Jump to content

kaiman

Members
  • Posts

    104
  • Joined

  • Last visited

Profile Information

  • Gender
    Male

kaiman's Achievements

Member

Member (2/5)

0

Reputation

  1. Okay, I got it. I wasn't passing the correct value from the form =P It always something, huh! Sarcasm aside, thanks for all the help. kaiman
  2. Okay, thanks to Psycho's comment I was able to get the db query MATCH to work successfully, but yes Jessica you are correct, the $_GET variable is not being passed correctly. On the form processing page I have this: // search form // connects to server and selects database include ("../includes/dbconnect.inc.php"); // table name $tbl_name1 = "website_search"; // removes magic_quotes_gpc slashes function stripQuotes($arg) { if (get_magic_quotes_runtime()) { return stripslashes($arg); } else { return $arg; } } // protect against mysql injection function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } // values sent from form $keyword = stripQuotes($_GET['keyword']); $keyword = cleanString($keyword); header("Location: http://www.mysite.com/search/results/?keyword=$keyword"); exit; Then on the search results page I have this: // connects to server and selects database include ("../../scripts/includes/dbconnect.inc.php"); // search results // table name $tbl_name1 = "website_search"; // search keyword $keyword = mysql_real_escape_string($_GET['keyword']); // query the database $sql = "SELECT *, MATCH (title, keywords) AGAINST('". $keyword ."') as score FROM $tbl_name1 WHERE MATCH (title, keywords) AGAINST ('". $keyword ."') ORDER BY score DESC"; // $query = mysql_query($sql); $query = mysql_query($sql) or die("Error: ". mysql_error(). " with query ". $sql); // link $url = $row['url']; // display results $search_result = mysql_num_rows($query); if ($search_result > 0) { echo "<h2>Search results for ".$keyword.":</h2>\n"; while ($result = mysql_fetch_array($query)) { echo (" <p>{$result['title']} ({$result['score']}"); echo " \"$url\"</p>\n"; } } // if no results display message else { echo "<h2>Sorry, your search for ".$keyword." returned no results</h2>\n"; echo " <p class=\"medium_spacer\">Return to the <a href=\"javascript:history.back()\">previous page</a>.</p>\n"; } Any ideas why the variables aren't being passed? Thanks again, kaiman
  3. The keyword is being introduced through $_GET // search keyword $keyword = mysql_real_escape_string($_GET['keyword']); I have tried hard coding in a $keyword but still no go. Also have double checked commas between fields without luck. Any other suggestions? Thanks again, kaiman
  4. Hi Again Everyone, I am trying to debug a search form but keep getting the following syntax error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'MATCH (title, keywords) AGAINST('') as score FROM website_search WHERE MATCH (ti' at line 1 with query SELECT count(*) MATCH (title, keywords) AGAINST('') as score FROM website_search WHERE MATCH (title, keywords) AGAINST ('') ORDER BY score DESC Here is the code in question: // query the database $sql = "SELECT count(*) MATCH (title, keywords) AGAINST('". $keyword ."') as score FROM $tbl_name1 WHERE MATCH (title, keywords) AGAINST ('". $keyword ."') ORDER BY score DESC"; I am sure it is some small thing I am missing but can't seem to pick it out. Any help or suggestions would be appreciated. Thanks, kaiman
  5. Oops, my bad. Thanks for the help that part seems to be working now!
  6. Hi everyone, I am having problems getting this newsletter script I created to write to a table in the database. I know my connection is good and it seems to be executing several anti-sql injection functions correctly and reading stuff from another table just fine, but won't write to it. I am getting an error that it "Cannot write to database!" and am just redirected to the error page without adding a line to the db table. The code in question is this line: // insert data into database $sql = "INSERT INTO $tbl_name1(confirm_code, name, email)VALUES('$confirm_code', '$name', '$email') LIMIT 1"; $result = mysql_query($sql) or trigger_error("Cannot write to database!"); This server is running PHP version 5.2.17 and MySQL 5.0.96. Any comments or suggestions to illuminate my problem would help. More code for the script up to that point is below. Thanks, kaiman CREATE TABLE `temp_subscribers` ( `confirm_code` varchar(65) NOT NULL default '', `name` varchar(65) NOT NULL default '', `email` varchar(65) NOT NULL default '' ) ENGINE=MyISAM DEFAULT CHARSET=latin1; // connects to server and selects database include ("../includes/dbconnect.inc.php"); // table names $tbl_name1 = "temp_subscribers"; $tbl_name2 = "newsletter_subscribers"; // random confirmation code $confirm_code = md5(uniqid(rand())); // removes magic_quotes_gpc slashes function stripQuotes($arg) { if (get_magic_quotes_runtime()) { return stripslashes($arg); } else { return $arg; } } // protect against mysql injection function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } // values sent from form $name = stripQuotes($_POST['name']); $name = cleanString($name); $email = stripQuotes($_POST['email']); $email = cleanString($email); // check for empty fields if (empty($name) || empty($email)) { header("Location: http://www.mysite.com/newsletter/error/"); exit ; } // sanitize and validate email address $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL) ; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { header( "Location: http://www.mysite.com/newsletter/error/" ) ; exit; } //account check $sql = "SELECT count(*) FROM $tbl_name2 WHERE email='$email' LIMIT 1"; $result = mysql_query($sql) or trigger_error("Cannot read from database!"); $num = mysql_result($result,0); //check to see if email exists or not. if($num > 0){ header("Location: http://www.mysite.com/newsletter/error/"); exit ; } // insert data into database $sql = "INSERT INTO $tbl_name1(confirm_code, name, email)VALUES('$confirm_code', '$name', '$email') LIMIT 1"; $result = mysql_query($sql) or trigger_error("Cannot write to database!");
  7. Hi All, I have a rudimentary PHP page that displays a quote a day (366 quotes) from a text file. I have implemented sessions and javascript to account for the users time offset and this seems to be working well. As this is going to be for a iPhone mobile web app, I don't have to worry about DST or users having their computers time set incorrectly (the time is set automatically via cell towers by the service providers) The challenge now is that I would like to be able add Next and Previous links which would allow users to view a quote of the day from past and future dates. I have tried to implement it using the GET parameter like this: // get day settings $day = (int) ($_GET['day'] ? $_GET['day'] : date('z')); // next quote link echo $next_quote_link = '<a href="?day='.($day != 366 ? $day + 1 : 1).'">Next Quote >></a>'; // previous quote link echo $previous_quote_link = '<a href="?day='.($day != 1 ? $day - 1 : 366).'"><< Previous Quote</a>'; but it seems to just return the same quote and date. Can someone help me figure out what I've overlooked or need to do to pass the date to the script correctly? Any help is appreciated Thanks in advance, kaiman Here is the complete script so far: <?php // start session session_start(); // get timezone offset if(!isset($_SESSION['timezone'])) { if(!isset($_REQUEST['offset'])) { ?> <script type="text/javascript"> var d = new Date() var offset= -d.getTimezoneOffset()/60; location.href = "<?php echo $_SERVER['PHP_SELF']; ?>?offset="+offset; </script> <?php } else { $zonelist = array('Kwajalein' => -12.00, 'Pacific/Midway' => -11.00, 'Pacific/Honolulu' => -10.00, 'America/Anchorage' => -9.00, 'America/Los_Angeles' => -8.00, 'America/Denver' => -7.00, 'America/Tegucigalpa' => -6.00, 'America/New_York' => -5.00, 'America/Caracas' => -4.30, 'America/Halifax' => -4.00, 'America/St_Johns' => -3.30, 'America/Argentina/Buenos_Aires' => -3.00, 'America/Sao_Paulo' => -3.00, 'Atlantic/South_Georgia' => -2.00, 'Atlantic/Azores' => -1.00, 'Europe/Dublin' => 0, 'Europe/Belgrade' => 1.00, 'Europe/Minsk' => 2.00, 'Asia/Kuwait' => 3.00, 'Asia/Tehran' => 3.30, 'Asia/Muscat' => 4.00, 'Asia/Yekaterinburg' => 5.00, 'Asia/Kolkata' => 5.30, 'Asia/Katmandu' => 5.45, 'Asia/Dhaka' => 6.00, 'Asia/Rangoon' => 6.30, 'Asia/Krasnoyarsk' => 7.00, 'Asia/Brunei' => 8.00, 'Asia/Seoul' => 9.00, 'Australia/Darwin' => 9.30, 'Australia/Canberra' => 10.00, 'Asia/Magadan' => 11.00, 'Pacific/Fiji' => 12.00, 'Pacific/Tongatapu' => 13.00); $index = array_keys($zonelist, $_REQUEST['offset']); $_SESSION['timezone'] = $index[0]; } } // store timezone offset in session date_default_timezone_set($_SESSION['timezone']); ?> <html> <head> </head> <body> <?php // display the date echo "<h3>\n"; echo date("l, F jS, Y\n"); echo "</h3>\n"; // display the quote $lines = file("quotes.txt"); $day = date("z"); echo "<p>“".$lines[$day]."”<p>\n"; ?> </body> </html>
  8. @Pikachu2000 Yep, I just realized that and seem to have it working now. FYI for anyone that is interested my code on my homepage looks like this: <?php // check for mobile browser if (empty($_GET['mobile'])) { $useragent=$_SERVER['HTTP_USER_AGENT']; if(preg_match('/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i',$useragent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-/i',substr($useragent,0,4))) // redirect if mobile browser header('Location: http://www.mysite.com/mobile/'); }?> I basically wrapped the original script with this: if (empty($_GET['mobile'])) { } with the manual redirect to the mobile page from the homepage like this: // link for manually switching to mobile site echo "<a href=\"http://www.mysite.com/mobile/?mobile=yes\">View Mobile Site</a>\n"; and the link on the mobile page to manually redirect to the full site like this: // link for manually switching to full site echo "<a href=\"http://www.mysite.com/?mobile=no\">View Full Site</a>\n"; Just in case anyone is interested... kaiman
  9. Okay so now on my homepage I have this: <?php // check for mobile browser $useragent = $_SERVER['HTTP_USER_AGENT']; if(preg_match('/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i',$useragent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-/i',substr($useragent,0,4))) // redirect if mobile browser header('Location: http://www.example.com/mobile/'); ?> which works great, and then on my http://www.example.com/mobile/ page I have this: <?php // check which site should be displayed on link if ($_GET['mobile']) { $mobileuser = true; } if ($_GET['full']) { $mobileuser = false; } // links for switching between mobile and full sites echo "<p><a href=\"http://www.example.com/?mobile\">View Mobile Site</a> | "; echo "<a href=\"http://www.example.com/?full\">View Full Site</a></p>\n"; ?> which just reloads the http://www.example.com/mobile/ page but doesn't redirect users back to the homepage. Anyone have any ideas or see what I am missing here? Thanks again, kaiman
  10. Hi Everyone, I am trying to add on to this mobile detection script that I have been using (quite nicely I might add) from http://detectmobilebrowsers.com/ <?php // check for mobile browser $useragent = $_SERVER['HTTP_USER_AGENT']; if(preg_match('/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i',$useragent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-/i',substr($useragent,0,4))) // redirect if mobile browser header('Location: http://www.example.com/mobile/'); ?> I would like to use/combine some sort of redirect link for users who are redirected to the mobile site to be ridirected back to the full site and vice versa. I wrote a quick $_GET example below, but would rather use $_SESSIONS if possible to make it more transparent/invisible. My question is how best to combine the code above with the code below and get it to work? <a href="http://www.example.com/?mobile">View Mobile Site</a> <a href="http://www.example.com/?full">View Full Site</a> <?php if ($_GET['mobile']) { $variable = true; } if ($_GET['full']) { $variable = false; } ?> Any help, suggestions, or examples would be appreciated. Thanks in advance, kaiman
  11. Hi Everyone, I have a script (displayed below) that is supposed to block direct access to certain directories using HTTP_REFERER but is proving to be unreliable due to the fact that many modern browsers (such as Firefox) and firewalls don't pass this information on correctly (or at all). My question is is there a better way to do this and does anyone have examples of code that has worked for them in the past? Thanks for the help, kaiman <? $referrer = $_SERVER['HTTP_REFERER']; // set page that it is okay to access from if (preg_match("http://www.domain.com/scripts/php/contactform.php",$referrer)) { header('Location: http://www.domain.com/contact/error/'); } // otherwise redirect to another page else { header('Location: http://www.domain.com/contact/'); }; ?>
  12. Hi Everyone, I have the following script written in PHP that is supposed to stop people from directly accessing a certain directory unless they come from a particular page (contactform.php in this example which is a form processing script that uses header: Location to redirect to the error and success pages). Of course it is falling victim to the fact that most modern browsers (such as Firefox) don't send HTTP_REFERER information and the variable is left blank. My question is is there a way to do this using an .htaccess file on an Apache WS to bypass the browser altogether. What would something like this look like? Thanks for the help, kaiman PHP Code: <? $referrer = $_SERVER['HTTP_REFERER']; // set page that it is okay to view from if (preg_match("http://www.mydomain.com/scripts/php/contactform.php",$referrer)) { header('Location: http://www.mydomain.com/contact/error/'); } // otherwise redirect to contact page else { header('Location: http://www.mydomain.com/contact/'); }; ?>
  13. UPDATE: Here is what I have now, which seems to perform the error checks but won't send emails (complete or incomplete). Any suggestions are greatly appreciated. kaiman // validate form if(isset($_POST['submit'])){ // check for empty form fields if (empty($name) || empty($email) || empty($category) || empty($formsubject) || empty($message)) { echo "<p>Please complete all required form fields.</p>"; } // sanitize and validate email address $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL) ; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "<p>Please enter a valid email address.</p>"; } // check for special characters in the message field and reformat if (get_magic_quotes_gpc()) { $message = stripslashes($message); } else { // if valid send email mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\r\n" . "Reply-To: \"$name\" <$email>\n" . "X-Mailer: PHP 5.2.5" ); header( "Location: $successurl" ); } } echo "<!-- begin form -->\n"; echo "<form name=\"Contact\" class=\"contentform\" method=\"post\" action=\"" . $_SERVER['REQUEST_URI'] . "\">\n"; echo "<fieldset>\n"; echo "<legend>Contact Form</legend>\n"; echo "<ol class=\"form\">\n"; echo "<li class=\"formleft\">\n"; echo "<label for=\"name\"><span class=\"asterisk\">&#042;</span> Your Name:</label>\n"; echo "<input class=\"textfield\" id=\"name\" name=\"name\" type=\"text\" value=\"\" />\n"; echo "</li>\n"; echo "<li class=\"formright\">\n"; echo "<label for=\"email\"><span class=\"asterisk\">&#042;</span> Email Address:</label>\n"; echo "<input class=\"textfield\" name=\"email\" type=\"text\" id=\"email\" value=\"\" />\n"; echo "</li>\n"; echo "<li class=\"formleft\">\n"; echo "<label for=\"category\"><span class=\"asterisk\">&#042;</span> Form Category:</label>\n"; echo "<select class=\"select\" name=\"category\" id=\"category\" onchange=\"javascript:enableOther();\">\n"; echo "<option value=\"\">Please Select an Option:</option>\n"; echo "<option value=\"Question\" >Question</option>\n"; echo "<option value=\"Comment\" >Comment</option>\n"; echo "<option value=\"Idea\">Idea</option>\n"; echo "<option value=\"Other\">Other</option>\n"; echo "</select>\n"; echo "</li>\n"; echo "<li class=\"formright\">\n"; echo "<label for=\"formsubject\"><span class=\"asterisk\">&#042;</span> Form Subject:</label>\n"; echo "<input class=\"textfield\" name=\"formsubject\" type=\"text\" id=\"formsubject\" value=\"\" />\n"; echo "</li>\n"; echo "<li>\n"; echo "<label for=\"message\"><span class=\"asterisk\">&#042;</span> Your Message:</label>\n"; echo "<textarea name=\"message\" class=\"textarea\" rows=\"5\" cols=\"20\" id=\"message\" value=\"\"></textarea>\n"; echo "</li>\n"; echo "<li>\n"; echo "<label for=\"submitbutton\"></label>\n"; echo "<button class=\"submitbutton\" type=\"submit\" name=\"submit\" title=\"Submit\">Submit</button>\n"; echo "</li>\n"; echo "</ol>\n"; echo "</fieldset>\n"; echo "</form>\n"; echo "<!-- end form -->\n";
  14. I am working on convering an old PHP form mail script to do error checking on the same page as the form rather then using redirects and I am having a bit of trouble with the logic. Right now it seems to work okay in general, but will send blank emails without doing the error check. Can someone please help me get it sorted out so that it works correctly. Also any ideas or input on how to make it more secure are appreciated. Thanks in advance, kaiman Here is the section of code in question: // validate form if(isset($_POST['submit'])){ // check for empty form fields if (empty($name) || empty($email) || empty($category) || empty($formsubject) || empty($message)) { echo "<p>Please complete all required form fields.</p>"; } // sanitize and validate email address $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL) ; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "<p>Please enter a valid email address.</p>"; } // check for special characters in the message field and reformat if (get_magic_quotes_gpc()) { $message = stripslashes($message); } } if(isset($_POST['email'])){ // if valid send email mail($mailto, $subject, $messageproper, "From: \"$name\" <$email>\r\n" . "Reply-To: \"$name\" <$email>\n" . "X-Mailer: PHP 5.2.5" ); header( "Location: $successurl" ); } else { echo "<!-- begin form -->\n"; echo "<form name=\"Contact\" class=\"contentform\" method=\"post\" action=\"" . $_SERVER['REQUEST_URI'] . "\">\n"; echo "<fieldset>\n"; echo "<legend>Contact Form</legend>\n"; echo "<ol class=\"form\">\n"; echo "<li class=\"formleft\">\n"; echo "<label for=\"name\"><span class=\"asterisk\">&#042;</span> Your Name:</label>\n"; echo "<input class=\"textfield\" id=\"name\" name=\"name\" type=\"text\" value=\"\" />\n"; echo "</li>\n"; echo "<li class=\"formright\">\n"; echo "<label for=\"email\"><span class=\"asterisk\">&#042;</span> Email Address:</label>\n"; echo "<input class=\"textfield\" name=\"email\" type=\"text\" id=\"email\" value=\"\" />\n"; echo "</li>\n"; echo "<li class=\"formleft\">\n"; echo "<label for=\"category\"><span class=\"asterisk\">&#042;</span> Form Category:</label>\n"; echo "<select class=\"select\" name=\"category\" id=\"category\" onchange=\"javascript:enableOther();\">\n"; echo "<option value=\"\">Please Select an Option:</option>\n"; echo "<option value=\"Question\" >Question</option>\n"; echo "<option value=\"Comment\" >Comment</option>\n"; echo "<option value=\"Idea\">Idea</option>\n"; echo "<option value=\"Other\">Other</option>\n"; echo "</select>\n"; echo "</li>\n"; echo "<li class=\"formright\">\n"; echo "<label for=\"formsubject\"><span class=\"asterisk\">&#042;</span> Form Subject:</label>\n"; echo "<input class=\"textfield\" name=\"formsubject\" type=\"text\" id=\"formsubject\" value=\"\" />\n"; echo "</li>\n"; echo "<li>\n"; echo "<label for=\"message\"><span class=\"asterisk\">&#042;</span> Your Message:</label>\n"; echo "<textarea name=\"message\" class=\"textarea\" rows=\"5\" cols=\"20\" id=\"message\" value=\"\"></textarea>\n"; echo "</li>\n"; echo "<li>\n"; echo "<label for=\"submitbutton\"></label>\n"; echo "<button class=\"submitbutton\" type=\"submit\" name=\"submit\" title=\"Submit\">Submit</button>\n"; echo "</li>\n"; echo "</ol>\n"; echo "</fieldset>\n"; echo "</form>\n"; echo "<!-- end form -->\n"; }
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.