Forum Moderators: coopster
i am new to php and am having 2 problems with my form page server side validation script. i hope someone will be kind enough to help me out. i am not sure if i am missing some code or its not setup correctly.
1. when i click on submit on the form page and the user has inputted incorrect information, the form page gets redirected back to the form page correctly but the error message i assigned using the echo command within the server side script never appears for the user to see.(see server side script below)
2. Also i cannot get the user's typed input to reappear uppon redirection back to the form page. the user input fields are all empty when redirected.
Here is some code from my form page that i think should allow for the users input to reappear upon submission error.
<input type=text name="from" id="from" VALUE="<?php echo $_send['from']?>"
<input type="text" name="telnr" id="telnr" value="<?php echo $_POST['telnr']?>"
the php form page is located here: <snip>
Here is my server side script that does not send the input error warnings to the user:
<?php
$site_name = "Computer Repair South Florida";
$admin_email = "info@example.com";
// Receiving variables
@$from = addslashes($_POST['from']);
@$email = addslashes($_POST['email']);
@$telnr = addslashes($_POST['telnr']);
@$street = addslashes($_POST['street']);
@$city = addslashes($_POST['city']);
@$state = addslashes($_POST['state']);
@$zipcode = addslashes($_POST['zipcode']);
@$contact_by = addslashes($_POST['contact_by']);
@$subject = addslashes($_POST['subject']);
@$textarea = addslashes($_POST['textarea']);
@$imagefield = addslashes($_POST['imagefield']);
function check_email_address($email) { function escape_val($string) { if (strlen($from) <2) if (strlen($telnr) < 7) if (strlen($telnr) > 14) if (strlen($street) <3) if (strlen($city) <2) if (strlen($state) == 0 ) if (strlen($zipcode) <5) if (strlen($zipcode) > 10) if (strlen($subject) == 0 ) $check_email = check_email_address($_REQUEST['email']); if(mail($admin_email,$email_subject,$Buffer,"From:$check_email")) { [1][edited by: dreamcatcher at 6:34 pm (utc) on Aug. 24, 2008]
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
header("Location: contact-us.php?status=0");
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{¦}~-][A-Za-z0-9!#$%&'*+/=?^_`{¦}~\.-]{0,63})¦(\"[^(\\¦\")]{0,62}\"))$", $local_array[$i])) {
header("Location: contact-us.php?status=0");
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array)) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
die ("Invalid email address");// Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])¦([A-Za-z0-9]+))$", $domain_array[$i])) {
header("Location: contact-us.php?status=0");
}
}
}
return $email;
}
$string = str_replace(array('"',"<",">"), array(""","<",">"), $string);
return $string;
}
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter your name</font></p>");
die;
}
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid telephone number</font></p>");
die;
}
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid telephone number</font></p>");
die;
}
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid street</font></p>");
die;
}
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid city</font></p>");
die;
}
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please select a valid state</font></p>");
die;
}
{
header("Location: contact-us.php?status=0");
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid zipcode</font></p>");
}
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid zipcode</font></p>");
die;
}
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please select a valid subject</font></p>");
die;
}
$time = date('l dS \of F Y h:i:s A');
$email_subject = "New contact message from ".$site_name."";
$Buffer = "----- Contact Info --------------------\n\n".
"Customer Name: " . ($_POST['from'] . "\n") .
"Customer E-mail: " . ($_POST['email'] . "\n") .
"Customer Telephone: " . ($_POST['telnr'] . "\n") .
"Customer City: " . ($_POST['city'] . "\n") .
"Customer State: " . ($_POST['state'] . "\n") .
"Customer zipcode: " . ($_POST['zipcode'] . "\n") .
"Customer contact_by: " . ($_POST['contact_by'] . "\n") .
"Customer subject: " . ($_POST['subject'] . "\n") .
"Customer Message: \n\n" . wordwrap($_POST['textarea'] . "\n", 48) .
"---------------------------------------------\n\n";
header("Location: contact-us.php?status=1");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Thank you, your form has been submitted. We will contact you shortly.</font></p>");
die;
exit;
} else {
header("Location: contact-us.php?status=0");
}
?>
[edit reason] No personal urls, thanks. [/edit]
Your problem is because you are calling the header function before the message is being echoed. This forces a page refresh without displaying anything.
dc
And in each of your <input> elements echo the value you get from session if it's there or a default value (which may be an empty string) if it's not.
my form page now consists of the following:
<?php
// Always at the VERY TOP of the page.
require 'captcha.php';
session_start();
if(isset($_SESSION['error']))
echo $_SESSION['error'];
?>
<input type=text name="from" id="from" VALUE="<?php echo $_POST['from']?>"
server script page now consists of the following:
<?php
$site_name = "Computer Repair South Florida";
$admin_email = "info@example.com";
// Receiving variables
@$from = addslashes($_POST['from']);
@$email = addslashes($_POST['email']);
@$telnr = addslashes($_POST['telnr']);
@$street = addslashes($_POST['street']);
@$city = addslashes($_POST['city']);
@$state = addslashes($_POST['state']);
@$zipcode = addslashes($_POST['zipcode']);
@$contact_by = addslashes($_POST['contact_by']);
@$subject = addslashes($_POST['subject']);
@$textarea = addslashes($_POST['textarea']);
@$imagefield = addslashes($_POST['imagefield']);
function check_email_address($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
header("Location: contact-us.php?status=0");
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{¦}~-][A-Za-z0-9!#$%&'*+/=?^_`{¦}~\.-]{0,63})¦(\"[^(\\¦\")]{0,62}\"))$", $local_array[$i])) {
header("Location: contact-us.php?status=0");
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
die ("Invalid email address");// Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])¦([A-Za-z0-9]+))$", $domain_array[$i])) {
header("Location: contact-us.php?status=0");
}
}
}
return $email;
}
function escape_val($string) {
$string = str_replace(array('"',"<",">"), array(""","<",">"), $string);
return $string;
}
if (strlen($from) <2)
session_start();
$_SESSION['from'] = $from;
.
.
$_SESSION['error'] = 'Please enter your name';
{
header("Location: contact-us.php?status=0");
die;
}
if (strlen($telnr) < 7)
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid telephone number</font></p>");
die;
}
if (strlen($telnr) > 14)
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid telephone number</font></p>");
die;
}
if (strlen($street) <3)
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid street</font></p>");
die;
}
if (strlen($city) <2)
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid city</font></p>");
die;
}
if (strlen($state) == 0 )
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please select a valid state</font></p>");
die;
}
if (strlen($zipcode) <5)
{
header("Location: contact-us.php?status=0");
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid zipcode</font></p>");
}
if (strlen($zipcode) > 10)
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid zipcode</font></p>");
die;
}
if (strlen($subject) == 0 )
{
header("Location: contact-us.php?status=0");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please select a valid subject</font></p>");
die;
}
$check_email = check_email_address($_REQUEST['email']);
$time = date('l dS \of F Y h:i:s A');
$email_subject = "New contact message from ".$site_name."";
$Buffer = "----- Contact Info --------------------\n\n".
"Customer Name: " . ($_POST['from'] . "\n") .
"Customer E-mail: " . ($_POST['email'] . "\n") .
"Customer Telephone: " . ($_POST['telnr'] . "\n") .
"Customer City: " . ($_POST['city'] . "\n") .
"Customer State: " . ($_POST['state'] . "\n") .
"Customer zipcode: " . ($_POST['zipcode'] . "\n") .
"Customer contact_by: " . ($_POST['contact_by'] . "\n") .
"Customer subject: " . ($_POST['subject'] . "\n") .
"Customer Message: \n\n" . wordwrap($_POST['textarea'] . "\n", 48) .
"---------------------------------------------\n\n";
if(mail($admin_email,$email_subject,$Buffer,"From:$check_email")) {
header("Location: contact-us.php?status=1");
echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Thank you, your form has been submitted. We will contact you shortly.</font></p>");
die;
exit;
} else {
header("Location: contact-us.php?status=0");
}
?>
Also, where you have this (and you're missing a semicolon):
<input type=text name="from" id="from" VALUE="<?php echo $_POST['from']?>"
If it's a different script, POST isn't there anymore - that's why you're putting the stuff into the session. What you want is:
<input type=text name="from" id="from" VALUE="<?php echo $_SESSION['from'];?>"
assuming you reached that statement in the previous script. However, it can cause warnings, so a better way to do it is:
<input type=text name="from" id="from" VALUE="<?php echo ((isset($_SESSION['from']) ? $_SESSION['from'] : '');?>"
What that means is, if the session variable is available, use it, otherwise spit out an empty string.
