OK, I am learning PHP and would like to have a form (SACCC Form) and need to make sure the * areas contain data. Not sure about “appropriate” yet but need to figure out how to validate that the field is not blank at least, and if it is blank, show the error field but also still show what has been entered appropriately. Make sense, I hope???
Any help to sites, tutorials, code snippets, etc. would be helpful.
Thanks
F
Can you show what some of your fields are? You can simply do
if(empty($_POST['name'])){
echo 'Please enter your name';
}
Of course there are better ways to do this…
OK, from my form, I call the “mail.php” “page”. It is a seperate file - maybe should not be but have not heard if that is really better or not.
Code:
<?php
session_start();
$to = "me7@myemail.com";
$subject = "2011 Car Show Registration";
//$name = isset($_POST['name']) ? trim($_POST['name']) : '';
$_SESSION['inputname'] = isset($_REQUEST["name"]) ? trim($_REQUEST['name']) : '';
$name = $_SESSION['inputname'];
$_SESSION['email'] = trim($_REQUEST["email"]);
$email = trim($_REQUEST["email"]);
$_SESSION['phone'] = trim($_REQUEST["phone"]);
$phone = trim($_REQUEST["phone"]);
$_SESSION['address1'] = trim($_REQUEST["address1"]);
$address1 = trim($_REQUEST["address1"]);
$_SESSION['address2'] = trim($_REQUEST["address2"]);
$address2 = trim($_REQUEST["address2"]);
$_SESSION['city'] = trim($_REQUEST["city"]);
$city = trim($_REQUEST["city"]);
$_SESSION['state'] = trim($_REQUEST["state"]);
$state = trim($_REQUEST["state"]);
$_SESSION['zipcode'] = trim($_REQUEST["zipcode"]);
$zipcode = trim($_REQUEST["zipcode"]);
$_SESSION['VehicleYr'] = trim($_REQUEST["VehicleYr"]);
$VehicleYr = trim($_REQUEST["VehicleYr"]);
$_SESSION['VehicleMkMdl'] = trim($_REQUEST["VehicleMkMdl"]);
$VehicleMkMdl = trim($_REQUEST["VehicleMkMdl"]);
$_SESSION['waiverAgree'] = trim($_REQUEST["waiverAgree"]);
$waiver = trim($_REQUEST["city"]);
$_SESSION['earlyPay'] = trim($_REQUEST["earlyPay"]);
$pay = trim($_REQUEST["city"]);
if($_SESSION['earlyPay'] != '1') {
$_SESSION['earlyPay'] = "NO";
$pay = "NO";
}
else {
$_SESSION['earlyPay'] = "YES";
$pay = "YES";
}
if($_SESSION['waiverAgree'] != '1') {
$waiver = "NO";
$_SESSION['waiverAgree'] = "NO";
}
else {
$waiver ="YES";
$_SESSION['waiverAgree'] = "YES";
}
$dodgy_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"bcc:"
);
function is_valid_email($email) {
return preg_match('#^[a-z0-9.!\\#$%&\\'*+-/=?^_`{|}~]+@([0-9.]+|([^\\s]+\\.+[a-z]{2,6}))$#si', $email);
}
function contains_bad_str($str_to_test) {
$bad_strings = array(
"content-type:"
,"mime-version:"
,"multipart/mixed"
,"Content-Transfer-Encoding:"
,"bcc:"
,"cc:"
,"to:"
);
foreach($bad_strings as $bad_string) {
if(eregi($bad_string, strtolower($str_to_test))) {
echo "$bad_string found. Suspected injection attempt - mail not being sent.";
exit;
}
}
}
function contains_newlines($str_to_test) {
if(preg_match("/(%0A|%0D|\\\
+|\\\\r+)/i", $str_to_test) != 0) {
echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";
exit;
}
}
if($_SERVER['REQUEST_METHOD'] != "POST"){
echo("Unauthorized attempt to access page.");
exit;
}
if (!is_valid_email($email)) {
echo 'Invalid email submitted - mail not being sent.';
exit;
}
contains_bad_str($_SESSION['email']);
contains_bad_str($_SESSION['inputname']);
contains_bad_str($_SESSION['phone']);
contains_bad_str($_SESSION['address1']);
contains_bad_str($_SESSION['address2']);
contains_bad_str($_SESSION['city']);
contains_bad_str($_SESSION['state']);
contains_bad_str($_SESSION['zipcode']);
contains_bad_str($_SESSION['VehicleYr']);
contains_bad_str($_SESSION['VehicleMkMdl']);
contains_newlines($_SESSION['email']);
contains_newlines($_SESSION['inputname']);
contains_newlines($_SESSION['phone']);
contains_newlines($_SESSION['address1']);
contains_newlines($_SESSION['address2']);
contains_newlines($_SESSION['city']);
contains_newlines($_SESSION['state']);
contains_newlines($_SESSION['zipcode']);
contains_newlines($_SESSION['VehicleYr']);
contains_newlines($_SESSION['VehicleMkMdl']);
$totalmessage = "
Name: ................. $name \
Address1: ............. $address1 \
Address2: ............. $address2 \
City: ................. $city\
State: ................ $state \\r
Zip Code: ............. $zipcode \
Email: ................ $email \\r
Phone Number: ......... $phone \\r
Vehicle Year: ......... $VehicleYr \\r
Vehicle Make, Model:... $VehicleMkMdl \\r
I/we have read the waiver and agree to its terms: $waiver \\r
I/we agree to pay the registration fee of 10 dollars upon arrival at the show: $pay \\r ";
//echo $totalmessage;
//$headers = "From: $email";
//$headers = "From: ";
$_SESSION['confirmation'] = $totalmessage;
mail($to, $subject, $headers, $totalmessage);
header("Location: RegistrationConfim.php");
//echo "Thanks for submitting.";
?>
Wondering how to validate and go back to the form??? or… what??
F
well, You should be using either $_POST or $_GET over $_REQUEST. Which one you use depends on which method you use in your form.
as to go back to your form, just put a link back to it versus doing an exit. Then on your form page, change it to something like:
<input name="name" id="name" value="<?php if(empty($_POST['name'])):''?echo $_POST['name'];?>" />
if you are using the post method
I would like to point out that you shouldn’t be setting form field values to the raw contents of $_POST or $_GET variables - you need to at least use htmlentities() to avoid XSS attacks.
aamonkey,
Now that " use htmlentities() " I have never heard of before. Since, as I said, I am trying to learn enough PHP to do some form stuff (and make sure we don’t get blasted badly), where would I learn the best/most about the htmlentities? Is there a good tutorial or is there somewhere else on this forum that they are discussed?
Thanks
F
The php manual is the best place to learn about functions like that one
I looked in the PHP manual but was confused (just me??).
Is there somewhere there is more examples of forms use for this?
F
Step #8 in this link below has your basic formmail.php script. It will check if the inputs are empty or not. Beyond that, I would suggest asking specific questions (as I once did) and fill in any further validation you need.