/^[^@\\s]+@([-a-z0-9]+\\.)+[a-z]{2,}$/i';
if (!preg_match($emailPattern, $email)){
die ("Please review the email address you entered. There seems to be a problem. Please hit your back button to fix.");
}

For getting rid of links in message you can use strip_tags to get rid of the HTML elements. You can also review replacing string elements like slashes or symbols and perhaps even replace any string that contains unwanted characters.

rlowe711 · May 28, 2010, 12:10pm

You can put the check_input function anywhere in the code. It is a function that will be called when the post variables are received. The function will check $name, $subject, $email, and $message that you wanted from the form.

timmah1980 · May 28, 2010, 1:54pm

Never mind.

I got around the problem by using a right-aligned background image in each of the input/textarea fields, instead of displaying actual text. I’ve add enough right padding so that the user cannot type over the background image.

I also managed to get the email pattern validation working.

Thanks a lot guys!

Topic		Replies	Views
PHP email question PHP	3	929	October 8, 2014
Contact form PHP	2	242	July 14, 2010
PHP contact form - Why doesn't it work? PHP	6	824	October 8, 2014
Help with PHP Form PHP	3	2677	October 8, 2014
Validation on contact form not working PHP	3	552	October 8, 2014

PHP Form Validation (newbie!)

Related topics