homepage Welcome to WebmasterWorld Guest from 54.204.94.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Change Location
peterinwa




msg:4629202
 8:08 am on Dec 10, 2013 (gmt 0)

I've used HTML and JavaScript for years and am finally trying PHP. There are a gazillion tutorials on the web telling you how to code a simple form on a webpage that sends the input in an e-mail.

The problem is that they all end up with a blank white screen and a PHP print message like: Form Sent

They all do that, but it's so lame. Who wants to end up with a black screen and no links! You should end up on a page of your website.

So I'm trying to direct it to the URL of one of my webpages, and inserted the code you see below. I understand it is failing because you can only use header location at the start of your php file. But you don't want to change the location before executing the php?

Thank you, Peter

<html><body>
<?php
$to="info@columbiariverpetpartners.org";
$subject="Membership Application";
$name=$_REQUEST['name'];
$FirstName=$_REQUEST['FirstName'];
$LastName=$_REQUEST['LastName'];
$FullName="$FirstName $LastName";
$message="First Name: $FirstName\nLast Name: $LastName";
$headers="From: $FullName";
$sent=mail($to,$subject,$message,$headers);
if ($sent) {header("Location: sent.html");
exit}
else {header("Location: failed.html");
exit}
?>
</body>
</html>

 

topr8




msg:4629261
 11:46 am on Dec 10, 2013 (gmt 0)

remove the html and body tags

peterinwa




msg:4629346
 4:11 pm on Dec 10, 2013 (gmt 0)

Okay, thanks.

This is the error I'm getting now:

Parse error: syntax error, unexpected '}' in /home/myschnbg/public_html/columbiariver/application.php on line 12

Line 12 is the first exit line. I've tried many different things and it always has a problem with that }.

Thank you, Peter

peterinwa




msg:4629362
 5:21 pm on Dec 10, 2013 (gmt 0)

I did some more Googling and found a way to avoid using header, and it works great!

<?php
$to="info@columbiariverpetpartners.org";
$subject="Membership Application";
$name=$_REQUEST['name'];
$FirstName=$_REQUEST['FirstName'];
$LastName=$_REQUEST['LastName'];
$FullName="$FirstName $LastName";
$message="First Name: $FirstName\nLast Name: $LastName";
$headers="From: $FullName";
$sent=mail($to,$subject,$message,$headers);
if ($sent){echo '<script type="text/javascript"> document.location = "sent.html";</script>'}
// if ($sent) {header("Location: sent.html");
// exit}
// else {header("Location: failed.html");
// exit}
?>


Almost. The echo line works on its own, but as soon as I put it inside if ($sent){} then I get the error message I posted about just above.

So I've solved the problem of getting to a new page, but if I want to go to one page if the e-mail was sent, and another if the e-mail failed, then I have to solve what looks to be a basic question of PHP syntax.

Also, I accidentally posted this topic 3 times last night. Perhaps the other 2 can be deleted.

Peter

swa66




msg:4629432
 10:54 pm on Dec 10, 2013 (gmt 0)

Javascript to do a simple redirect ? Why ?

Note that any header should be sent before any content was shown (so no "thank you")
Note that you should specify a full URL in the Location header, not a relative one according to the relevant standards.
Ref: http://tools.ietf.org/html/rfc2616#page-135

You want code like this (assumes an apache environment):

header('Location: https://'.$_SERVER['SERVER_NAME'].preg_replace('/\/[^\/]*$/','',$_SERVER['PHP_SELF']));
/* Redirect browser to index*/
exit();


The preg_replace is used to chop off the filename (e.g. removes foobar.php from https://www.example.com/dir/foobar.php) and to point to the index page in dir instead.
Add on the name of a page where/as needed using string concatenation or change in in the regexp as you need it...

Oh BTW: the syntax error for exit} is a missing semicolumn: exit; } would have worked.

swa66




msg:4629434
 11:16 pm on Dec 10, 2013 (gmt 0)


[..]
$LastName=$_REQUEST['LastName'];
$FullName="$FirstName $LastName";
[...]
$headers="From: $FullName";
$sent=mail($to,$subject,$message,$headers);

Your lack of input validation will give hackers a fieldday if they discover this in production use.
e.g. What if $_REQUEST['LastName'] were to include a newline and some other headers ?

Anything coming in from the browser must be positively validated before any use is made of it.
Consider it tainted.

Als I'd suggest to chose POST or GET methods and use the $_POST or $_GET instead of the generic $_REQUEST. The reason behind it is a more complex issue with preventing CSRF attacks.
To avoid that becoming a hard to fix problem:
- Chose the GET method for things that do not change server side data where the amount of data going to the server is small
- Chose POST for anything else, and include a random token (best: one random token per suer stored in their session data) in the form that is validated by the server - so the server is assured the browser is replying to a filled-out form it sent out earlier, not to a hacker who's using tricks to get valid users to perform unwanted and unwittingly unwarranted changes.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved