Jump to content

Hello! Pretty simple PHP form, I broke it..please assist! :)


teanza

Recommended Posts

Hi everyone!

 

So you can see how often I use PHP, seeing my last post was 2009.

 

My goal:

 

  • Keep the contact page HTML, hence the linked sheet
  • Have email come from the host, reply to the user
  • Have email and name required only
  • Have submission success on the SAME HTML page

So here is what I tried to do, never worked:

<?php

	
$to = "XXX@XXX.com";
$subject = "XXX Web Inquiry";

$name = $_POST['name'];
$email = $_POST['email'];
$phone =  $_POST['phone'];
$selection = $_POST['selection'];
$comment = $_POST['comment'];


$body .= "Name: " .$POST['name']."\n";
$body .="E-Mail: ".$POST['email']."\n";
$body .="Phone: ".$POST['phone']."\n"; 
$body .="Selection: ".$POST['selection']."\n";
$body .="Comment: ".$POST['comment']."\n";


$errEmail = $errName = "";
$name = $email = $phone = $selection = $comment = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
	

  if (empty($_POST['name'])) {
    $errName = "Name is required";
  } else {
    $name = test_input($_POST["name"]);
  }

  if (!$_POST['email'] || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
    $errEmail = "Valid email is required";
  } else {
    $email = test_input($_POST['email']);
	
  }

  if (empty($_POST['phone'])) {
    $phone = "";
  } else {
    $phone = test_input($_POST['phone']);
  }

  if (empty($_POST['comment'])) {
    $comment = "";
  } else {
    $comment = test_input($_POST['comment']);
  }

  if (empty($_POST['selection'])) {
    $selection = "";
  } else {
    $selection = test_input($_POST['selection']);
  }



	$msgError = "ERROR: Please re-submit the form; we apologize!";

    $msgSuccess = "Sent -- Thank you " . $name . ", we will contact you shortly!";


    $header .= 'From: '. $_REQUEST['name']. "\r\n". 'Reply-To: '. $_REQUEST['email'] . "\r\n";

if (isset($_POST['submit'])) {
mail($to, $header, $subject, $body, $email); 

        echo $msgSuccess;
		
    } else {

        echo $msgError;
    }



?>


 

Here is one I stole that I got to somewhat work, as far as just emailing me, but has no restrictions (e.g., would submit empty), didn't always send content, and redirected to the PHP page, so I don't wish to use it; I think I may need to combine the two + add fxn to stay on the same page:

<?php

if(isset($_POST['email'])) {
 
     
 
    // EDIT THE 2 LINES BELOW AS REQUIRED
 
    $email_to = "XXX@XXX.com";
 
    $email_subject = "XXX Website Inquiry";
 
     
 
     
 
    function died($error) {
 
        // your error code can go here
 
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
 
        echo "These errors appear below.<br /><br />";
 
        echo $error."<br /><br />";
 
        echo "Please go back and fix these errors.<br /><br />";
 
        die();
 
    }
 
     
 
    // validation expected data exists
 
    if(!isset($_POST['name']) ||
 
        !isset($_POST['selection']) ||
 
        !isset($_POST['email']) ||
 
        !isset($_POST['phone']) ||
 
        !isset($_POST['comment'])) {
 
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
 
    }
 
     
 
    $name = $_POST['name']; // required
 
    $selection = $_POST['selection']; // required
 
    $email = $_POST['email']; // required
 
    $phone = $_POST['phone']; // not required
 
    $comment = $_POST['comment']; // required
 
     
 
  
    $email_message = "Hello, XXX! See form details below!\n\n";
 
     
 
    function clean_string($string) {
 
      $bad = array("content-type","bcc:","to:","cc:","href");
 
      return str_replace($bad,"",$string);
 
    }
 
     
 
    $email_message .= "Name: ".clean_string($name)."\r\n";
 
    $email_message .= "Email: ".clean_string($email)."\r\n";
 
    $email_message .= "Phone: ".clean_string($phone)."\r\n";
	
	$email_message .= "Selection: ".clean_string($selection)."\r\n";
 
    $email_message .= "Comment(s): ".clean_string($comment)."\r\n";
 
     
 
     
 
// create email headers
 
$headers = 'From: '.$email."\r\n".
 
'Reply-To: '.$email."\r\n" .
 
'X-Mailer: PHP/' . phpversion();
 
@mail($email_to, $email_subject, $email_message, $headers);  
 
?>
 
 
 

 
 
 
Thank you for contacting us. We will be in touch with you very soon.
 
 
 

 
<?php
 
}
 
?>

I even tried a blip of Javascript in the HTML form page and added a DIV for the responses to appear on the same page, but all it did was gray the button; nothing else:

<script>
     $("#contact").submit(function(event) 
     {
         /* stop form from submitting normally */
         event.preventDefault();

         /* get some values from elements on the page: */
         var $form = $( this ),
             $submit = $form.find( 'input[type="submit"]' ),
             name_value = $form.find( 'input[name="name"]' ).val(),
             email_value = $form.find( 'input[name="email"]' ).val(),
			 phone_value = $form.find( 'input[name="phone"]' ).val(),
			 selection_value = $form.find( 'input[name="selection"]' ).val(),
             comment_value = $form.find( 'textarea[name="comment"]' ).val(),
             url = $form.attr('action');

         /* Send the data using post */
         var posting = $.post( url, { 
                           name: name_value, 
                           email: email_value, 
                           phone: phone_value, 
						   selection: selection_value,
						   comment: comment_value
                       });

         posting.done(function( data )
         {
             /* Put the results in a div */
             $( "#contactResponse" ).html(data);

             /* Change the button text. */
             $submit.text('Sent, Thank you');

             /* Disable the button. */
             $submit.attr("disabled", true);
         });
    });
</script>

Finally, the HTML:

<div>
<form action="contact2.php" method="post" id="contact">

<div class="form-horizontal control-group"> 
<div class="row">
<div class="span12 leftPad">
<label for="name">Name:</label><input type="text" name="name">
</div>
</div><!--row-->

<br>

<div class="row">
<div class="span12 leftPad">
<label for"email">Email:</label><input type="email" name="email">
</div>
</div><!--row-->

<br>

<div class="row">
<div class="span12 leftPad">
<label for="phone">Phone:</label><input type="tel" name="phone">
</div>
</div><!--row-->

<br>

<div class="row">
<div class="span12 leftPad">
<label for="selection">Area of Interest:</label>
<select name="selection">
  <option value="General Question">General Question</option>
  <option value="Inside Sales">Inside Sales</option>
  <option value="Service">Service</option>
  <option value="Request a Quote">Request a Quote</option>
</select>
</div>
</div><!--row-->

<br>

<div class="row">
<div class="span12 leftPad">
<label for="comment">Comments / Application Specifics</label><textarea rows="10" name="comment"></textarea>
</div>
</div><!--row-->

<br>

<div class="row">
<div class="span12 leftPad">
<input type="submit" name="submit">
</div>
</div><!--row-->

<br>
<!--<div id="contactResponse"></div>-->
<br>
</div> <!--form horizontal control group-->
</form>
</div>

I appreciate this very much!!...I assume it's simple for you guys, and I thought I could figure it out. Certainly it isn't impossible to fulfill my simple bulleted list above? I have failed.

 

-t 

Edited by teanza
Link to comment
Share on other sites

Hey,

 

I haven't done the checks for each input but the script should work.

 

PHP file

<?php

$name = $_POST['name'];
$email = $_POST['email'];
$phone =  $_POST['phone'];
$selection = $_POST['selection'];
$comment = $_POST['comment'];


  $to = "xxxx@email.com";
  $subject="XXX Web Inquiry";
  $message="";
  $message.= "Hello,<br><br>\n";
  $message.="<b>Name:</b> ".$name.".<br><br>\n";
  $message.="<b>Email:</b> ".$email."<br><br>\n";
  $message.="<b>Phone:</b> ".$phone."<br><br>\n";
  $message.="<b>Selection:</b> ".$selection."<br><br>\n";
  $message.="<b>Comment:</b> ".$comment."<br><br>\n";
  
  $headers = "MIME-Version: 1.0\r\n"; 
  $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
  $headers .= "From:".$name."<".$email.">\r\n"; 
  $headers .= "Reply-To:".$name."<".$email.">\r\n";
    $headers .= "X-Mailer: PHP/" . phpversion() . "\r\n";
    $headers .= "X-Priority: 1";
  mail($to,$subject,$message,$headers);
  
  if (isset($HTTP_REFERER)) { 
echo "Your email has been send! | <a href='$HTTP_REFERER'>back</a>"; 
} else { 
echo " Your email has been send! | <a href='javascript:history.back()'>back</a>"; 
} 


?>

You don't need to change anything in the html file.

Link to comment
Share on other sites

some comments -

 

1) ALL the form processing code needs to be inside of a logic test that has checked if a form was submitted. if a form was submitted, all the form fields (except for unchecked checkboxes and un-selected radio-buttons) will be set, even if they are empty.

 

2) you should trim() all inputs before validating them.

 

3) you should validate all inputs to insure that required fields are not empty and that anything in a field is of an expected format and is not nefarious.

 

4) any user input that's put into the message body should be passed through htmlentities() (even if you are sending a plain text email, since email clients can be configured to view the email as html even if it is not) so that should you be using a browser as the email client to view the email, any javascript that was in the submitted message won't be rendered.

 

5) the email address that's being put into the mail header MUST be validated to insure in only contains an email address and nothing else that could be used to inject other headers into the email.

 

6) you should produce a specific error messages for each input that didn't match the expected format to tell the visitor what they did that was wrong, so that they can correct the problem. validation errors should be added as elements to a php array variable.

 

7) you should re-populate the form fields with any previously entered data so that the visitor doesn't have to re-type the values. doing this and displaying any validation errors is easiest if you have one page that contains the form and the form processing code.

 

8) the email is not being sent from the person who submitted the form. it is being sent from a mail server at the web host where the form was submitted to. the From: address in the mail header is either an email address with a domain name that can be matched to the ip address where the sending mail server is at or if the domain doesn't match where the sending mail server is at, that there's an SPF DNS zone record at the domain being used in the from email address that says your sending mail server is authorized to send email for that domain.

 

9) you must test the value returned by the mail() function to determine if the sending mail server even accepted the email (it still may not be sent and the receiving mail server may not accept it) before displaying any sort of success message.

 

10) and because getting email to actually be sent is something of a problem due to all the spam abuse, you should log the relevant information about each form submission so that you know what's going on.

Edited by mac_gyver
Link to comment
Share on other sites

  • 3 weeks later...
<?php


   if (isset($HTTP_REFERER)) { 
echo "Thank you for contacting XXX! We will be in touch with you very soon. | <a href='$HTTP_REFERER'>Back to XXX site!</a>"; 
} else { 
echo "Thank you for contacting XXX! We will be in touch with you very soon. | <a href='javascript:history.back()'>Back to XXX site!</a>"; 
} 
 
  
 
    $email_to = "info@XXX.com";
 
    $email_subject = "You have a new XXX inquiry!!!";
 
    $fromemail="inquiry@XXX.com";
 
     
 
    function died($error) {
 
       
 
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
 
        echo "These errors appear below.<br /><br />";
 
        echo $error."<br /><br />";
 
        echo "Please go back and fix these errors.<br /><br />";
 
        die();
 
    }
 

    if(!isset($_POST['name']) ||
 
        !isset($_POST['selection']) ||
 
        !isset($_POST['email']) ||
 
        !isset($_POST['phone']) ||
 
 	!isset($_POST['zip']) ||
 
        !isset($_POST['comment'])) {
 
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
 
    }
 
     
 
    $name = $_POST['name']; // required
 
    $selection = $_POST['selection']; // required
 
    $email = $_POST['email']; // required
 
    $phone = $_POST['phone']; // not required
	
    $zip= $_POST['zip']; // not required
 
    $comment = $_POST['comment']; // required
 
     
 
  
    $email_message = "Hello, XXX & XXX! See form details below!\n\n";
 
     
 
    function clean_string($string) {
 
      $bad = array("content-type","bcc:","to:","cc:","href");
 
      return str_replace($bad,"",$string);
 
    }
 
     
 
    $email_message .= "Name: ".clean_string($name)."\r\n";
 
    $email_message .= "Email: ".clean_string($email)."\r\n";
 
    $email_message .= "Phone: ".clean_string($phone)."\r\n";
	
    $email_message .= "Zip Code: ".clean_string($zip)."\r\n";
	
    $email_message .= "Interest: ".clean_string($selection)."\r\n";
 
    $email_message .= "Description of Inquiry: ".clean_string($comment)."\r\n";
 

 
$headers = 'From: '.$fromemail. "\r\n".
 
'Reply-To: '.$email. "\r\n" .
 
'X-Mailer: PHP/' . phpversion();
 
@mail($email_to, $email_subject, $email_message, $headers);  
 


?>
 

Hello everyone! My greatest apologies for just getting back to this--I had to travel for quite awhile.

 

SO thanks so much for the code that redirects! I at least have a "back" button now!

 

Also, thank you for the steps on what to know/look for--very helpful.

 

The sheet is linked; code not embedded [intentionally].

 

It submits, BUT the problems I am still having are:

 

  • I will like the confirmation/thank you message to remain on the same page as the form without the extension being changed to ".php"
  • I have validation error for the email, however none of the fields are showing as my intended "required"; essentially, blank forms are able to be submitted..

 

Current code pasted.

 

 

Thank you guys about 1M times, seriously  ;D

 

-t

Edited by teanza
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.