Checking for blank fields

Forum Moderators: coopster

Message Too Old, No Replies

Checking for blank fields

Email form processing gets stuck

buksida

8:20 am on Nov 29, 2005 (gmt 0)

I have recently had to change my email enquiry forms to stop the spammers and have used a more complex one that does autoresponders, email headers etc etc.

It all works fine except one issue, the blank field checker. This always activates regardless of whether the fields are blank or not.

Below is the code from the mail.php file that governs it:

//> Check that all fields have been completed
if (($email == "") ¦¦ ($subject == "") ¦¦ ($message == "")) {
readfile("blankfields.html");
exit;
} else {
}

Whatever I do I get this blankfields.html page whenever the form is submitted. Then I click "back" and "submit" again without changing anything and it goes through.

Any ideas how to fix it?

coopster

3:51 pm on Nov 29, 2005 (gmt 0)

At first glance your logic and syntax look legit, there must be something else causing the issue. Are you certain you have checked the $_POST variables and assigned their values to "$email", "$subject" and "$message" prior to this logic in your code?

simon2263

3:53 pm on Nov 29, 2005 (gmt 0)

Can you provide some context - like PHP version, how you're accessing the form data, etc.?

directrix

4:07 pm on Nov 29, 2005 (gmt 0)

How are $email, $subject and $message populated?

buksida

7:57 am on Nov 30, 2005 (gmt 0)

Thanks for the suggestions, have solved the issue now by using this code:

if ((empty($to) ¦¦ (empty($from) ¦¦ empty($email) ¦¦ empty($subject) ¦¦ empty($message) ¦¦ empty($tel)) {
readfile("blankfields.html");
exit;
} else {
}

And removing the $to since it is the hidden input of the email address where the form goes. I guess that field doesnt need to be checked since it cant be filled in.

directrix

9:40 am on Nov 30, 2005 (gmt 0)

Beware of empty; it returns FALSE for 0 (the integer) and '0' (the string), which may not be what you expect. It's unlikely to cause a problem in this case, though, unless maybe someone tries to use 0 as the subject line!

I guess that field doesnt need to be checked since it cant be filled in.

It can be filled in if, for example, someone takes a copy of your HTML and modifies it to populate the hidden field. Or a bot could simulate your form, and send malicious entries. So you may still need to check $to, to guard against such exploits.

buksida

5:39 am on Dec 1, 2005 (gmt 0)

Thanks for that.

But if I include the $to field I get the original problem back with the blankfields.htm being shown every time.

How do I get around this.

simon2263

6:40 am on Dec 1, 2005 (gmt 0)

Sounds like $to is really empty - and hence is the real cause of the problem. I would check that the value of $to is really the value you think it is, perhaps by echoing it to the page using a line like
echo "...$to...";
with the dots either side so you can see all the characters of the $to value, AND by changing the form method to GET so that all the form data is visible in the URL query string.

This would allow you to check that (1) the hidden data is really being sent (as well as by what field name) and (2) that you are correctly receiving it in the php.

Simon

buksida

7:15 am on Dec 2, 2005 (gmt 0)

The $to field from the form is:

Its the first field to be read before $from and $email:

What would I need to do to it to make it appear filled in?

coopster

4:04 pm on Dec 5, 2005 (gmt 0)

To make what appeared filled-in? The "To:" field? To make a non-<input> form field appear filled-in you just print that field's information to the browser without displaying it in an <input> element. If it is an existing <input> element, like your "From:" field here, you just print the current field's value in the value attribute. It might appear something like this:

<p>To: <input type="hidden" name="to" value="sales@website.com">sales@website.com</p> 
<p>From: <input type="text" name="from" value="<?php print $from;?>"></p>