Jump to content

Sanitize Function Stripping My Variables?

capitalalist

By capitalalist
in PHP Coding Help

 Share

Recommended Posts

capitalalist Newbie

capitalalist

Posted
Posted

Hi Guys,

 

First off thanks in advance for taking the time to take a look at this. It's been driving me crazy  :o

 

What I'm trying to do here is take a hidden form value and pass it to a php script to be echo'd out into an email in the following steps.

 

Step 1. Pass the hidden field data from the link to the form page

<a href="http://www.domainname.com/guestlist/guestlisttemp.php?param1=Movida&param2=02072052245">Join The Guestlist</a>

Step 2: Receive the form data and echo into the relevant fields

<p>Testing New Guestlist Form</p>
<?php $param1 = $_GET['param1'];$param2 = $_GET['param2'];?>
<form method="post" action="http://www.domainname.com/confirmation" >
<input type="hidden" name="gl_clubname" value="<?php echo $param1;?>" /><input type="hidden" name="gl_clubnumber" value="<?php echo $param2;?>" />
<label for="gl_name" >Name<span id="required">*</span></label><br/>
<input type="text" name="gl_name" /><br/>
<label for="gl_email" >Email<span id="required">*</span></label><br/>
<input type="text" name="gl_email" /><br/>
<label for="gl_phonenumber" >Phone number<span id="required">*</span></label><br/>
<input type="text" name="gl_phonenumber" /><br/>
<label for="gl_when" >Date of attendance<span id="required">*</span></label><br/>
<input type="text" name="gl_when" /><br/>
<label for="gl_message" >Further Details</label><br/>
<textarea rows="3" name="gl_message"></textarea><br/>
<p>Are you over 18?<span id="required">*</span></p>
<div id="datebirthcustom" style="margin-top:-12px; ;">
<div id="gl_selects">
<select name="gl_day" class="guestlistselect">
<option value="day">Day:</option>
<option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option value="5">5</option><option value="6">6</option><option value="7">7</option><option value="8">8</option><option value="9">9</option><option value="10">10</option><option value="11">11</option><option value="12">12</option><option value="13">13</option><option value="14">14</option><option value="15">15</option><option value="16">16</option><option value="17">17</option><option value="18">18</option><option value="19">19</option><option value="20">20</option><option value="21">21</option><option value="22">22</option><option value="23">23</option><option value="24">24</option><option value="25">25</option><option value="26">26</option><option value="27">27</option><option value="28">28</option><option value="29">29</option><option value="30">30</option><option value="31">31</option></select>
<select name="gl_month" class="guestlistselect">
<option value="month">Month:</option>
<option value="1">January</option><option value="2">February</option><option value="3">March</option><option value="4">April</option><option value="5">May</option><option value="6">June</option><option value="7">July</option><option value="8">August</option><option value="9">September</option><option value="10">October</option><option value="11">November</option><option value="12">December</option></select>
<select name="gl_year" class="guestlistselect">
<option value="year">Year:</option>
<option value="1996">1996</option><option value="1995">1995</option><option value="1994">1994</option><option value="1993">1993</option><option value="1992">1992</option><option value="1991">1991</option><option value="1990">1990</option><option value="1989">1989</option><option value="1988">1988</option><option value="1987">1987</option><option value="1986">1986</option><option value="1985">1985</option><option value="1984">1984</option><option value="1983">1983</option><option value="1982">1982</option><option value="1981">1981</option><option value="1980">1980</option><option value="1979">1979</option><option value="1978">1978</option><option value="1977">1977</option><option value="1976">1976</option><option value="1975">1975</option><option value="1974">1974</option><option value="1973">1973</option><option value="1972">1972</option><option value="1971">1971</option><option value="1970">1970</option><option value="1969">1969</option><option value="1968">1968</option><option value="1967">1967</
option><option value="1966">1966</option><option value="1965">1965</option><option value="1964">1964</option><option value="1963">1963</option><option value="1962">1962</option><option value="1961">1961</option><option value="1960">1960</option><option value="1959">1959</option><option value="1958">1958</option><option value="1957">1957</option><option value="1956">1956</option><option value="1955">1955</option><option value="1954">1954</option><option value="1953">1953</option><option value="1952">1952</option><option value="1951">1951</option><option value="1950">1950</option><option value="1949">1949</option><option value="1948">1948</option><option value="1947">1947</option><option value="1946">1946</option><option value="1945">1945</option><option value="1944">1944</option><option value="1943">1943</option><option value="1942">1942</option><option value="1941">1941</option><option value="1940">1940</option><option value="1939">1939</option><option value="1938">1938</option><option value="1937">1937</
option><option value="1936">1936</option><option value="1935">1935</option><option value="1934">1934</option><option value="1933">1933</option><option value="1932">1932</option><option value="1931">1931</option><option value="1930">1930</option><option value="1929">1929</option><option value="1928">1928</option><option value="1927">1927</option><option value="1926">1926</option><option value="1925">1925</option><option value="1924">1924</option><option value="1923">1923</option><option value="1922">1922</option><option value="1921">1921</option><option value="1920">1920</option><option value="1919">1919</option><option value="1918">1918</option><option value="1917">1917</option><option value="1916">1916</option><option value="1915">1915</option><option value="1914">1914</option><option value="1913">1913</option><option value="1912">1912</option><option value="1911">1911</option><option value="1910">1910</option><option value="1909">1909</option><option value="1908">1908</option><option value="1907">1907</
option><option value="1906">1906</option><option value="1905">1905</option><option value="1904">1904</option><option value="1903">1903</option><option value="1902">1902</option><option value="1901">1901</option><option value="1900">1900</option></select></div></div>
<br/><input type = "submit" value = "Join The Guestlist!" class="button"/>
</form>

Step 3: Upon the loading of the 'confirmation page' run the following script

/* Load form data
======================================================================*/
$sophisticated = $_POST['gl_sophisticated'];
$name = $_POST['gl_name'];
$email = trim($_POST['gl_email']);
$mobile = $_POST['gl_number'];
$when = $_POST['gl_when'];
$message = $_POST['gl_message'];
$day = $_POST['gl_day'];
$month = $_POST['gl_month'];
$clubname = $_POST['gl_clubname'];
$clubnumber = $_POST['gl_clubnumber'];
$year = $_POST['gl_year'];
//Create Birthday in mm/dd format for mailchimp
$birthday = $month."/".$day;
//Create Birthday in dd/mm/yy output
$birthdayfull = $day."/".$month."/".$year;

/* Functions
==================================================================*/
function sanitize($var) {
    $var = stripslashes($var);
    $var = htmlentities($var);
    $var = htmlspecialchars($var);
    return $var;
}

function ParseName($name)
{
 // Calculate first/last names
 $space = strpos($name, ' ');
 if ($space !== false) {
  $firstName = substr($name, 0, $space);
  $lastName = substr($name, $space + 1);
 } else {
  $firstName = $name;
  $lastName = '';
 }
 
 return array('first' => $firstName, 'last' => $lastName);
}

The problem I'm having is that all of the variables will echo/print and display the data held within except for $clubname and $clubnumber. What am I doing wrong here. It all looks ok to me but the variables of $clubname and $clubnumber just give me zip!

 

Is it the sanitize function????  :confused:

 

Thanks in advance for the help on this one guy!! 

Link to comment
Share on other sites
capitalalist Newbie

capitalalist

Posted
  • Author
Posted

Yeah, that was my first port of call. Here is the exert from source code:

<p>Testing New Guestlist Form</p>
<form method="post" action="http://www.cluboid.com/confirmation" >
<input type="hidden" name="gl_clubname" value="Movida" /><input type="hidden" name="gl_clubnumber" value="02072052245" />
<label for="gl_name" >Name<span id="required">*</span></label><br/>
<input type="text" name="gl_name" /><br/>
<label for="gl_email" >Email<span id="required">*</span></label><br/>
<input type="text" name="gl_email" /><br/>
<label for="gl_phonenumber" >Phone number<span id="required">*</span></label><br/>
<input type="text" name="gl_phonenumber" /><br/>
<label for="gl_when" >Date of attendance<span id="required">*</span></label><br/>
<input type="text" name="gl_when" /><br/>
<label for="gl_message" >Further Details</label><br/>
<textarea rows="3" name="gl_message"></textarea><br/>
<p>Are you over 18?<span id="required">*</span></p>

Notice the line 

<input type="hidden" name="gl_clubname" value="Movida" /><input type="hidden" name="gl_clubnumber" value="02072052245" />
Link to comment
Share on other sites
capitalalist Newbie

capitalalist

Posted
  • Author
Posted

Ok here is the script that runs in full. As I said the only thing that doesn't work is when I try to echo either $clubname or $clubnumber. I have replaced some of the api keys for safety and and the domain name in question. Thanks!!!

<?php
if($_POST['gl_valid'] === "guestlist") {
// Include MailChimp + Text Marketer API
require_once 'TMRestClient.php';
require_once "MCAPI.class.php";

 /* Load form data
======================================================================*/
$sophisticated = $_POST['gl_sophisticated'];
$name = $_POST['gl_name'];
$email = trim($_POST['gl_email']);
$mobile = $_POST['gl_number'];
$when = $_POST['gl_when'];
$message = $_POST['gl_message'];
$day = $_POST['gl_day'];
$month = $_POST['gl_month'];
$clubname = $_POST['gl_clubname'];
$clubnumber = $_POST['gl_clubnumber'];
$year = $_POST['gl_year'];
//Create Birthday in mm/dd format for mailchimp
$birthday = $month."/".$day;
//Create Birthday in dd/mm/yy output
$birthdayfull = $day."/".$month."/".$year;

/* Functions
==================================================================*/
function sanitize($var) {
    $var = stripslashes($var);
    $var = htmlentities($var);
    $var = htmlspecialchars($var);
    return $var;
}

function ParseName($name)
{
 // Calculate first/last names
 $space = strpos($name, ' ');
 if ($space !== false) {
  $firstName = substr($name, 0, $space);
  $lastName = substr($name, $space + 1);
 } else {
  $firstName = $name;
  $lastName = '';
 }
 
 return array('first' => $firstName, 'last' => $lastName);
}

function SubscribeToList($listId, $name, $email, $birthday, $mobile)
{
// MailChimp API Key from Account Control Panel
$apiKey = '********************************';
 $api = new MCAPI($apiKey);
 $parsedName = ParseName($name);
 
$mergeVars = array('FNAME' => $parsedName['first'], 'LNAME' => $parsedName['last'], 'BDAY' => $birthday, 'NUMBER' => $mobile);
 
 $success = $api->listSubscribe($listId, $email, $mergeVars, 'html', false);
 return $success; 
}

/* Mailchimp
 * ========================================================================
 */

// MailChimp List Id to subscribe to (leave blank for no subscription)

$listId = '***********';

//Subscribe to email list
if ($listId) {
   $success = SubscribeToList($listId, $name, $email, $birthday, $mobile);
}


/* Text Marketer
 * ===========================================================================
 */
//Send Text Message from Text Marketer
$tmClient = new TMRestClient('*******', '********', 'production'); //production
      try {
            $result = $tmClient->sendSMS("Hi five $name! Complete your guestlist by 'liking' us on Facebook > http://tinyurl.com/bl85tyg and we'll call you to confirm this shortly. www.domainname.com x", "$mobile", 'Cluboid');
      } catch (Exception $ex) {
         // echo "Error: {$ex->getCode()}, {$ex->getMessage()}";
          echo "<div id='smserror'><p>Looks like you didn't enter a vaild UK mobile number.</p>";
          echo "<p>Unfortunately we cannot send you the guestlist details without it!</p></div>";
      }
	  
//Store Phone Number at Text Marketer
$tmClient = new TMRestClient('********', '******', 'production');
      try {
          $result = $tmClient->addNumbersToGroup('Applicationscluboid', "$mobile");
      } catch (Exception $ex) {
         // echo "Error: {$ex->getCode()}, {$ex->getMessage()}";
      }
	
/* Email section
 * ============================================================================
 */


// Prepare e-mail body
$body = "Hi,

There is a new guestlist subscriber. ";
if($sophisticated == true) {
   $body .= "(High End)";
}
$body .= "
Name: $name
Birthday: $birthdayfull
Email: $email
Mobile: $mobile
When: $when
Club Choice: $clubname
Message: $message



Thanks";

// Prepare e-mail autoresponse
$autorespond = "Hi five $name!, 

Get ready to have an awesome night.

Once you've 'Liked' us on Facebook here http://www.facebook.com/pages/*********, we'll call you on our guestlist line (within office hours 12pm - 7pm) to book in your party application on the number you supplied ($mobile).

We look forward to seeing you at one of our events.

Happy partying x 

The Guestlist team,

02079230802
guestlist@domainame.com
www.domainname.com
@domain
";


// Settings
$sendTo = 'guestlist@domainame.com';

// Send e-mail to us
$success_self = mail($sendTo, sprintf("Domain Guestlist: %s", $name), $body, sprintf("From: %s", $email));

// Send e-mail autoresponse to applicant
$success_subscriber = mail($email, sprintf("Thanks for applying %s", $name), $autorespond, sprintf("From: guestlist@domainname.com"));

if($success_self && $success_subscriber) {
    echo "<h2>Hi five $name!</h2>";
    echo "<p>- $clubname $clubnumber - We will give you a quick call shortly on $mobile to confirm all of the details for what will be an amazing night. In the mean time don't forget to <a href=\"http://www.facebook.com/pages/***************\" target=\"_blank\">like us on Facebook to complete your application</a>!</p>";
	echo "<div class=\"videocontainer1\"><iframe src=\"http://player.vimeo.com/video/51554170?title=1&byline=1&portrait=1\" width=\"900\" height=\"506\" frameborder=\"0\" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe></div>";
	echo "<div class=\"blogimages\"><img src=\"http://www.cluboid.com/wp-content/themes/bigformat/images/voltparty-popup1.jpg\" width=\"157\" height=\"105\"/>";
	echo "<img src=\"http://www.cluboid.com/wp-content/themes/bigformat/images/voltparty-popup2.jpg\" width=\"157\" height=\"105\"/>";
	echo "<img src=\"http://www.domainname.com/wp-content/themes/bigformat/images/voltparty-popup3.jpg\" width=\"157\" height=\"105\"/>";
	echo "<img src=\"http://www.domainname.com/wp-content/themes/bigformat/images/voltparty-popup4.jpg\" width=\"157\" height=\"105\"/></div>";
} else {
    echo "Sorry but we seem to be haing some technical difficulties at the moment";
}

} else {
    header("location: http://www.domainname.com/confirmation/");
}  ?>
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.