I have a stray word in a contact form on one of the websites I maintain (see image). I can’t, for the life of me, figure out where it came from. I think it
has something to do with my php variable $message, but ???
Could somebody please see if they can see how it appeared out of nowhere?
Here is the php code at the top of the page:
<?php
session_start();
$_SESSION['members'] = '0';
$submit = $_SESSION['submit'];
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$gender = $_SESSION['gender'];
$age = $_SESSION['age'];
$info = $_SESSION['info'];
$other_info = $_SESSION['other_info'];
$comments = $_SESSION['comments'];
if ($_GET['msg'] == 'email') {
$message = "<p class=\\"message\\">Thank you for your interest in Markham Baptist Church. An email has been sent to the office administrator with your message.</p>";
} elseif ($_GET['msg'] == 'blank') {
$message = "<p class=\\"message\\">Please complete all the required fields before you submit this form.</p>";
} else {
$message = "";
}
?>
Here is the form code:
<div id = "main">
<h2>Contact Us</h2>
<p>We'd like to hear from you! (<span style="color: #7D1416; font-weight: bold;">*</span><span style="font-size: 0.8em; font-style: italic;">Required Fields</span>)</p>
<?php print $message; ?>
<form action="process_form.php" method="post" id="contact">
<table>
<tr>
<td class="label"><span style="color: #7D1416; font-weight: bold;">*</span>First name:</td>
<td colspan="2">
<input type="text" name="first_name" id="first_name" class="textbox" value="<?php print $first_name; ?>"/>
<script type="text/javascript">
var firstName = new LiveValidation('first_name', { validMessage: '', wait: 500});
firstName.add(Validate.Presence, {failureMessage: "Please enter your first name."});
</script>
</td>
</tr>
<tr>
<td class="label"><span style="color: #7D1416; font-weight: bold;">*</span>Last name:</td>
<td colspan="2">
<input type="text" name="last_name" id="last_name" class="textbox" value="<?php print $last_name; ?>" />
<script type="text/javascript">
var lastName = new LiveValidation('last_name', { validMessage: '', wait: 500});
lastName.add(Validate.Presence, {failureMessage: "Please enter your last name."});
</script>
</td>
</tr>
<tr>
<td class="label"><span style="color: #7D1416; font-weight: bold;">*</span>Email:</td>
<td colspan="2">
<input type="text" name="email" id="email" class="textbox" value="<?php print $email; ?>" />
<script type="text/javascript">
var email = new LiveValidation('email', { validMessage: '', wait: 500});
email.add(Validate.Presence, {failureMessage: "Please enter an email address."});
email.add( Validate.Email );
</script>
</td>
</tr>
<tr>
<td class="label">Gender:</td>email
<td colspan="2">
<select name="gender">
<option>Select one ...</option>
<?php
$gender_choice = Array("Male", "Female");
foreach($gender_choice as $my_gender) {
print("<option value=\\"$my_gender\\" ");
if ($my_gender == $gender) {
$selected = " selected=\\"selected\\"";
} else {
$selected = " ";
}
print("$selected>$my_gender</option><br />");
}
?>
</select>
</td>
</tr>
<tr>
<td class="label">Age group:</td>
<td colspan="2">
<select name="age">
<option>Select one ...</option>
<?php
$age_choice = Array("Under 18 yrs", "19 to 39 yrs", "40 to 59 yrs", "60 yrs and over");
foreach($age_choice as $my_age) {
print("<option value=\\"$my_age\\" ");
if ($my_age == $age) {
$selected = " selected=\\"selected\\"";
} else {
$selected = " ";
}
print("$selected>$my_age</option><br />");
}
?>
</select>
</td>
</tr>
<tr>
<td colspan="3">
I'd like information on: (check all that apply)
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="checkbox" name="info[]" value="Worship services" /> Worship services
</td>
<td>
<input type="checkbox" name="info[]" value="Children's programs (to Gr 6)" /> Children's programs (to Gr 6)
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="checkbox" name="info[]" value="Music ministries" /> Music ministries
</td>
<td>
<input type="checkbox" name="info[]" value="Youth programs (Gr 6-8)" /> Youth programs (Gr 6-8)
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="checkbox" name="info[]" value="Women's ministries" /> Women's ministries
</td>
<td>
<input type="checkbox" name="info[]" value="Youth programs (Gr 9-12)" /> Youth programs (Gr 9-12)
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="checkbox" name="info[]" value="Adult study groups" /> Adult study groups
</td>
<td>
<input type="checkbox" name="info[]" value="Alpha" /> Alpha
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="checkbox" name="info[]" value="Other" /> Other: (please specify)
</td>
<td>
<input type="text" class="textbox" style="width: 225px;" name="other_info" value="<?php print $other_info; ?>"/>
<input type="text" id="honeypot" name="honeypot" placeholder="Leave Blank If Human" autocomplete="off" />
</td>
</tr>
<tr>
<td class="label">
<span style="color: #7D1416; font-weight: bold;">*</span>Comments:
</td>
<td colspan="2">
<textarea name="comments" id="comments"><?php print $comments; ?></textarea>
<script type="text/javascript">
var comments = new LiveValidation('comments', { validMessage: '', wait: 500});
comments.add(Validate.Presence, {failureMessage: "Please leave us a message."});
</script>
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="submit" name="submit" class="button" value="Submit" />
</td>
<td> </td>
</tr>
</table>
</form>
</div> <!-- end of main div -->
and here is the code from the process_form.php file:
<?php
session_start();
// process form variables
// HoneyPot PHP
if($_POST['honeypot'] != ''){
die("This form submission has been compromised. If you are a human, please try again.");
}
$_SESSION['submit'] = $_POST['submit'];
$_SESSION['first_name'] = stripslashes($_POST['first_name']);
$_SESSION['last_name'] = stripslashes($_POST['last_name']);
$_SESSION['email'] = stripslashes($_POST['email']);
$_SESSION['gender'] = $_POST['gender'];
$_SESSION['age'] = $_POST['age'];
$_SESSION['info'] = $_POST['info'];
$_SESSION['other_info'] = stripslashes($_POST['other_info']);
$_SESSION['comments'] = nl2br(stripslashes($_POST['comments']));
if ($_SESSION['first_name'] == '' || $_SESSION['last_name'] == '' || $_SESSION['email'] == '' || $_SESSION['comments'] == '' ) {
header('location: contact.php?msg=blank');
exit;
}
$submit = $_SESSION['submit'];
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$gender = $_SESSION['gender'];
$age = $_SESSION['age'];
$info = $_SESSION['info'];
$other_info = $_SESSION['other_info'];
$comments = $_SESSION['comments'];
$i=0;
if (!empty($info)) {
foreach($info as $item) {
if ($item == 'Other') {
$info[$i] = $item . ' (' . $other_info . ')';
}
//print("$info[$i]<br />");
$i++;
}
$more_info = implode($info, ", ");
//print_r("$more_info");
}
// send email
$to = "***@*****.org";
$subject = "Website Contact Form Response";
$message = "<p>Name: $first_name $last_name</p>
<p>Email address: $email</p>
<p>Gender: $gender</p>
<p>Age Group: $age</p>
<p>$first_name $last_name has expressed an interest in the following:</p>
<p>$more_info</p>
<p>Additional comments:</p>
<p>$comments</p>";
$headers = "From:******\\r\
";
$headers .= "Content-type: text/html\\r\
";
mail($to, $subject, $message, $headers);
header('location: contact.php?msg=email');
exit;
?>
Thank you. 