Form Validation Script

[Ricky55]

Hi

 

I've been using jQuery to validate my forms but one of my clients is starting to receive blank emails as some idiots are just turning off JS to bypass the validation.

 

I have therefore found a PHP script to act as a back up which is working exactly as I want.

 

The only problem is that it forces all fields to be completed and I like to add certain fields that don't necessarily need to be completed such as a Company field.

 

So my question is how could I modify this script to allow the company field or any other that I decide to be left blank?

 

The basic page can be viewed here

 

http://www.qwerty-demos.co.uk/contact/

 

And this is the script

 

<?php
$after = "../thanks.html"; 
$oops = "../oops.html";

if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") {
    exit("<p>You did not press the submit button; this page should not be accessed directly.</p>");
} else {
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
    $profanity = "/(beastial|bestial|blowjob|clit|cock|cum|cunilingus|cunillingus|cunnilingus|cunt|ejaculate|fag|felatio|fellatio|fuk|fuks|gangbang|gangbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus|orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i";
    $spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i";
    $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

    if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
        exit("<p>Known spam bots are not allowed.</p>");
    }
    foreach ($_POST as $key => $value) {
        $value = trim($value);

        if (empty($value)) {
        	if ($key != "email")  
        		{
            exit("<p>Please go back and complete the required fields.</p>");      
            	}
        } elseif (preg_match($exploits, $value)) {
            exit("<p>Exploits/malicious scripting attributes aren't allowed.</p>");
        } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
            exit("<p>Please keep things clean, no naughty words!</p>");
        }

        $_POST[$key] = stripslashes(strip_tags($value));
    }

    if (!ereg("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,6})$",strtolower($_POST['email']))) {
        exit("<p>How can we reply if you don't provide us with a valid email address?</p>");
    }

    $recipient = "my email address";
    $subject = "Web Site Enquiry";
    
$message .= "Name: {$_POST['name']} \n";
$message .= "Email: {$_POST['email']} \n";
$message .= "Tel: {$_POST['telNo']} \n";
$message .= "Company: {$_POST['company']} \n";
$message .= "Message: {$_POST['message']} \n";


    $headers .= "From: {$_POST['email']}";

    if (mail($recipient,$subject,$message,$headers)) {
        echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$after\">"; 
    } else {
        echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$oops\">";
    }
}
?>

[Lyleyboy]

You need to use IF statements, with regular expressions if you'd like.

 

You'll need to check that each form field has been completed and that it is x characters long.

 

Only once all that is done can you submit the content.

 

Hope this helps.

<?php
if($_POST['fieldName'] == ''){
    //fail
} else {
    //Worked
}
?>