pinheadgunpowdr9 Posted November 3, 2010 Share Posted November 3, 2010 Hi guys, sorry for such a newbish question. Any help would be greatly appreciated. HTML FORM: <form action="form.php" method="post" onsubmit="return validateForm()" name="form"> <b>First Name:*</b> <input type="text" name="first_name" size="50" /> <b>Last Name:*</b> <input type="text" name="last_name" size="50" /> <b>Phone:*</b> <input type="text" name="phone" size="50" /> <b>Email:*</b> <input type="text" name="email" size="50" /> <p><b>What is your favorite color?*</b></p> <p align="left"> <select name="se"> <option value="W">White</option> <option value="G">Green</option> <option value="Y">Yellow</option> </select> <input type="submit" value="Submit"/> </form> FORM.PHP script <?php $se = $_POST['se']; $seURL = ''; switch ($se) { case 'W': $seURL = "http://url1.com"; break; case 'G': $seURL = "http://url2.com"; break; case 'O': $seURL = "http://url3.com"; break; default: $seURL = ""; } if ($seURL != "") { /* Redirect browser */ /* make sure nothing is output to the page before this statement */ header("Location: " . $seURL); } // get posted data into local variables $EmailFrom = "noreply@domain.com"; $EmailTo = "email@domain.com"; $Subject = "Form"; $first_name = Trim(stripslashes($_POST['first_name'])); $last_name = Trim(stripslashes($_POST['last_name'])); $phone = Trim(stripslashes($_POST['phone'])); $email = Trim(stripslashes($_POST['email'])); // validation $validationOK=true; if (!$validationOK) { print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">"; exit; } // prepare email body text $Body = ""; $Body .= "first_name: "; $Body .= $first_name; $Body .= "\n"; $Body .= "last_name: "; $Body .= $last_name; $Body .= "\n"; $Body .= "phone: "; $Body .= $phone; $Body .= "\n"; $Body .= "email: "; $Body .= $email; $Body .= "\n"; $Body .= "color: "; $Body .= $se; $Body .= "\n"; // send email $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>"); // send email to user if ($se=="W") $EmailFrom = "noreply@domain.com"; $to = $email; $subject = "form email"; $body = "thank you for filling out our form"; if (mail($to, $subject, $body, "From: <$EmailFrom>")) { echo("<p>Message successfully sent!</p>"); } else { echo("<p>Message delivery failed...</p>"); } ?> [code] MOD EDIT: [nobbc][code] . . . [/nobbc] tags added . . .[/code] Quote Link to comment Share on other sites More sharing options...
pinheadgunpowdr9 Posted November 3, 2010 Author Share Posted November 3, 2010 Also, is there any server side scripting I can do to only let the script run if data is submitted from the form? Thus preventing the script from running and sending a blank email if script is accessed? Quote Link to comment Share on other sites More sharing options...
WTFranklin Posted November 4, 2010 Share Posted November 4, 2010 Hey, honestly I don't think I'd be much help with the security, but I noticed the bit about preventing a blank email from being sent which I think I can help with. I'm assuming you have a js function for validateform() returning true. What I've done with something I've made like this before is have js check the form to make sure it's good, but also use php to make sure none of the fields are left blank. Very simplified compared to what you have, of course, but something like: $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email']; if(isset($first_name) && isset($last_name) && isset($email)) { mail($your, $headers, $and, $other_info); } That way it'll only send if all the variables are set. They could always enter irrelevant gibberish, but at least it wouldn't be a blank email. I hope that helps at least somewhat. Quote Link to comment Share on other sites More sharing options...
NLCJ Posted November 4, 2010 Share Posted November 4, 2010 Please notice that if you use the method specified above, the user will have to refill all the fields. In order to prevent that you can use: <input type="text" name="first_name" size="50" value="<?php echo $first_name; ?>"/> Quote Link to comment Share on other sites More sharing options...
rwwd Posted November 4, 2010 Share Posted November 4, 2010 Please notice that if you use the method specified above, the user will have to refill all the fields. In order to prevent that you can use: <input type="text" name="first_name" size="50" value="<?php echo $first_name; ?>"/> Not like this though, as you would get undefined index error's, you need to check to see if the var is there (isset()) but yes, this logic is the right approach... Rw Quote Link to comment Share on other sites More sharing options...
NLCJ Posted November 4, 2010 Share Posted November 4, 2010 Please notice that if you use the method specified above, the user will have to refill all the fields. In order to prevent that you can use: <input type="text" name="first_name" size="50" value="<?php echo $first_name; ?>"/> Not like this though, as you would get undefined index error's, you need to check to see if the var is there (isset()) but yes, this logic is the right approach... Rw What do you mean? I always get the wanted result. If an user submitted the form, and that field was empty it will echo 'nothing' -> empty. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 4, 2010 Share Posted November 4, 2010 If you had error reporting / display errors on, you'd see a ton of undefined index/undefined variable warnings. Quote Link to comment Share on other sites More sharing options...
rwwd Posted November 4, 2010 Share Posted November 4, 2010 If you had error reporting / display errors on, you'd see a ton of undefined index/undefined variable warnings. Yup. so yours would become this:- <input type="text" name="first_name" size="50" value="<?php echo (isset($first_name) ? $first_name : ''); ?>"/> This would get rid of those error's IF you had the error reporting on. Rw Quote Link to comment Share on other sites More sharing options...
NLCJ Posted November 4, 2010 Share Posted November 4, 2010 Going to test that out, another thing learned! Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.