dragon42tt
-
Posts
8 -
Joined
-
Last visited
Posts posted by dragon42tt
-
-
No, this is not the best solution since it will completely fail under certain conditions. You are hoping the name of a button is going to be submitted and it wont always be.
The correct method is
if ($_SERVER['REQUEST_METHOD'] == 'POST')
Where should I insert that piece of code ?
-
The only validation you have is probably the Javascript for the form, which is pretty much useless as an actual validation method. Spambots and pretty much anyone who knows how to shut off Javascript in their browser can easily bypass it. All user input needs to be validated on the server side. Anything on the client side should be considered to be nothing more than a convenience (or inconvenience in some cases) for the user.
I am a beginner so I don't know where to start or what to do ? can you suggest what I could do next to make sure the fields are validated?
Thanks
-
Also if you check out my website http://wwww.flashdrivingschool.co.uk if any fields are empty it doesn't allow you to submit anyway, so I guess there is some sort of validation, when one field is left blank and you click submit then the blank field gets highlighted.
-
Nowhere in there are you checking to see if nothing was submitted. Typically you'd want to wrap the form processing code in something like
if (isset($_POST['submit']))
Which will check to see if the submit button was clicked, at which point you know it's time to process the form. Otherwise it means someone landed on the page somehow and didn't mean to, so there's no reason to run the form processing.
Where would I enter that piece of code ?
-
You're not actually validating any of the submitted fields. Just because a value is set in $_POST doesn't mean it's not empty or a blank string, nor does it mean that the field doesn't contain additional mail headers (allowing an unscrupulous user to use your contact form the send spam). I suggest you do some research into data validation, sanitizing, and escaping - it'll make life better for everyone involved.
Hi,
The website was created by someone else so I have no idea why it was done this way, and also as I mentioned I have no clue about php or any coding, so I don't really understand what you mean, I'm just wondering if there's a simple code I can use to fix this problem, In the meanwhile I will try the "(isset($_POST['submit']))" suggested by iarp above.
Thanks.
-
Hi everyone.
I read somewhere that Google crawler triggers the contact form to send blank emails.
I believe a validation of the fields will stop this from happening, but I couldn't solve this problem to save my life, my php skills are very poor.
Here is the code, I hope someone can help, any help is appreciated.
<?php
ob_start();
session_start();
include('class.phpmailer.php');
include('admin/includes/config.php');
$name=isset($_POST['name']) ? addslashes($_POST['name']) : '';
$email=isset($_POST['email']) ? addslashes($_POST['email']) : '';
$phone=isset($_POST['phone']) ? addslashes($_POST['phone']) : '';
$comment=isset($_POST['comment']) ? addslashes($_POST['comment']) : '';
$row=mysql_fetch_array(mysql_query("SELECT * FROM `fds_tbladmin` WHERE `id`='1'"));
$admin_email=$row['email'];
$Subject1 ="Someone Has Contacted You";
$TemplateMessage.="<br/><br />Hi Admin";
$TemplateMessage.="";
$TemplateMessage.="<br><br>";
$TemplateMessage.=" Name :".$name;
$TemplateMessage.="<br><br>";
$TemplateMessage.="Email :".$email;
$TemplateMessage.="<br><br>";
$TemplateMessage.="Phone :".$phone;
$TemplateMessage.="<br><br>";
$TemplateMessage.="Comment :".$comment;
$TemplateMessage.="<br><br><br/>Thanks & Regards<br/>";
$TemplateMessage.="Flash Driving School";
$TemplateMessage.="<br><br><br>This is a post-only mailing. Replies to this message are not monitored
or answered.";
$mail1 = new PHPMailer;
$mail1->FromName = "flashdrivingschool.com";
$mail1->From = "info@flashdrivingschool.com";
$mail1->Subject = $Subject1;
$mail1->Body = stripslashes($TemplateMessage);
$mail1->AltBody = stripslashes($TemplateMessage);
$mail1->IsHTML(true);
$mail1->AddAddress($admin_email,"flashdrivingschool.com");//info@salaryleak.com
$mail1->Send();
header('location:thankyou.php');
exit();
?> -
[color=black]
Hi everybody,
I successfully inserted "plaincart" into my website (i'm new) and everything seems to be working well until i try to login as admin, i get the following message;
"Wrong username or password" ???
i am definetly using the correct username and password.
I followed a tutorial:
http://www.phpwebcommerce.com/
I found solution which worked for some people, this was;
:-\
-------------------------------------------------------------
The problem seems to be with one line in this SQL query:
$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND
user_password = PASSWORD('$password')";
The login process works fine if you change the last line to just:
user_password = '$password'";
-----------------------------------------------------------------------
but the above amendment did not work for me, i also tried uploading the files using binary, still no luck. :-\
If someone can help, it would be greatly appreciated. ;)
The source code can be downloaded from:
http://www.phpwebcommerce.com/download/plaincart.zip
Thanks a lot.
[/color]
The contact form on my website keeps sending me blank emails!
in PHP Coding Help
Posted
So I guess you was born with knowledge in coding ?
Really ? Read basic PHP documentation to learn where to put a line of code, are you serious?
If you did not want to help then why bother replying, there are people here more than happy to help and I thank them for that, last thing I need is a moaner.
What has this world come to, now I can't ask fellow humans for help.
"as to the validation section of your php code, you should use an array to hold the validation error messages, then at the end of the validation section, if there are no errors, the array will be empty, use the submitted form data in the rest of the code. if there are validation errors, you would display them, along with re-displaying the form. "
My friend I don't know zilch about coding, none of this makes sense, I run a business and need some tiny help to help me improve it, you can't expect me to learn all of the above to be able to code one line. Please be realistic.