homepage Welcome to WebmasterWorld Guest from 54.198.148.191
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Form works but showing error prior to adding any input
php4U




msg:3760930
 12:56 am on Oct 8, 2008 (gmt 0)

I've modified some code from an existing form to build a "tell a friend" form. When I added the additional fields for the "friend's" info the form works but shows an error prior to typing anything into any input box.

I hate to just post code, but I'm overlooking something that someone else might be able to easily spot.(shortened code as much as possible) Commented around line 44 which is the line that shows prior to anything being entered at all.


<?php
function clean($data) {
$data = trim(stripslashes(strip_tags($data)));
return $data;
}

$exploits = "/(content-type在cc:圭c:圬ocument.cookie她nclick她nload守rl=守rl奸ink=奸ink多ttp:多ttps:)/i";
$profanity = "/(ass在itch)/i";
$spamwords = "/(viagra如hentermine)/i";
$bots = "/(Indy冰laiz匡ava奸ibwww-perl同ython吏utfoxBot各ser-Agent同ycURL再lphaServer)/i";

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
exit("<p class='ect'>Known spam bots are not allowed.</p>");
}
foreach ($_POST as $key => $val) {
$c[$key] = clean($val);

if (preg_match($exploits, $val)) {
exit("<table><tr><td style='background-color:#FFFFCC;border:1px solid #FF0000;line-height:14px;padding:5px;font-size:11px;color: #596723;'><strong>ERROR:</strong><p>Exploits/malicious scripting attributes aren't allowed.<br><br>Click your back browser button to submit the appropriate content.</p></td></tr></table>");
} elseif (preg_match($profanity, $val) 戌 preg_match($spamwords, $val)) {
exit("<table><tr><td style='background-color:#FFFFCC;border:1px solid #FF0000;line-height:14px;padding:5px;font-size:11px;color: #596723;'><strong>ERROR:</strong><p>That kind of language is not allowed through our form.<br><br>Click your back browser button to submit the appropriate content.</p></td></tr></table>");
}
}

$show_form = true;
$error_msg = NULL;

if (isset($c['submit'])) {
if (empty($c['y_name']) 戌 empty($c['y_email']) 戌 empty($c['f_name']) 戌 empty($c['f_email']) 戌 empty($c['comments'])) {
$error_msg .= "All fields are required, please fill them in. \n";
## YOUR INFO CHECK ##
} elseif (strlen($c['y_name']) > 25) {
$error_msg .= "Please enter your name. (25 characters or less)\n";
} elseif (!ereg("^[A-Za-z' -]", $c['y_name'])) {
$error_msg .= "Your name must not contain special characters. \n";

} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['y_email']))) {
$error_msg .= "Your email address isn't valid. \n";
}
## FRIEND INFO CHECK ##
} elseif (strlen($c['f_name']) > 25) {
$error_msg .= "Please enter your friend's name. (25 characters or less)\n";
} elseif (!ereg("^[A-Za-z' -]", $c['f_name'])) {
$error_msg .= "Your friend's name must not contain special characters. \n"; // THIS IS SHOWING BEFORE ENTERING ANYTHING INTO THE FORM

} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['f_email']))) {
$error_msg .= "Your friend's email address isn't valid. \n";
}

if ($error_msg == NULL) {
$show_form = false;

if (!empty($c['url']) && !ereg("^(http多ttps)", $c['url'])) {
$c['url'] = "http://" . $c['url'];
}

$subject = "Request to visit a website";
//////// Change top email message line here
$message = "Hi $f_name \n Your friend $y_name requested that you visit the following site at... \n http://example.com \n \n ";
foreach ($c as $key => $val) {
//$message .= ucwords($key) . ": $val \n";
}
$message .= "If you have any questions about any items please feel free to contact me at the following link: \n http://example.com/index.php?page=contact \n \n Regards, \n Admin \n Your website";

if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) {
$headers = "From: $y_name <$y_email> \n";
$headers .= "Reply-To: {$c['y_email']}";
} else {
$headers = "From: $y_name <$y_email> \n";
$headers .= "Reply-To: {$c['email']}";
}

$recipient = "$f_email";

if (mail($recipient,$subject,$message,$headers)) {
echo "<table><tr><td style='background-color:#FFFFCC;border:1px solid #FF0000;line-height:14px;padding:5px;font-size:11px;color: #596723;'><strong>SUCCESS: </strong><p>Your message was successfully sent.</p></td></tr></table>";
} else {
echo "<table><tr><td style='background-color:#FFFFCC;border:1px solid #FF0000;line-height:14px;padding:5px;font-size:11px;color: #596723;'><strong>FAILURE: </strong><p>Your message could not be sent this time. Please try again later.</p></td></tr></table>";
}
}

if (!isset($c['submit']) 戌 $show_form == true) {
function get_data($var) {
global $c;
if (isset($c[$var])) {
echo $c[$var];
}
}

if ($error_msg != NULL) {
echo "<table><tr><td style='background-color:#FFFFCC;border:1px solid #FFCC00;line-height:14px;padding:5px;font-size:11px;color: #596723;'><strong>ERROR: </strong><p>";
echo nl2br($error_msg) . "</p></td></tr></table>";
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"><p>
<table border="0" cellpadding="0" cellspacing="0">
<tr><td width=151><font face='Verdana' size='2' >Your Name</font><input name="y_name" type="text" id="y_name" value="<?php get_data("y_name"); ?>" /></td>
<td width=151><font face='Verdana' size='2' >Your Email</font><input name="y_email" type="text" id="y_email" value="<?php get_data("y_email"); ?>" /></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td></tr>
<tr><td><font face='Verdana' size='2' >Your Friend's Name<br>
<input name="f_name" type="text" id="f_name" value="<?php get_data("f_name"); ?>" />
</font></td><td><font face='Verdana' size='2' >Friend's Email</font><br>
<input name="f_email" type="text" id="f_email" value="<?php get_data("f_email"); ?>" /></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td></tr>
<tr ><td><font face='Verdana' size='2' >Your Message</font></td><td>&nbsp;</td></tr>
<tr><td colspan=2><font face='Verdana' size='2' ><textarea name="comments" cols="40" rows="5" id="comments"><?php get_data("comments"); ?></textarea></font></td></tr>
<tr><td colspan=2><font face='Verdana' size='2' ><input name="submit" type="submit" value="Send">* All fields are required</font></td></tr></table></form>
<?php
}
?>

Any help would be appreciated. I've tried several things and can't get it to show no errors when you look at the form initially.

 

dreamcatcher




msg:3761105
 8:02 am on Oct 8, 2008 (gmt 0)

Might help if you told us the error you are seeing.

dc

php4U




msg:3761363
 3:58 pm on Oct 8, 2008 (gmt 0)

Commented around line 44 which is the line that shows prior to anything being entered at all.

$error_msg .= "Your friend's name must not contain special characters. \n"; // THIS IS SHOWING BEFORE ENTERING ANYTHING INTO THE FORM

Not sure why it shows this error, before anything is input into the form.

Thank you.

[edited by: php4U at 4:01 pm (utc) on Oct. 8, 2008]

dublinmike




msg:3761409
 4:59 pm on Oct 8, 2008 (gmt 0)

Instead of the following:


!ereg("^[A-Za-z' -]", $c['f_name'])

try...


ereg("[^A-Za-z' -]+", $c['f_name'])

Your regex is matching the start of a line, then a single allowable character. Unless the name entered is 'J' or something then the message will get printed. The above code says print that message if you find one un-allowable character in f_name. I haven't tested this, just a suggestion...

php4U




msg:3761722
 1:23 am on Oct 9, 2008 (gmt 0)

Thank you for the reply. I tried it out but it just moved to the next line and showed email address isn't valid.

This is the code before I made the changes...

if (isset($c['submit'])) {
if (empty($c['name']) 戌 empty($c['email']) 戌 empty($c['comments'])) {
$error_msg .= "Name, Email, and Question / Comment are required fields. \n";
} elseif (strlen($c['name']) > 25) {
$error_msg .= "The name field is limited at 25 characters. Your first name will do! \n";
} elseif (!ereg("^[A-Za-z' -]", $c['name'])) {
$error_msg .= "The name field must not contain special characters. \n";
} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['email']))) {
$error_msg .= "That is not a valid e-mail address. \n";
}

if ($error_msg == NULL) {
$show_form = false;

if (!empty($c['url']) && !ereg("^(http多ttps)", $c['url'])) {
$c['url'] = "http://" . $c['url'];
}

$subject = "Contact from your website";

I changed "name" "email" and "comments" which worked ok to...

"y_name" "y_email" "f_name" "f_email" "comments" for the 2 additional fields I added and this is where I started to get my error.

if (isset($c['submit'])) {
if (empty($c['y_name']) 戌 empty($c['y_email']) 戌 empty($c['f_name']) 戌 empty($c['f_email']) 戌 empty($c['comments'])) {
$error_msg .= "All fields are required, please fill them in. \n";
## YOUR INFO CHECK ##
} elseif (strlen($c['y_name']) > 25) {
$error_msg .= "Please enter your name. \n";
} elseif (!ereg("^[A-Za-z' -]", $c['y_name'])) {
$error_msg .= "Your name must not contain special characters. \n";

} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['y_email']))) {
$error_msg .= "Your email address isn\'t valid. \n";
}
## FRIEND INFO CHECK ##
} elseif (strlen($c['f_name']) > 25) {
$error_msg .= "Please enter your friend\'s name. \n";
} elseif (!ereg("^[A-Za-z' -]", $c['f_name'])) {
$error_msg .= "Your friend\'s name must not contain special characters. \n";

} elseif (!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$",strtolower($c['f_email']))) {
$error_msg .= "Your friend\'s email address isn't valid. \n";
}

if ($error_msg == NULL) {
$show_form = false;

if (!empty($c['url']) && !ereg("^(http多ttps)", $c['url'])) {
$c['url'] = "http://" . $c['url'];
}

$subject = "Request to visit a website";


Part in bold is what was added to original form.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved