Contact form validation

[Deckarduk]

Hi guys,

 

I'm sure this is pretty straight forward, but I have very limited PHP experience. Can someone please let me know the best way to add validation to the following contact form?:

<?php

$EmailTo = "email@domain.com";
$Subject = "Website Contact Page";
$EmailFrom = Trim(stripslashes($_POST['Name']));

$Name = Trim(stripslashes($_POST['Name']));
$Email = Trim(stripslashes($_POST['Email']));
$Website = Trim(stripslashes($_POST['Website']));
$Message = Trim(stripslashes($_POST['Message']));

// validation
$validationOK=true;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
  exit;
}

// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Telephone: ";
$Body .= $Telephone;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";

// send email
$success = mail($EmailTo, $Subject, $Body, "From: $EmailFrom");

// redirect to success page
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=thanks.html\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>
 

 

Any help greatly appreciated. Thanks in advance.

 

 

[timothyarden]

Hi, I sent you an email regarding this

[Deckarduk]

Still looking for help please.

[otuatail]

Is it the valid email address you want? Someone has put a lot of work into doing this. I can dig it out if you want.

 

[Deckarduk]

Is it the valid email address you want? Someone has put a lot of work into doing this. I can dig it out if you want.

 

Hi Otuatail. Thanks for your reply.

 

The basic requirement at present is simply to check whether there's an entry for each field at all, before sending the message, rather than checking a given address itself exists.

 

Any help you can offer would be great though.

 

Sam

[Christian F.]

If you want to validate the e-mail, then filter_var with the FILTER_VALIDATE_EMAIL flag is all you need.

You should also remove all of those stripslashes, as they are not needed (and can be quite detrimental to the security). If you have magic_quotes activated, turn them off instead!

 

As for validation: That's something you do when you are retrieving the data from the user, in this instance the $_POST array. How to validate the values depends entirely upon what those values are meant to contain, and what you expect within those parameters. Names validate completely differently to numbers, which validate completely differently to phone numbers, and so forth.

 

Validation is short way of saying: To check the input against a set of rules which confirms its adherence to the expected pattern, for that type of input, as determined by your business rules and requirements.

That's why I recommend that you search around a bit on this forum, for "{type} validation" where "{type}" is what you're looking to validate. Such as "name", "email" and so forth. You should find plenty of good information when doing so, both from me and from other people.

I know there's a great tutorial on input validation too, but I can't find it at the moment.

 

When the validation fails, and it will do, that's a good time to store an error message so that you can tell the user. Once you've validated all fields, echo the collected messages to the user and show the form anew. Giving him a chance to correct his/her mistakes, and then re-submit the form.

Once everything validated, and only then, you can save them to the database, mail them to yourself, or do whatever you like.