PHP Contact Form

[aka_twan]

Hi all, I am currenlty coding up PHP validation for a contact form and as I know barely any PHP i have been following tutorials and copying code.

 

I have a series of checkboxes which emails out the various products that the user wants.

 

It all works now except that it does not re-direct to a thank you page now and outputs this error at the top of the page.

 

Warning: Invalid argument supplied for foreach() in /home2/xxxxxxxx/public_html/client/contact.php on line 17

 

Below is the code for the PHP and form, any help would be greatly appreciated.

 

Thank you!

 

<?php
if (isset($_POST['submit']))
{
        $myemail = 'my@email.com';//<-----Put Your email address here.
        $title = 'Quote';
        $name = $_POST['name'];
        $company = $_POST['company'];
        $house = $_POST['house'];
        $street = $_POST['street'];
        $postcode = $_POST['postcode'];
        $daynum = $_POST['daynum'];
        $evenum = $_POST['evenum'];
        $email = $_POST['email'];
        $how = $_POST['how'];
        $information = $_POST['information'];
        
        foreach($_POST['product'] as $value) {
                $product_msg .= " - $value";
        } 

$errors = array(); // set the errors array to empty, by default
$fields = array(); // stores the field values
$success_message = "";

  // import the validation library
  require("validation.php");

  $rules = array(); // stores the validation rules

  // standard form fields
  
  $rules[] = "required,name,Name is required.";
  $rules[] = "required,house,House number is required.";
  $rules[] = "required,street,Street is required.";
  $rules[] = "required,postcode,Post Code is required.";
  $rules[] = "required,daynum,Daytime Number is required.";

  $errors = validateFields($_POST, $rules);

  // if there were errors, re-populate the form fields
  if (!empty($errors))
  {  
    $fields = $_POST;
  }
  
  // no errors! redirect the user to the thankyou page (or whatever)
  else 
  {
    
    // here you would either email the form contents to someone or store it in a database. 
    // To redirect to a "thankyou" page, you'd just do this:
    // header("Location: thanks.php");



$to = $myemail; 
$email_subject = "Quote: $name";
$email_body = "You have received a new quote from $name. ".
" Here are the details:\n \n Name: $name\n \n Company: $company\n \n House: $house\n \n Street: $street\n \n Postcode: $postcode\n \n Daytime Number: $daynum\n \n Evening Number: $evenum\n \n Email: $email\n \n Products: $product_msg\n \n Additional Information: $information\n \n How: $how";

$headers = "From: $title\n"; 
$headers .= "Reply-To: $email";

mail($to,$email_subject,$email_body,$headers);
//redirect to the 'thank you' page
header('Location: thank-you.html');
  }
} 
          
?>

    
    <form action="<?=$_SERVER['PHP_SELF']?>" method="post" id="contact-form" class="cmxform">
    
    <?php
    
    // if $errors is not empty, the form must have failed one or more validation 
    // tests. Loop through each and display them on the page for the user
    if (!empty($errors))
    {
      echo "<div class='phperror'>Please fix the following errors:\n<ul>";
      foreach ($errors as $error)
        echo "<li>$error</li>\n";
    
      echo "</ul></div>"; 
    }
    
    if (!empty($message))
    {
      echo "<div class='notify'>$success_message</div>";
    }
    ?>
    
    <fieldset>    
	<label for="name">Name:*</label>
	<label for="name" class="error">Please enter your name.</label>
	<input class="text" type="text" id="name" name="name" value="<?=$fields['name']?>"/>
    	<label for="company">Company Name:</label>
	<input class="text" type="text" id="company" name="company">
	<label for="house">House Number:*</label>
	<label for="house" class="error">Please enter your house number.</label>
	<input class="text" type="text" id="house" name="house" value="<?=$fields['house']?>">
	<label for="street">Street Name:*</label>
	<label for="street" class="error">Please enter your street name.</label>
	<input class="text" type="text" id="street" name="street" value="<?=$fields['street']?>">
	<label for="postcode">Post Code:*</label>
	<label for="postcode" class="error">Please enter your post code.</label>
	<input class="text" type="text" id="postcode" name="postcode" value="<?=$fields['postcode']?>">
	<label for="daynum">Daytime Number:*</label>
	<label for="daynum" class="error">Please enter your number.</label>
	<input class="text" type="text" id="daynum" name="daynum" value="<?=$fields['daynum']?>">		
	<label for="evenum">Evening Number:</label>
	<input class="text" type="text" id="eve-num" name="evenum">		
	<label for="email">Email Address:</label>
	<input class="text" type="text" id="email" name="email">
</fieldset>

<fieldset>

<label>Cara Glass Product:</label>
<label for="check[]" class="error">Please choose a product.</label>	
<div id="product">

	<div class="radio-btn">
		<label for="conservatory">Conservatory</label>
		<input type="checkbox" value="conservatory" id="conservatory" name="product[]" validate="required:true"/>
	</div><!--radio-btn-->

	<div class="radio-btn">
		<label for="windows">Windows</label>
		<input type="checkbox" value="windows" name="product[]" />
	</div><!--radio-btn-->

	<div class="radio-btn">
		<label for="fascias">Fascias</label>
		<input type="checkbox" value="fascias" name="product[]" />
	</div><!--radio-btn-->

	<div class="radio-btn">
		<label for="doors">Doors</label>
		<input type="checkbox" value="doors" name="product[]" />
	</div><!--radio-btn-->

	<div class="radio-btn">
		<label for="rooftrim">Rooftrim</label>
		<input type="checkbox" value="rooftrim" name="product[]" />
	</div><!--radio-btn-->

</div><!--product-->

<label for="information">Additional Information:</label>
<textarea id="information" name="information"></textarea>

</fieldset>

<fieldset>

<p>How Did You Hear About Us?</p>

<div id="how">

	<div class="radio-btn">
		<label for="internet">Internet</label>
		<input type="radio" value="internet" id="internet" name="how"/>
	</div><!--radio-btn-->

	<div class="radio-btn">
		<label for="letter">Marketing Letter</label>
		<input type="radio" value="letter" id="letter" name="how" />
	</div><!--radio-btn-->

	<div class="radio-btn">
		<label for="referral">Referral</label>
		<input type="radio" value="referral" id="referral" name="how" />
	</div><!--radio-btn-->

	<div class="radio-btn">
		<label for="advertising">Advertising</label>
		<input type="radio" value="advertising" id="advertising" name="how" />
	</div><!--radio-btn-->

	<div class="radio-btn">
		<label for="vans">Our Vans</label>
		<input type="radio" value="vans" id="vans" name="how" />
	</div><!--radio-btn-->

</div><!--how-->

<p class="submit">Once we have received your details we will call you to arrange a convenient time</p>

</fieldset>

    <input type="submit" name="submit" value="SUBMIT" />
    
    </form>

[AyKay47]

addressing solely the issue at hand, which is this foreach loop:

 

foreach($_POST['product'] as $value) {
     $product_msg .= " - $value";
} 

 

a foreach loop is used to iterate through an array, which I assume you already know. The value of $_POST['product'] is a type string, which cannot be used in a foreach loop.

 

Also, you do not assign $product_msg a value before attempting to concatenate a value onto it, this will also result in an error.

 

Using $_SERVER['PHP_SELF'] as a forms action leaves the form wide open to XSS attacks. Instead leave the form action blank, this will give the same results as using php_self.

[Pikachu2000]

$_POST['product'] is not a string. It is either an array, or it is non-existent. It needs to be validated and if it's a required field, an error generated. If it isn't required, an empty array can be initialized to eliminate the error. The $product_msg variable should also be initialized before the loop to prevent the undefined variable notice that is generated by using .= to initialize an array with a value.

 

<?php
$product_msg = '';
$valid_values = array('conservatory', 'windows', 'fascias', 'doors', 'rooftrim');
if( !empty($_POST['product']) ) {
foreach($_POST['product'] as $value) {
	if( !in_array($value, $valid_values) ) {
		// value is not one of the form's options, indicating possible malicious use. Can set an error here for that.
	}
	$product_msg .= " - $value";
}
echo $product_msg;
} else {
// array was empty, so set an error here if it's a required field
}

[aka_twan]

Thank you both.

The form still validates and sends the email with the correct details however I am getting a new error message -

 

- conservatory - windows - fascias - doors - rooftrim

Warning: Cannot modify header information - headers already sent by (output started at /home2/xxxxxxxx/public_html/client/contact.php:26) in /home2/xxxxxxxx/public_html/client/contact.php on line 76

 

I'm sorry if this is a simple error and uestion but my PHP knowledge is slim at best

 

Thank you.

[scootstah]

You can't have any output before calling the header() function. It looks as though you have whitespace above the <?php tag.

[Pikachu2000]

Is there anything in that file before the code you've posted? More html perhaps? Something is generating output that is being sent to the browser, and headers can't be sent after any other output.

[AyKay47]

Thank you both.

The form still validates and sends the email with the correct details however I am getting a new error message -

 

- conservatory - windows - fascias - doors - rooftrim

Warning: Cannot modify header information - headers already sent by (output started at /home2/xxxxxxxx/public_html/client/contact.php:26) in /home2/xxxxxxxx/public_html/client/contact.php on line 76

 

I'm sorry if this is a simple error and uestion but my PHP knowledge is slim at best

 

Thank you.

 

for this, refer here

 

Edit: first comment retracted, as I overlooked the fact that $_POST['product'] contains an array of check box values, apologies pika.