Jump to content

Recommended Posts

I am attempting to post data to database and send email.  code works separately with only email submit or database insert but combining actions are giving me fits.

 

The combined code does send email, however does not insert into MySQL.

 

Also, I am looking at updating code as this is old, however need this running now.

 

Thanks in advance.

 

Here is my code.

<?php
//error_reporting(E_ALL);
//ini_set('display_errors', 1);



// Functions to filter user inputs
function filterName($field){

// Sanitize user name
$field = filter_var(trim($field), FILTER_SANITIZE_STRING);

// Validate user name
if(filter_var($field, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+/")))){
	return $field;
	    }else{	
	return FALSE;
        }
		}    
    function filterEmail($field){

// Sanitize e-mail address
$field = filter_var(trim($field), FILTER_SANITIZE_EMAIL);

// Validate e-mail address
if(filter_var($field, FILTER_VALIDATE_EMAIL)){
	return $field;
		}else{
	return FALSE;
    	}
	   	}
function filterString($field){

// Sanitize string
$field = filter_var(trim($field), FILTER_SANITIZE_STRING);
if(!empty($field)){
	return $field;
        }else{
	return FALSE;
        }
		}

// Define variables and initialize with empty values
$txtaddressErr = 
$txtmainErr = 
$txtsubjectErr =
$txttitle2Err = 
$txtbusinesstitleErr =
$txtaddress2Err ="";

$txtaddress = 
$txtmain = 
$txtsubject = 
$txttitle2 = 
$txtbusinesstitle =
$txtaddress2 = "";

// Processing form data when form is submitted
if(isset($_POST['submit'])){
      include ("connect.php");
     
// Validate user name
if(empty($_POST["txtaddress"])){
$txtaddressErr = 'Please enter your Keywords.';
		}else{
$txtaddress = filterName($_POST["txtaddress"]);
if($txtaddress == FALSE){
$txtaddressErr = 'Please enter a valid Keywords.';
		}
	    }
    
// Validate email address
if(empty($_POST["txtmain"])){
$txtmainErr = 'Please enter your email address.';
	    }else{
$txtmain = filterEmail($_POST["txtmain"]);
if($txtmain == FALSE){
$txtmainErr = 'Please enter a valid email address.';
		}
        }
       
// Validate need
if(empty($_POST["txtsubject"])){
$txtsubjectErr = 'Please enter your need.';     
		}else{
$txtsubject = filterString($_POST["txtsubject"]);
if($txtsubject == FALSE){
$txtsubjectErr = 'Please enter a need.';
		}
        }
// Validate message subject
if(empty($_POST["txtaddress2"])){
$txtaddress2Err = "Please enter an Industry";
		}else{
$txtaddress2 = filterString($_POST["txtaddress2"]);
if($txtaddress2 == FALSE){
$txtaddress2Err = 'Please enter an Industry.';
		}
		}

// Validate user comment
if(empty($_POST["txttitle2"])){
$txttitle2Err = 'Please enter your offer.';     
		}else{
$txttitle2 = filterString($_POST["txttitle2"]);
if($txttitle2 == FALSE){
$txttiele2Err = 'Please enter a valid offer.';
		}
        }

// Check input errors before sending email
if(empty($txtaddressErr) && empty($txtmainErr) && empty($txttitle2Err)){

// Recipient email address
$to = 'myemail@domain.org';
 
// Create email headers
$headers = 'From: '. $txtmain . "\r\n" .
           'Reply-To: '. $txtmain . "\r\n" .
           'X-Mailer: PHP/' . phpversion();

// Sending email
if(mail($to, $txtsubject, $txttitle2, $headers)){
echo '<p class="success">Your message has been sent successfully!</p>';
$stuid = $_POST['txtid'];
$address = trim($_POST['txtaddress']);
$sub = trim($_POST['txtsubject']);	
$date = trim($_POST['txtdate']);
$main = trim($_POST['txtmain']);
$title2 = trim($_POST['txttitle2']);
$address2 = trim($_POST['txtaddress2']);
$agentid = trim($_POST['txtagentid']);
$businesstitle = trim($_POST['txtbusinesstitle']);
if(isset($_POST['submit'])){
include ("connect.php");
	   
$i = mysql_query( "INSERT INTO `unaction_partner`.`tbl_student` (`stuid`, `address`, `sub`, `date`, `main`, `title2`, `address2`, `agentid`, `businesstitle`) VALUES 
 ('".$stuid."','".$address."','".$sub."','".$date."','".$main."','".$title2."','".$address2."','".$agentid."','".$businesstitle."')");
        }
		}
        }
	    }
//	}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Form</title>
	<style type="text/css">
	.error{ color: red; }
	.success{ color: green; }
	</style>
</head>
<body>
<div id="">
	<table width="100%" border="0">
<?php 
$businesstitle= isset($row['businesstitle']) ? $row['businesstitle'] : ''; ?>

<form method="post" action="">
 <tr>
<?php
	include ("connect.php");
	$g = mysql_query("select max(stuid) from tbl_student");
	while($id=mysql_fetch_array($g))
?>
                
	<td width="26%"> </td>
    <td width="74%"><input type="hidden" name="txtid" value="<?php echo $id[0]+1; ?>" readonly="readonly" /></td>
    </tr>
    <tr>
    <td><label for="txtaddress">Keywords:<sup>*</sup></label></td>
    <td><textarea cols="30px" rows="3" name="txtaddress" placeholder="Tip-Include Industry Name, Topic and City to Improve Search Standing"  /></textarea>
<span class="error"><?php echo $txtaddressErr; ?></span></td>
    </tr>
    <tr>
    <td><label for="txtsubject2">Need:</label></td>
    <td><input type="text" name="txtsubject" id="txtzubject">
<span class="error"><?php echo $txtsubjectErr; ?></span></td>
    </tr>
    
    <tr>
    <td>Offer:<sup>*</sup></td>
    <td><textarea name="txttitle2" id="Comment" rows="5" cols="30"></textarea>
<span class="error"><?php echo $txttitle2Err; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtbusinesstitle2">Your Name:</label></td>
            <td><input type="text" name="txtbusinesstitle" id="txtbusinesstitle">
            <span class="error"><?php echo $txtbusinesstitleErr; ?></span></td>
          </tr>
          <tr>
            <td>Industry:</td>
            <td><input type="text" name="txtaddress2" placeholder="One Industry Name"  />
            <span class="error"><?php echo $txtaddress2Err; ?></span></td>
          </tr>
          <tr>
            <td><label for="txtmain">Email:<sup>*</sup></label></td>
            <td><input type="text" name="txtmain" id="txtmain" value="<?php echo $_SESSION['email']; ?>">
            <span class="error"><?php echo $txtmainErr; ?></span></td>
          </tr>
          <tr>
            <td>Register Date</td>
            <td><input type="text" name="txtdate" value="<?php echo date("d/M/Y"); ?>" readonly="readonly" /></td>
          </tr>
          <tr>
            <td></td>
            <td><input type="hidden" name="txtagentid" placeholder="Type Name"  />
            <input type="hidden" name="txtmember"  /></td>
          </tr>
          <tr>
            <td><input type="submit" name="submit"  value="Send"></td>
            <td><input type="reset" value="Reset"></td>
          </tr>
  </form>
    </table>
</div>
</body>
</html>

define all these with = "";

 

$txtaddressErr =
$txtmainErr =
$txtsubjectErr =
$txttitle2Err =
$txtbusinesstitleErr =
$txtaddress2Err ="";
 
$txtaddress =
$txtmain =
$txtsubject =
$txttitle2 =
$txtbusinesstitle =
$txtaddress2 = "";

 

Checking if post was submit twice

if(isset($_POST['submit'])){

 

Only need to include this once

include ("connect.php");

 

mysql_* functions are deprecated and being removed in php7. Use pdo or mysqli

 

You should really use the escape functions for any values inserting into the mysql query.

do proper indenting on your code

function greet ($user)
{
    if (date('H') < 12)
    {
        $output = "Good morning $user"
    }
    else
    {
        $output = "Hello $user";
    }
    return $output;
}
function greet ($user) {
if (date('H') < 12) {
$output = "Good morning $user"}
else {
$output = "Hello $user";}
return $output;}
function greet ($user) {if (date('H') < 12) {$output = "Good morning $user"} else {$output = "Hello $user";} return $output;}

      wich of the 3 samples above does make it easy to detect errors?

define all these with = "";

 

$txtaddressErr =

$txtmainErr =

$txtsubjectErr =

$txttitle2Err =

$txtbusinesstitleErr =

$txtaddress2Err ="";

@QoC,

 

See end of para 7 on http://php.net/manual/en/language.expressions.php

 

 

Since assignments are parsed in a right to left order, you can also write '$b = $a = 5'.

 

@Barand, I know that, shouldn't the script throw an error because multiple lines and no semicolon to end the statement?

I just tried it and doesn't throw a parse error. I tend to be more consistent for better readability, like indentations, curly braces, returns and so on.

 

It goes against what they say.

As in C or Perl, PHP requires instructions to be terminated with a semicolon at the end of each statement. The closing tag of a block of PHP code automatically implies a semicolon; you do not need to have a semicolon terminating the last line of a PHP block. The closing tag for the block will include the immediately trailing newline if one is present.

 

 

I would do it all one line.

// Define variables and initialize with empty values
$txtaddressErr $txtmainErr $txtsubjectErr $txttitle2Err $txtbusinesstitleErr $txtaddress2Err "";

$txtaddress $txtmain $txtsubject $txttitle2 $txtbusinesstitle $txtaddress2 "";

OK here is what I did. (sill not working bty)

 

1. Defined Err variables with ""';

2. Removed duplicate submit and include

3. Used escape string

4. Cleaned up indention to the best of my limited knowledge.

 

Below is the updated code.

Again:

1. error functions work (nothing pass if form is not properly filled out)

2. if form is filled out correctly, the email sends however database insert does not work.

3. if I remove error and email functions, database insert work.

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);



// Functions to filter user inputs
function filterName($field)
{

// Sanitize user name
    $field = filter_var(trim($field), FILTER_SANITIZE_STRING);

// Validate user name
    if(filter_var($field, FILTER_VALIDATE_REGEXP, 
	    array("options"=>array("regexp"=>"/^[a-zA-Z\s]+/")))){
            return $field;
        } else {	
            return FALSE;
            }
        }    
function filterEmail($field)
{

// Sanitize e-mail address
    $field = filter_var(trim($field), FILTER_SANITIZE_EMAIL);

// Validate e-mail address
    if(filter_var($field, FILTER_VALIDATE_EMAIL)){
        return $field;
        } else {
            return FALSE;
            }
        }
function filterString($field)
{

// Sanitize string
    $field = filter_var(trim($field), FILTER_SANITIZE_STRING);
    if(!empty($field)){
        return $field;
        } else {
	        return FALSE;
            }
        }

// Define variables and initialize with empty values
$txtaddressErr = "";
$txtmainErr = "";
$txtsubjectErr = "";
$txttitle2Err = "";
$txtbusinesstitleErr = "";
$txtaddress2Err ="";

$txtaddress = "";
$txtmain = "";
$txtsubject = "";
$txttitle2 = "";
$txtbusinesstitle = "";
$txtaddress2 = "";

// Processing form data when form is submitted
if(isset($_POST['submit'])){
    include ("connect.php");
     
// Validate user Keywords
if(empty($_POST["txtaddress"])){
    $txtaddressErr = 'Please enter your Keywords.';
    } else {
        $txtaddress = filterName($_POST["txtaddress"]);
    if($txtaddress == FALSE){
        $txtaddressErr = 'Please enter a valid Keywords.';
    }
}
    
// Validate email address
if(empty($_POST["txtmain"])){
    $txtmainErr = 'Please enter your email address.';
    } else {
        $txtmain = filterEmail($_POST["txtmain"]);
    if($txtmain == FALSE){
        $txtmainErr = 'Please enter a valid email address.';
    }
}
       
// Validate need
if(empty($_POST["txtsubject"])){
    $txtsubjectErr = 'Please enter your need.';     
    } else {
        $txtsubject = filterString($_POST["txtsubject"]);
    if($txtsubject == FALSE){
        $txtsubjectErr = 'Please enter a need.';
    }
}
// Validate Industry
if(empty($_POST["txtaddress2"])){
    $txtaddress2Err = "Please enter an Industry";
    } else {
        $txtaddress2 = filterString($_POST["txtaddress2"]);
    if($txtaddress2 == FALSE){
        $txtaddress2Err = 'Please enter an Industry.';
    }
}

// Validate user offer
if(empty($_POST["txttitle2"])){
    $txttitle2Err = 'Please enter your offer.';     
    } else {
        $txttitle2 = filterString($_POST["txttitle2"]);
    if($txttitle2 == FALSE){
        $txttitle2Err = 'Please enter a valid offer.';
    }
}

// Validate user name
if(empty($_POST["txtbusinesstitle"])){
    $txtbusinesstitleErr = 'Please enter your name.';     
    } else {
        $txtbusinesstitle = filterString($_POST["txtbusinesstitle"]);
    if($txtbusinesstitle == FALSE){
        $txtbusinesstitleErr = 'Please enter a valid name.';
    }
}
// Check input errors before sending email
if(empty($txtaddressErr) && empty($txtmainErr) && empty($txttitle2Err)){

// Recipient email address
    $to = 'myemail@domain.org';
 
// Create email headers
$headers = 'From: '. $txtmain . "\r\n" .
           'Reply-To: '. $txtmain . "\r\n" .
           'X-Mailer: PHP/' . phpversion();

// Sending email
if(mail($to, $txtsubject, $txttitle2, $headers)){
    echo '<p class="success">Your message has been sent successfully!</p>';
$stuid = mysql_real_escape_string($_POST['txtid']);
$address = mysql_real_escape_string($_POST['txtaddress']);
$sub = mysql_real_escape_string($_POST['txtsubject']);	
$date = mysql_real_escape_string($_POST['txtdate']);
$main = mysql_real_escape_string($_POST['txtmain']);
$title2 = mysql_real_escape_string($_POST['txttitle2']);
$address2 = mysql_real_escape_string($_POST['txtaddress2']);
$agentid = mysql_real_escape_string($_POST['txtagentid']);
$businesstitle = mysql_real_escape_string($_POST['txtbusinesstitle']);
	   
$i = mysql_query( "INSERT INTO `unaction_partner`.`tbl_student` (`stuid`, `address`, `sub`, `date`, `main`, `title2`, `address2`, `agentid`, `businesstitle`) VALUES 
 ('".$stuid."','".$address."','".$sub."','".$date."','".$main."','".$title2."','".$address2."','".$agentid."','".$businesstitle."')");
}
}
}
//	}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Form</title>
	<style type="text/css">
	.error{ color: red; }
	.success{ color: green; }

	</style>
</head>
<body>
<div id="">
	<table width="100%" border="0">
<?php 
$businesstitle= isset($row['businesstitle']) ? $row['businesstitle'] : ''; 
?>

<form method="post" action="">
 <tr>
<?php
//include ("connect.php");
$g = mysql_query("select max(stuid) from tbl_student");
while($id=mysql_fetch_array($g))
?>
                
	<td width="26%"> </td>
    <td width="74%"><input type="hidden" name="txtid" value="<?php echo $id[0]+1; ?>" readonly="readonly" /></td>
    </tr>
    
    <tr>
    <td><label for="txtaddress">Keywords:<sup>*</sup></label></td>
    <td><textarea cols="30px" rows="3" name="txtaddress" placeholder="Tip-Include Industry Name, Topic and City to Improve Search Standing"  /></textarea>
<span class="error"><?php echo $txtaddressErr; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtsubject2">Need:</label></td>
    <td><input type="text" name="txtsubject" id="txtsubject">
<span class="error"><?php echo $txtsubjectErr; ?></span></td>
    </tr>
    
    <tr>
    <td>Offer:<sup>*</sup></td>
    <td><textarea name="txttitle2" id="Comment" rows="5" cols="30"></textarea>
<span class="error"><?php echo $txttitle2Err; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtbusinesstitle">Your Name:</label></td>
            <td><input type="text" name="txtbusinesstitle" id="txtbusinesstitle">
            <span class="error"><?php echo $txtbusinesstitleErr; ?></span></td>
          </tr>
    
          <tr>
            <td><label for="txtaddress2">Industry:</label></td>
            <td><input type="text" name="txtaddress2" id="txtaddress2" placeholder="One Industry Name"  />
            <span class="error"><?php echo $txtaddress2Err; ?></span></td>
          </tr>
    
          <tr>
            <td><label for="txtmain">Email:<sup>*</sup></label></td>
            <td><input type="text" name="txtmain" id="txtmain" value="<?php echo $_SESSION['email']; ?>">
            <span class="error"><?php echo $txtmainErr; ?></span></td>
          </tr>
    
          <tr>
            <td>Register Date</td>
            <td><input type="text" name="txtdate" value="<?php echo date("d/M/Y"); ?>" readonly="readonly" /></td>
          </tr>
    
          <tr>
            <td></td>
            <td><input type="hidden" name="txtagentid" placeholder="Type Name"  />
            <input type="hidden" name="txtmember"  /></td>
          </tr>
    
          <tr>
            <td><input type="submit" name="submit"  value="Send"></td>
            <td><input type="reset" value="Reset"></td>
          </tr>
  </form>
    </table>
</div>
</body>
</html>

you need to form the sql query statement in a php variable, then echo or var_dump that variable so that you know what the sql actually is. you also need to check for and handle any query errors.

 

note: you cannot guarantee that getting the highest id from a database table, incrementing it, and inserting it in a new row in the database table will produce unique numbers. you will eventually get a collision where two or more concurrent instances of your script are running and try to insert the same value.

@gabbymiles,

I have some free time on my hands today. If you can provide a zip of EVERTHING I need to run it, I will look into it. That also includes an sql dump of the db including create table sql and at least a few rows of sample data.

I tried different ways to no avail

 

 

you may have tried a bunch of things, but if you didn't echo out the sql query statement so that you (and us) will know what it is (which would also confirm that the code where the query is at is running) and check if the query is producing an error or not, you will never narrow down the problem and find what's causing it.

 

it's also possible that your code is inserting a row, but its not where you are looking for it at. that you are specifying the database name in the insert query means that the insert query could be operating on a different database than the one you think it is from the connection code.

 

i tried your last posted code and it did run to send the email, display the success message, and insert the row in the database table. the needed step would be for you to add code that checks if the query is failing or not and if it is failing, what the mysql error is.

ok Mac_gyver, I called the MySQL output however i'm sure it isn't correct.  I coded it the best I could.

 

I'm getting an error. Fatal error: Call to a member function query() on a non-object in /home/unaction/public_html/partnerupby2.com/post.php on line 141

 

 

line 41 starts at if ($con->query($...


 if(isset($_POST['submit'])){
       include ("connect.php");

$i = mysql_query( "INSERT INTO `unaction_partner`.`tbl_student` (`stuid`, `address`, `sub`, `date`, `main`, `title2`, `address2`, `agentid`, `businesstitle`) VALUES
 ('".$stuid."','".$address."','".$sub."','".$date."','".$main."','".$title2."','".$address2."','".$agentid."','".$businesstitle."')");
 
 if ($con->query($i) === TRUE){
  echo "Success";
 } else {
            echo('Error: ' . mysql_error());
        }

 

 

 

 

 

Why are you checking $con->query()? There is no $con variable anywhere in your code. Did you copy-and-paste this error check from somebody else?

 

At best, you'd check $i. That's your query result. If it's false, then there's an error.

Jacques1, it came from my connection code.

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

$con = mysql_connect("localhost","mydb","user") or die (mysql_error());
		mysql_select_db ("mydb", $con);
		//echo "Connected";
	?>

I'll just use $I and see.

Jacques1, thanks you are right, I just used $I and got duplicate ID error where increment wasn't working.  However Mc_gyver saw this coming so I will need to change how I approach that. Thanks Mc_gyver.

 

Now it is updating and emailing.

 

Another Issue: Error handling is working on the front end and stripping "less than" symbol from string in the email, it is passing through to MySQL.

 

Any ideas why error handling isn't stopping this.  Again, I do realize updating to newer code would make it easier on myself and I will get to it but again, need a quick fix for the moment.

 

Thanks again.

 

Here is the updated code.  (I know its ugly, but im trying)

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);



// Functions to filter user inputs
function filterName($field)
{

// Sanitize user name
    $field = filter_var(trim($field), FILTER_SANITIZE_STRING);

// Validate user name
    if(filter_var($field, FILTER_VALIDATE_REGEXP, 
	    array("options"=>array("regexp"=>"/^[a-zA-Z\s]+/")))){
            return $field;
        } else {	
            return FALSE;
            }
        }    
function filterEmail($field)
{

// Sanitize e-mail address
    $field = filter_var(trim($field), FILTER_SANITIZE_EMAIL);

// Validate e-mail address
    if(filter_var($field, FILTER_VALIDATE_EMAIL)){
        return $field;
        } else {
            return FALSE;
            }
        }
function filterString($field)
{

// Sanitize string
    $field = filter_var(trim($field), FILTER_SANITIZE_STRING);
    if(!empty($field)){
        return $field;
        } else {
	        return FALSE;
            }
        }

// Define variables and initialize with empty values
$txtaddressErr = "";
$txtmainErr = "";
$txtsubjectErr = "";
$txttitle2Err = "";
$txtbusinesstitleErr = "";
$txtaddress2Err ="";

$txtaddress = "";
$txtmain = "";
$txtsubject = "";
$txttitle2 = "";
$txtbusinesstitle = "";
$txtaddress2 = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Processing form data when form is submitted
    include ("connect.php");
	if(isset($_POST['submit'])){

     
// Validate user Keywords
if(empty($_POST["txtaddress"])){
    $txtaddressErr = 'Please enter your Keywords.';
    } else {
        $txtaddress = filterName($_POST["txtaddress"]);
    if($txtaddress == FALSE){
        $txtaddressErr = 'Please enter a valid Keywords.';
    }
}
    
// Validate email address
if(empty($_POST["txtmain"])){
    $txtmainErr = 'Please enter your email address.';
    } else {
        $txtmain = filterEmail($_POST["txtmain"]);
    if($txtmain == FALSE){
        $txtmainErr = 'Please enter a valid email address.';
    }
}
       
// Validate need
if(empty($_POST["txtsubject"])){
    $txtsubjectErr = 'Please enter your need.';     
    } else {
        $txtsubject = filterName($_POST["txtsubject"]);
    if($txtsubject == FALSE){
        $txtsubjectErr = 'Please enter a need.';
    }
}
// Validate Industry
if(empty($_POST["txtaddress2"])){
    $txtaddress2Err = "Please enter an Industry";
    } else {
        $txtaddress2 = filterName($_POST["txtaddress2"]);
    if($txtaddress2 == FALSE){
        $txtaddress2Err = 'Please enter an Industry.';
    }
}

// Validate user offer
if(empty($_POST["txttitle2"])){
    $txttitle2Err = 'Please enter your offer.';     
    } else {
        $txttitle2 = filterName($_POST["txttitle2"]);
    if($txttitle2 == FALSE){
        $txttitle2Err = 'Please enter a valid offer.';
    }
}

// Validate user name
if(empty($_POST["txtbusinesstitle"])){
    $txtbusinesstitleErr = 'Please enter your name.';     
    } else {
        $txtbusinesstitle = filterName($_POST["txtbusinesstitle"]);
    if($txtbusinesstitle == FALSE){
        $txtbusinesstitleErr = 'Please enter a valid name.';
    }
}

$stuid = mysql_real_escape_string($_POST['txtid']);

$address=preg_replace("/[^\`a-z,. \'\-\d]/i", "", $txtaddress);
$address = mysql_real_escape_string($_POST['txtaddress']);
$sub = mysql_real_escape_string($_POST['txtsubject']);	
$date = mysql_real_escape_string($_POST['txtdate']);
$main = mysql_real_escape_string($_POST['txtmain']);
$title2 = mysql_real_escape_string($_POST['txttitle2']);
$address2 = mysql_real_escape_string($_POST['txtaddress2']);
$agentid = mysql_real_escape_string($_POST['txtagentid']);
$businesstitle = mysql_real_escape_string($_POST['txtbusinesstitle']);

 if(isset($_POST['submit'])){
       include ("connect.php");

if(empty($txtaddressErr) && empty($txtmainErr) && empty($txttitle2Err) && empty($txsubject2Err) && empty($txtaddress2Err) && empty($txtbusinesstitleErr)){

$i = mysql_query( "INSERT INTO `unaction_partner`.`tbl_student` (`stuid`, `address`, `sub`, `date`, `main`, `title2`, `address2`, `agentid`, `businesstitle`) VALUES 
 ('".$stuid."','".$address."','".$sub."','".$date."','".$main."','".$title2."','".$address2."','".$agentid."','".$businesstitle."')");
 
 if ($i === TRUE){
	 echo "Success";
 } else {
            echo('Error: ' . mysql_error());
        }
 
 }
// Check input errors before sending email

if(empty($txtaddressErr) && empty($txtmainErr) && empty($txttitle2Err) && empty($txsubject2Err) && empty($txtaddress2Err) && empty($txtbusinesstitleErr)){
// Recipient email address
    $to = 'myemail@domain.org';
 
// Create email headers
$headers = 'From: '. $txtmain . "\r\n" .
           'Reply-To: '. $txtmain . "\r\n" .
           'X-Mailer: PHP/' . phpversion();

// Sending email
if(mail($to, $txtsubject, $txttitle2, $headers)){
    echo '<p class="success">Your message has been sent successfully!</p>';
}
}}
}
}

//	}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Form</title>
	<style type="text/css">
	.error{ color: red; }
	.success{ color: green; }

	</style>
</head>
<body>
<div id="">
	<table width="100%" border="0">
<?php 
$businesstitle= isset($row['businesstitle']) ? $row['businesstitle'] : ''; 
?>

<form method="post" action="">
 <tr>
<?php
include ("connect.php");
$g = mysql_query("select max(stuid) from tbl_student");
while($id=mysql_fetch_array($g))
{
?>
                
	<td width="26%"> </td>
    <td width="74%"><input type="hidden" name="txtid" value="<?php echo $id[0]+1; ?>" readonly="readonly" /></td>
    </tr>
    <?
}
?>
    <tr>
    <td><label for="txtaddress">Keywords:<sup>*</sup></label></td>
    <td><textarea cols="30px" rows="3" name="txtaddress" placeholder="Tip-Include Industry Name, Topic and City to Improve Search Standing"  /><?php echo $txtaddress; ?>
    </textarea>
<span class="error"><?php echo $txtaddressErr; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtsubject2">Need:</label></td>
    <td><input name="txtsubject" type="text" id="txtsubject" value="<?php echo $txtsubject; ?>">
<span class="error"><?php echo $txtsubjectErr; ?></span></td>
    </tr>
    
    <tr>
    <td>Offer:<sup>*</sup></td>
    <td><textarea name="txttitle2" id="Comment" rows="5" cols="30"><?php echo $txttitle2; ?></textarea>
<span class="error"><?php echo $txttitle2Err; ?></span></td>
    </tr>
    
    <tr>
    <td><label for="txtbusinesstitle">Your Name:</label></td>
            <td><input name="txtbusinesstitle" type="text" id="txtbusinesstitle" value="<?php echo $txtbusinesstitle; ?>">
      <span class="error"><?php echo $txtbusinesstitleErr; ?></span></td>
          </tr>
    
          <tr>
            <td><label for="txtaddress2">Industry:</label></td>
            <td><input name="txtaddress2" type="text" id="txtaddress2" value="<?php echo $txtaddress2; ?>" placeholder="One Industry Name"  />
            <span class="error"><?php echo $txtaddress2Err; ?></span></td>
          </tr>
    
          <tr>
            <td><label for="txtmain">Email:<sup>*</sup></label></td>
            <td><input type="text" name="txtmain" id="txtmain" value="<?php echo $_SESSION['email']; ?>">
            <span class="error"><?php echo $txtmainErr; ?></span></td>
          </tr>
    
          <tr>
            <td>Register Date</td>
            <td><input type="text" name="txtdate" value="<?php echo date("d/M/Y"); ?>" readonly="readonly" /></td>
          </tr>
    
          <tr>
            <td></td>
            <td><input type="hidden" name="txtagentid" placeholder="Type Name"  />
            <input type="hidden" name="txtmember"  /></td>
          </tr>
    
          <tr>
            <td><input type="submit" name="submit"  value="Send"></td>
            <td><input type="reset" value="Reset"></td>
          </tr>
  </form>
    </table>
</div>
</body>
</html>

You're inserting the original data instead of the filtered data.

 

But like you already said yourself: This code desparately needs an update. Blocking less-than signs as a “security measure” may have been acceptable in the 90s, but nowadays people are used to professional software which doesn't choke on a simple input character.

Edited by Jacques1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.