Jump to content

script sending out Extra things on drop down selection HELp..

grk101

By grk101
in PHP Coding Help

Recommended Posts

grk101 Member

grk101

Posted
Posted

Hello,

I have a few drop downs, but when the script passed it sent a few extra items with certain selections.

 

this is the form

<form id="form1" name="form1" method="post" action="send.php">
  <table>
      <tr>
      <td align="right"><label for ="name"> Name: </label></td>
      <td><input type="text" name="name" /></td>
    </tr>
    <tr>
      <td align="right"><label for = "eqpType"> Equipment Type: </label></td>
      <td><select name = "eqpType">
          <option>None</option>
          <option>Tent</option>
          <option>Tent & Trailer</option>
          <option>Camper/Trailer < 20'</option>
          <option>Camper/Trailer > 20'</option>
      </select></td>
    </tr>
    <tr>
      <td valign="top" align="right"><label for = "comments"> Comments/Questions: </label></td>
      <td><textarea rows="5" cols="20" name="comments" wrap="physical"></textarea>
          <br /></td>
    </tr>
    <tr>
      <td><p align="right"> Security Code:<br />
        <img src="CaptchaSecurityImages.php" />      </p></td>
      <td><input id="security_code" name="security_code" type="text" /></td>
    </tr>
    <tr>
      <td colspan="2" align="center"><input name="submit" type="submit" value="Send" />
          <input name="reset" type="reset" /></td>
    </tr>
    <tr>
      <td align="center"><br />
          <a href="" onclick="newcode(); return false;">Click Here</a> for a new code.<br />
        <br />      </td>
      <td></td>
    </tr>
  </table>
</form>

 

 

and this is the script

 

 

<?php
session_start();
   if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) {


@$ip= $_SERVER['REMOTE_ADDR'];
;
@$name = addslashes($_POST['name']);
@$eqpType = addslashes($_POST['eqpType']);
@$comments = addslashes($_POST['comments']);
@$date = date ('m/d/y');
@$time = time('g.i:s.a', time());
// Validation
if (strlen($name) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid name</font></p>");
}


//Sending Email to form owner

$subject = "tech support";
$to = "[email protected]";
$message = "Visitor's IP: $ip\n"
. "Date: $date\n"
. "Time: $time\n"


. "Equipment Type: $eqpType\n"

. "comments: $comments\n";

@mail($to, $subject ,$message ) ;



//saving record in a text file
$file_name = "test.csv";
$first_raw = "name,eqpType,comments,date,time\r\n";
$values = "$name,$eqpType,$comments,$date,$time "."\r\n";
$is_first_row = false;
if(!file_exists($file_name))
{
$is_first_row = true ;
}
if (!$handle = fopen($file_name, 'a+')) {
die("Cannot open file ($file_name)");
exit;
}
if ($is_first_row)
{
  if (fwrite($handle, $first_raw ) === FALSE) {
  die("Cannot write to file ($filename)");
  exit;
  }
}
if (fwrite($handle, $values) === FALSE) {
  die("Cannot write to file ($filename)");
  exit;
}
fclose($handle);


echo("<p align='center'><font face='Arial' size='2' color='#000000'>thank you</font></p>");
       unset($_SESSION['security_code']);
   } else {
           header( "Location: error.html" );

   }

 

 

when the form comes through i get the following:

 

Equipment Type: Camper/Trailer < 20\\\' 

 

the extra \\\\

 

any help would be appreciated.

grk101 Member

grk101

Posted
  • Author
Posted

Its because your using addslashes, I have to question why you are using addslashes.

 

 

well

 

I did a test and removed them, and the same thing was happening,

 

my friend helped me with a portio of this ( he probably got it online somewhere)

 

but anyway , even when i remove them, the \\\ comes thorugh, I believe though it's because the data option is 20' in that specific value?

 

 

Cep Regular Member

Cep

Posted
Posted

That is partially true, the quote is being escaped with slashes but would be done so by using addslashes function.

 

Do not use addslashes for validation, it is bad.

 

Use htmlentities if you want to escape all html entity types, for an overhead save you should use htmlspecialchars but you would need to specify the charset your going to use and I feel this may be a topic beyond the scope of this post.

grk101 Member

grk101

Posted
  • Author
Posted

hmm the weird this is, i tried out this one guys script at myphpscripts.net

 

which just emails anything it sees, and the \\\\ didn't appear

 

 

I am not the best at php programming so that is why i came here for some help :( sorry guys

 

i m still a tad lost.

grk101 Member

grk101

Posted
  • Author
Posted

well what i just did was remove.. the

addslashes and put down stripslahses and now it works :D

 

 

but i got an issue here

 

capturecopyuq3.jpg

 

it keeps posting my hosting info, instead of saying the persons email received from. so when i hit reply it replies to the person email. and not the webhost@cp4.

 

do you happen to know how i can fix that?

jeremyphphaven Newbie

jeremyphphaven

Posted
Posted

so dood, peep this.

 

VERY FIRST THING to put into your serving php file...

 

<?php

set_magic_quotes_runtime(0);

 

 

Line 1 and line 2... do this in all your php files on YOUR server... it turns off the server auto-adding the slashes upon http posting.  Then you won't have to worry about using stripslashes().

 

addslashes() are necessary before storing into a database... that's the only time I've ever used it.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.