dawndmd Posted May 20, 2008 Share Posted May 20, 2008 I know I am missing something here in my form code for the check box "custom colors" to work. Everything else in my form submits the correct info to my email but when I check the checkbox it does not send the info. Please advise. Any help is appreciated. Here is my form code: <?php $options = array("50 @ $75.00", "70 @ $99.00", "100 @ $130.00", "200 @ $260.00", "250 @ $335.00", "500 @ $640.00"); // set up options array, may be easier ways depending on data. $footer = "</body>\n</html>"; function RemoveXSS($val) { if (ini_get('magic_quotes_gpc')) { $val = stripslashes($val); } // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=@avascript:alert('XSS')> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // @ @ search for the hex values $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // @ @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are \t, \n, and \r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?'; $pattern .= '|(�{0,8}([9][10][13]);?)?'; $pattern .= ')?'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } return $val; } if (isset($_POST['submit'])) { $errors = array(); // Initialize error array. //Check for card name if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['cardname'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['bridesname']))) || !$_POST['bridesname']) { $cardname = $_POST['cardname']; } else { $errors[] = 'Please enter the name of the Card you are ordering.'; } //Check for brides name if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['bridesname'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['bridesname']))) || !$_POST['bridesname']) { $bridesname = $_POST['bridesname']; } else { $errors[] = 'Please enter your full name.'; } //Check for grooms name if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['groomsname'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['groomsname']))) || !$_POST['groomsname']) { $groomsname = $_POST['groomsname']; } else { $errors[] = 'Please enter your full name.'; } //Check for wedding date $weddingdate = nl2br(htmlspecialchars(RemoveXSS($_POST['weddingdate']))); if($_POST['weddingdate']) { $weddingdate = nl2br(htmlspecialchars(RemoveXSS($_POST['weddingdate']))); } else { $errors[] = 'Please enter wedding date.'; } //Check for matte or glossy finish $creamwhite = nl2br(htmlspecialchars(RemoveXSS($_POST['matteglossy']))); if($_POST['matteglossy']) { $matteglossy = nl2br(htmlspecialchars(RemoveXSS($_POST['matteglossy']))); } else { $errors[] = 'Please enter matte or glossy finish.'; } //Check for address $streetaddress = nl2br(htmlspecialchars(RemoveXSS($_POST['streetaddress']))); if($_POST['streetaddress']) { $streetaddress = nl2br(htmlspecialchars(RemoveXSS($_POST['streetaddress']))); } else { $errors[] = 'Please enter street address'; } //Check for city $city = nl2br(htmlspecialchars(RemoveXSS($_POST['city']))); if($_POST['city']) { $city = nl2br(htmlspecialchars(RemoveXSS($_POST['city']))); } else { $errors[] = 'Please enter your City'; } //Check for state if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['state'])))) { //To make previous line "optional" change to: if(eregi('^[[:alpha:]\.\' \-]{2,60}$', stripslashes(trim($_POST['state']))) || !$_POST['state']) { $state = $_POST['state']; } else { $errors[] = 'Please enter your state.'; } //Check for phone number if(preg_match('/^\(?[0-9]{3}\)?[\- ]?[0-9]{3}\-?[0-9]{4}$/', stripslashes(trim($_POST['telephone'])))) { $telephone = $_POST['telephone']; } else { $errors[] = 'Please enter a valid, 10 digit, phone number.'; } //Check for e-mail address if(eregi('^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$', stripslashes(trim($_POST['emailaddress'])))) { $emailaddress = $_POST['emailaddress']; } else { $errors[] = 'Please enter a valid email address.'; } //Check for paypal e-mail address if(eregi('^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$', stripslashes(trim($_POST['paypalemail'])))) { $paypalemail = $_POST['paypalemail']; } //Check drop down if (in_array($_POST['quantity1'], $options)) { $o = $_POST['quantity1']; } //Check drop down if (in_array($_POST['quantity2'], $options)) { $ob = $_POST['quantity2']; } //Check drop down if (in_array($_POST['quantity3'], $options)) { $oc = $_POST['quantity3']; } //Check drop down if (in_array($_POST['quantity4'], $options)) { $od = $_POST['quantity4']; } //Check drop down if (in_array($_POST['quantity5'], $options)) { $oe = $_POST['quantity5']; } //Check drop down if (in_array($_POST['quantity6'], $options)) { $of = $_POST['quantity6']; } //Clean comments $comments = nl2br(htmlspecialchars(RemoveXSS($_POST['comments']))); /*Comments were optional, to make them required use: if($_POST['comments']) { $comments = nl2br(htmlspecialchars(RemoveXSS($_POST['comments']))); } else { $errors[] = 'Please enter comments.'; } */ if (empty($errors)) { //No errors, send e-mail $todayis = date("l, F j, Y, g:i a") ; $subject = "Save the Date Order Form"; $message = "Date: $todayis [EST] From: $name ($emailaddress) Quantity of Cards: $o Quantity of Cards: $ob Quantity of Cards: $oc Quantity of Cards: $od Quantity of Cards: $oe Quantity of Cards: $of Card being ordered: $cardname Brides Name: $bridesname Grooms Name: $groomsname Wedding Date: $weddingdate Matte or Glossy Finish: $matteglossy Street Address: $streetaddress City: $city State and Zip Code: $state Telephone Number: $telephone Email Address: $emailaddress Custom Colors: $customcolor"; $from = "From: $emailaddress\r\n"; //send the message. @mail("[email protected]", $subject, $message, $from); echo '<h2><font color="purple">Thank you for your order.</font></h2> <p>If you are paying by paypal, you will receive a payment request within 12 hours after you have customized your card to the email address you provided in the form.</p> <p>If you would like to pay by Check or Money Order, please mail your total purchase price plus $14.00 for shipping and handling to: <b>Branic Designs</b>, 4265 Vance Road, Traverse City, MI 49684.</p> <p>Please be sure to upload your photo if your card choice includes a photo. The photo size should not be any smaller than 3 x 5 and saved in .JPG format. If you have not yet done so, please email your photo to [email protected]</p>' . $footer; //display confirmation exit; } else { // oh dear, there were some errors echo '<h1>Error!</h1> <p>The following error(s) occured:<br />'; foreach ($errors as $msg) { // Print each error. echo " - <font color=\"purple\">$msg</font><br />\n"; } echo '</p><p>Please try again.</p><p><br /></p>'; } } ?> <form action="form.php" method="post"> <!-- this is where we will put the quanitity of cards purchased--> <CENTER> <TD WIDTH="39%" VALIGN="TOP"> <div align="left">Quantity of Cards you wish to purchase <SELECT NAME="quantity1"> <?php foreach ($options as $option) { echo "<option>$option</option>\n"; }?> </SELECT> </div></TD> <!--end where we will put quanitity of cards ordered--> <TABLE BORDER="0" WIDTH="100%"> <TR> <TD WIDTH="38%"><div align="left">Name of Card you are ordering:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="cardname" SIZE="25" value="<?php if (isset($_POST['cardname'])) echo stripslashes($_POST['cardname']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Bride's Full Name:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="bridesname" SIZE="25" value="<?php if (isset($_POST['bridesname'])) echo stripslashes($_POST['bridesname']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Groom's Full Name:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="groomsname" SIZE="25" value="<?php if (isset($_POST['groomsname'])) echo stripslashes($_POST['groomsname']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Wedding Date:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="weddingdate" SIZE="25" value="<?php if (isset($_POST['weddingdate'])) echo stripslashes($_POST['weddingdate']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Where will Wedding take place?</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="weddingplace" SIZE="25" value="<?php if (isset($_POST['weddingplace'])) echo stripslashes($_POST['weddingplace']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Matte or Glossy Finish</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="matteglossy" SIZE="25" value="<?php if (isset($_POST['matteglossy'])) echo stripslashes($_POST['matteglossy']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Street Address:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="streetaddress" SIZE="25" value="<?php if (isset($_POST['streetaddress'])) echo stripslashes($_POST['streetaddress']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">City:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="city" SIZE="25" value="<?php if (isset($_POST['city'])) echo stripslashes($_POST['city']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">State:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="state" SIZE="25" value="<?php if (isset($_POST['state'])) echo stripslashes($_POST['state']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Telephone Number:</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="telephone" SIZE="25" value="<?php if (isset($_POST['telephone'])) echo stripslashes($_POST['telephone']); ?>" /></TD> </TR> <TR> <TD WIDTH="38%"><div align="left">Email Address (If paypal is used to pay, please use paypal email address):</div></TD> <TD WIDTH="62%"><INPUT TYPE="TEXT" NAME="emailaddress" SIZE="25" value="<?php if (isset($_POST['emailaddress'])) echo stripslashes($_POST['emailaddress']); ?>" /></TD> </TR> </TABLE> <TABLE BORDER="0" WIDTH="50%"> <TR> <TD WIDTH="37%">Custom Colors</TD> <TD WIDTH="63%"><INPUT TYPE="checkbox" NAME="customcolor" VALUE="<?php if (isset($_POST['customcolor'])) echo stripslashes($_POST['customcolor']); ?>" />($15.00) </TD> </TR> </TABLE> <p align="left">If you are paying by paypal, you will receive a payment request within 12 hours after you have customized your card to the email address you provided in the form.</p> <p align="left">If you would like to pay by Check or Money Order, please mail your total purchase price plus $14.00 for shipping and handling to: <span class="style2">Branic Designs</span>, 4265 Vance Road, Traverse City, MI 49684. </p> <div align="left"> <p>Please be sure to email your photograph or any other comments/instructions to <a href="mailto:[email protected]">[email protected]</a> after your customization submission. Your photograph must be at least 3 x 5 in size and saved in .JPG format. Also include your Ebay user Email Address within the email. Thank you again for purchasing from Save the Date Bridal. </p> </div> <p> <input type="submit" value="Submit your Request" name="submit"> <input type="reset" value="Clear Form" name="reset"> <br /> </p> </CENTER> </FORM> <?php echo $footer; ?> mod edit - code tags added Link to comment https://forums.phpfreaks.com/topic/106447-missing-code-for-checkboxes/ Share on other sites More sharing options...
GingerRobot Posted May 20, 2008 Share Posted May 20, 2008 Oh mon dieu, use the tags! As for the problem, as far as I can see, you never extract $customcolor from the POST array. Though you might do somewhere. Narrowing down the problem area for us would help us help you. Link to comment https://forums.phpfreaks.com/topic/106447-missing-code-for-checkboxes/#findComment-545677 Share on other sites More sharing options...
dawndmd Posted May 20, 2008 Author Share Posted May 20, 2008 Sorry, I thought it was the quotes I use. Dawn Link to comment https://forums.phpfreaks.com/topic/106447-missing-code-for-checkboxes/#findComment-545956 Share on other sites More sharing options...
dawndmd Posted May 20, 2008 Author Share Posted May 20, 2008 I am not sure what you mean by extract. Did I miss some code to add somewhere? Link to comment https://forums.phpfreaks.com/topic/106447-missing-code-for-checkboxes/#findComment-545957 Share on other sites More sharing options...
GingerRobot Posted May 20, 2008 Share Posted May 20, 2008 Indeed - you'd need to do : $customcolor = $_POST['customcolor']; However, im not sure what value you wanted it to take. And it wouldn't remain checked with the code you have presently either - to make a checkbox checked you need to set the attrribute: checked="checked" Link to comment https://forums.phpfreaks.com/topic/106447-missing-code-for-checkboxes/#findComment-545976 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.