[SOLVED] error checking breaking my code

[jrryan]

Hi there, OK first of all, big apologies for what I assume is really fundamental errors in the structure of my code. I'm really new at this and still learning, but I'm almost at the stage of giving up on this one. I've rewritten the code so many times I can't even remember what it was originally like (when it incidentally worked better).

 

What I am trying to do, is pass a simple form over to a php email script on an external server which validates the form, sends the email (if valid) and returns the user to a success/fail/error page on the original host server.

 

I'm sure looking at the code might enlighten some of you more to what I'm trying to do, no doubt it may just confuse the hell out of most. (I know I am at this point!)

 

Anyway here it is:

 

<?php
if(isset($_POST['email'])) {

//grab referal info from POST
$path = explode('/', $_SERVER['HTTP_REFERER']);
$referer = $path[2];

// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "jr@creativeheat.co.uk";
$email_subject = "Website booking inquiry";

$errortype = "";

function died($error) {
	// your error code can go here
	header( 'Location: http://'.$referer.'/booking/'$error ) ;
	echo $error."<br /><br />";
	echo "We are very sorry, but there were error(s) found with the form your submitted. ";
	echo "These errors appear below.<br /><br />";
	echo "Please go back and fix these errors.<br /><br />";
	die();
}

//Start by setting the values of the checkboxes
if (isset($_POST['booking_0'])) { $book1 = $_POST['booking_0']; if( $book1 == 'Bedroom(s)') { 	$book1 = "                  The Bedroom(s) \n";	}}
if (isset($_POST['booking_1'])) { $book2 = $_POST['booking_1']; if( $book2 == 'Meeting Room') { $book2 = "                  The Meeting Room \n";}}
if (isset($_POST['booking_2'])) { $book3 = $_POST['booking_2']; if( $book3 == 'Barn') { $book3 = "                  The Barn \n";	}}
if (isset($_POST['booking_3'])) { $book4 = $_POST['booking_3']; if( $book4 == 'Campsite') { $book4 = "                  The Campsite \n";}}


//then check for an all false
$errortype = "";
$error_message = "";
if (!isset($_POST[booking_0]) && !isset($_POST[booking_1]) && !isset($_POST[booking_2]) && !isset($_POST[booking_3])) {
//redirect to NO BOOKING TYPE SELECTED page
$error_message = 'error';
$errortype = 'bookingerr';
   	died($errortype) ;
}

//check everything else
$errortype = "";
$error_message = "";
if(!isset($_POST['first_name']) ||
	!isset($_POST['last_name']) ||
	!isset($_POST['number']) ||
	!isset($_POST['email']) ||
	!isset($_POST['adults']) ||
	!isset($_POST['children']) ||
	!isset($_POST['from_date']) ||
	!isset($_POST['to_date']) ||
	!isset($_POST['disabled']) ||
	!isset($_POST['parking']) ||
	!isset($_POST['general'])) {
//redirect to GENERAL INVALIDATION page
$error_message = 'error';
$errortype = 'requirederror' ;
//   	died($errortype) ;
}

$first_name = $_POST['first_name']; // required
$last_name = $_POST['last_name']; // required
$telephone = $_POST['number']; // required
$email_from = $_POST['email']; // required
$adults = $_POST['adults']; // required
$children = $_POST['children']; // required
$fdate = $_POST['from_date']; // required
$tdate = $_POST['to_date']; // required
$disabled = $_POST['disabled']; // not required
$parking = $_POST['parking']; // not required
$comments = $_POST['general']; // not required


$email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$";
$errortype = "";
$error_message = "";
if(!eregi($email_exp,$email_from)) {
//redirect to INVALID EMAIL page
$error_message = 'error';
$errortype = 'emailinvalid';
//   	died($errortype) ;
}
$string_exp = "^[a-z .'-]+$";
$errortype = "";
$error_message = "";
if(!eregi($string_exp,$first_name)) {
//redirect to INVALID FIRSTNAME page
$error_message = 'error';
$errortype = 'fnameerror' ;
//   	died($errortype) ;
}
$errortype = "";
$error_message = "";
if(!eregi($string_exp,$last_name)) {
//redirect to INVALID LASTNAME page
$error_message = 'error';
$errortype = 'lnameerror' ;
//   	died($errortype) ;
}
$errortype = "";
$error_message = "";
if(strlen($comments) < 2) {
//redirect to INVALID COMMENTS page
$error_message = 'error';
$errortype = 'commentserror' ;
//   	died($errortype) ;
}
$string_exp = "^[0-9 .-]+$";
$errortype = "";
$error_message = "";
if(!eregi($string_exp,$telephone)) {
//redirect to INVALID TELEPHONE page
$error_message = 'error';
$errortype = 'telephoneerror' ;
//   	died($errortype) ;
}
if(strlen($error_message) > 0) {
  	died($errortype) ;
  }

$email_message = "Form details below.\n\n";

function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}

$email_message .= "Name:             ".clean_string($first_name)." ".clean_string($last_name)."\n";
$email_message .= "Contact number:   ".clean_string($telephone)."\n";
$email_message .= "Email address:    ".clean_string($email_from)."\n\n";
$email_message .= "Interested in availability of the following: \n";
$email_message .= $book1.$book2.$book3.$book4."\n";
$email_message .= "Date from:        ".clean_string($fdate)."\n";
$email_message .= "Date to:          ".clean_string($tdate)."\n\n";
$email_message .= "Number of...\n";
$email_message .= "Adults:           ".clean_string($adults)."\n";
$email_message .= "Children:         ".clean_string($children)."\n\n";
$email_message .= "Disabled?         ".clean_string($disabled)."\n";
$email_message .= "Parking?          ".clean_string($parking)."\n\n";
$email_message .= "Additional Information: \n\n";
$email_message .= clean_string($comments);


// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  


//redirect to SUCCESS page
header( 'Location: http://'.$referer.'/booking/success' ) ;

}
?>

 

The form is here: http://claverhamtrust.squarespace.com/booking/ I have set values for most of the fields to avoid having to retype information every time I submitted the form. The email aspect of this for works perfectly, it is just the error processing and redirect that is broken/poorly written.

 

Absolutely ANY help on this would be much appreciated. I'm going to continue to try in the mean time though, so if things don't seem to function as you'd expect given the code above it may be because I am changing it live. If I make any progress though, I'll post it here.

 

Thanks a ton!

 

JR

[jrryan]

Hi again, OK been working on the code solidly since my original posting. I noticed that there have been a few views on this post, but no one seems to have any suggestions. I would really appreciate some help, I'm totally stuck now and I know it is a really basic issue that I just can't see.

 

Here is my code now as it stands

<?php

error_reporting(E_ALL);

if(isset($_POST['email'])) {
//	set the EMAIL TO options
$email_to = "jr@creativeheat.co.uk";
$email_subject = "Website booking inquiry";
//	grab referal info from POST
$path = explode('/', $_SERVER['HTTP_REFERER']);
$referer = $path[2];
//	redirect to error page
function died($error) {
$path = explode('/', $_SERVER['HTTP_REFERER']);
$referer = $path[2];
	header( 'Location: http://'.$referer.'/booking/'.$error ) ;
}

//	grab the checkbox values and change them to strings
if (isset($_POST['booking_0'])) { $book1 = $_POST['booking_0']; if( $book1 == 'Bedroom(s)') { 	$book1 = "                  The Bedroom(s) \n";	}} else {$book1 = "\n";}
if (isset($_POST['booking_1'])) { $book2 = $_POST['booking_1']; if( $book2 == 'Meeting Room') { $book2 = "                  The Meeting Room \n";}} else {$book2 = "\n";}
if (isset($_POST['booking_2'])) { $book3 = $_POST['booking_2']; if( $book3 == 'Barn') { $book3 = "                  The Barn \n";	}} else {$book3 = "\n";}
if (isset($_POST['booking_3'])) { $book4 = $_POST['booking_3']; if( $book4 == 'Campsite') { $book4 = "                  The Campsite \n";}} else {$book4 = "\n";}
//	clear the ERRORTYPE & ERROR_MESSAGE variables
$errortype = "";
$error_message = "";
//	then check for an all false in the checkbox group
if ($book1 = "" && $book2 = "" && $book3 = "" && $book4 = "" ) {
//	alternate method of all false check
//	if (!isset($_POST['booking_0']) && !isset($_POST['booking_1']) && !isset($_POST['booking_2']) && !isset($_POST['booking_3'])) {
//	provided none of the checkboxes are ticked set the DIED function parameter to ERRORTYPE = BOOKINGERR
	$error_message = 'error';
	$errortype = 'bookingerr';
	if(strlen($error_message) > 0) {
  			died($errortype) ;
  		}
//	alternate bruteforce redirect to NO BOOKING TYPE SELECTED page
//		header( 'Location: http://'.$referer.'/booking/'.$errortype ) ;
}

//	check everything else
//	reset the ERROR variables
$errortype = "";
$error_message = "";
//	check the ISSET state of the remaining required fields
if(!isset($_POST['first_name']) ||
	!isset($_POST['last_name']) ||
	!isset($_POST['number']) ||
	!isset($_POST['email']) ||
	!isset($_POST['adults']) ||
	!isset($_POST['children']) ||
	!isset($_POST['from_date']) ||
	!isset($_POST['to_date']) ||
	!isset($_POST['disabled']) ||
	!isset($_POST['parking']) ||
	!isset($_POST['general'])) {
//	 redirect to GENERAL INVALIDATION page
	$error_message = 'error';
	$errortype = 'requirederror' ;
	if(strlen($error_message) > 0) {
  			died($errortype) ;
  		}
}

//	set FIELD variables
$first_name = $_POST['first_name']; // required
$last_name = $_POST['last_name']; // required
$telephone = $_POST['number']; // required
$email_from = $_POST['email']; // required
$adults = $_POST['adults']; // required
$children = $_POST['children']; // required
$fdate = $_POST['from_date']; // required
$tdate = $_POST['to_date']; // required
$disabled = $_POST['disabled']; // not required
$parking = $_POST['parking']; // not required
$comments = $_POST['general']; // not required


//	begin INVALID field character checks
$email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$";
$errortype = "";
$error_message = "";
if(!eregi($email_exp,$email_from)) {
//	redirect to INVALID EMAIL page
$error_message = 'error';
$errortype = 'emailinvalid';
	if(strlen($error_message) > 0) {
  			died($errortype) ;
  		}
}
$string_exp = "^[a-z .'-]+$";
$errortype = "";
$error_message = "";
if(!eregi($string_exp,$first_name)) {
//	redirect to INVALID FIRSTNAME page
$error_message = 'error';
$errortype = 'fnameerror' ;
	if(strlen($error_message) > 0) {
  			died($errortype) ;
  		}
}
$errortype = "";
$error_message = "";
if(!eregi($string_exp,$last_name)) {
//	redirect to INVALID LASTNAME page
$error_message = 'error';
$errortype = 'lnameerror' ;
	if(strlen($error_message) > 0) {
  			died($errortype) ;
  		}
}
$errortype = "";
$error_message = "";
if(strlen($comments) < 2 ) {
//	redirect to INVALID COMMENTS page
	$error_message = 'error';
	$errortype = 'commentserror' ;
	if(strlen($error_message) > 0) {
  			died($errortype) ;
  		}
}
$string_exp = "^[0-9 .-]+$";
$errortype = "";
$error_message = "";
if(!eregi($string_exp,$telephone)) {
//	redirect to INVALID TELEPHONE page
$error_message = 'error';
$errortype = 'telephoneerror' ;
	if(strlen($error_message) > 0) {
  			died($errortype) ;
  		}
}
//	failsafe
if(strlen($error_message) > 0) {
  		died($errortype) ;
  	}


//	begin EMAIL MESSAGE creation
$email_message = "Form details below.\n\n";
//	remove ILLEGAL data from submitted fields	
function clean_string($string) {
	$bad = array("content-type","bcc:","to:","cc:","href");
	return str_replace($bad,"",$string);
}
//	set EMAIL_MESSAGE variable from data gathered from form	
$email_message .= "Name:             ".clean_string($first_name)." ".clean_string($last_name)."\n";
$email_message .= "Contact number:   ".clean_string($telephone)."\n";
$email_message .= "Email address:    ".clean_string($email_from)."\n\n";
$email_message .= "Interested in availability of the following: \n";
$email_message .= $book1.$book2.$book3.$book4."\n";
$email_message .= "Date from:        ".clean_string($fdate)."\n";
$email_message .= "Date to:          ".clean_string($tdate)."\n\n";
$email_message .= "Number of...\n";
$email_message .= "Adults:           ".clean_string($adults)."\n";
$email_message .= "Children:         ".clean_string($children)."\n\n";
$email_message .= "Disabled?         ".clean_string($disabled)."\n";
$email_message .= "Parking?          ".clean_string($parking)."\n\n";
$email_message .= "Additional Information: \n\n";
$email_message .= clean_string($comments);
//	create EMAIL HEADERS
$headers = 'From: '.$email_from."\r\n".'Reply-To: '.$email_from."\r\n".'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  
//	redirect to SUCCESS page
header( 'Location: http://'.$referer.'/booking/success' ) ;

}

?>

 

The form doesn't seem to error check at all, it just submits successfully no matter what I put in the fields. I should point out to anyone testing this script on the website that the pages the use is redirected to are not created yet, but you can tell by the page not found message whether the script worked or not as the url reflects the error msg if there is one (i.e. if you haven't ticked any checkboxes you should go to "/booking/bookingerr" not "/booking/success").

[PFMaBiSmAd]

You need to use both of the following lines of code to insure that errors are both reported and displayed -

 

ini_set("display_errors", "1");
error_reporting(E_ALL);

 

Every header() redirect needs an exit; statement after it to PREVENT the remainder of the code on the page from being executed. Your validation code might in fact be sending a header() redirect due to a validation error but because the code continues executing and is reaching the header() redirect to '/booking/success' it is likely that you are only seeing that result of that one.

[jrryan]

Brilliant! You I mean, me on the other hand  :-\

All functional. Just one more question though, is there a more elegant way of structuring the error checking so I don't have to put the

		if(strlen($error_message) > 0) {
  			died($errortype) ;
  		}

statement within each error block?

 

This one isn't urgent, just for my learning purposes.

 

Thanks again PFMaBiSmAd

[PFMaBiSmAd]

A slightly different method of handling validation errors is to use an array to hold the errors/messages. You set an array element for each validation that fails but continue with all the validation logic. This allows you to validate and then display multiple errors at one time instead of just handling the first one found, then wait to display and handle the next one on the next form submission... When you get to the end of the validation logic, if the error/message array is empty, there were no validation errors and you do your normal form processing. If the array is not empty, you redisplay the form. You can also do things like make the array index names indicate which form field failed so that you can put the error/message adjacent to the actual form field it applies to.

 

This method works best when the form and the form processing code is on one page. Using a single page also makes it easier to redisplay the previously entered values in the corresponding form fields.

[mrMarcus]

try and keep ALL of your error handling in one section/together .. usually in an included file (to keep things neat).

 

you can cast errors into an array:

 

if (!isset ($_POST['first_name']) || (empty ($_POST['first_name'])))
{ $errors['first_name'] = 'Please enter a first name!'; }

//continue with rest of checking/handling...

//then...

if (is_array ($errors))
{
     //stop script/redirect/display errors/whatever;

     foreach ($errors as $error)
     { echo $error.'<br />'; } //you can pretty it up here, etc;
}
else
{
     //continue with script, ie. process db request, redirect, etc.
}

[jrryan]

very cool guys(? presume you're guys) I'm taking it onboard for my next project. Unfortunately I'm not able to process PHP on the host server so I don't see any practical way to use the array to process errors on the host server (i.e. display an appropriate static error page). But like I said, when I'm constructing my next site on a php enabled server I'll definitely put this into practice.

Thanks for the help and the lesson!