Hello.
I have multiple forms on my website, and I use FormMail.pl which allows me to have code, such as:

<input type="hidden" name="required" value="contactNAME,contactEMAIL,contactLANG,contactCOMMENTS">

to make sure things are done.

Is there a way to do this with PHP though?
I.e. to submit itself to the same page, so the form i.e. <form method="post" action="cgi-bin/FormMail.pl" target="_self"> would actually have action="feedback.php" (itself) and then it validates, and if there's errors it will echo them, if not it will send it to FormMail.pl to be sent?

Is this poss, if so how would I do it, i'm rather new, so sorry.
thanks.

First of all, do not use FormMail. Security Focus put FormMail at number 3 for the top 10 attacts for the first quarter of 2002 (http://www.securityfocus.com/corporate/research/top10attacks_q1_2002.shtml).

Use something like this (http://www.webdevfaqs.com/php.php#mailer) script. If you want fields to be required, you'll just have to check that the fields are not empty (http://us3.php.net/manual/en/function.empty.php).

Ok thanks, i wasn't aware of this - is that qutie a secure script?
That script doesnt have stuff to validate though, how would i achieve that, if someone tried to submit without things filled in / correct email, or without a certain box cehcked, how could i get a nice error to be displayed before it's allowed to be submitted?
Sorry to be a nuisance.

hey pyro, you know that script in php that you just mentioned.

(http://www.webdevfaqs.com/php.php#mailer)



well is there a way of adding options to the form ie.

default form is as:


Name
Email
Comments


could i have it as


Full Name
Email
Company Name
Price Range
Style/Theme
Other Queries


is there a way of adding extra options ontop of the default form?


thanks

Yes, the way that script works, is it just loops through all the form fields. So, you can add as many as you'd like and it will continue to read them. :)

how can i do that ? (my last post) please?

if (empty($_POST['fieldname'])) {
echo "Please fill out 'fieldname'";
exit();
}

Ah thank you pyro.
Do I put that in mailer.php?

How would I validate email and whether something is checked and whether a textfield is under a certain length?
Help is wonderfully accecpted. Thanks.

sorry, the reason i asked where i put that is because i have lots of forms, with different form names -- so if it goes inside the acual form .php it will be fine .. if you can tell me and how i achieve those specific validations that i asked on my last qu i would be very grateful.

thanks.

Yes, you need to put the validation in the .php file.

To check the length, you'll want to use strlen() (http://us2.php.net/strlen) and to check if an email address is valid, regular expressions. Thank your lucky stars that Jeff Mott has already written one. ;)

http://forums.webdeveloper.com/showthread.php?s=&threadid=9604#post49397

Wonderful thanks, so these things will be checked if Submit is pressed and if they're ok, it will mail it, otherwise it will bring these errors ? :) thanks

pyro sorry as soon as i load the page its coming up those errors and not even loading my footer - i have :


<?php
include("header.php");

if (empty($_POST['contactNAME'])) {

echo "Your name cannot be blank.";

exit();

}

if (preg_match('/[^x00-x20()<>@,;:\".[]x7f-xff]+(?:.[^x00-x20()<>@,;:\".[]x7f-xff]+)*@[^x00-x20()<>@,;:\".[]x7f-xff]+(?:.[^x00-x20()<>@,;:\".[]x7f-xff]+)+/i', $_POST['contactEMAIL'])) {

echo "Address is valid";

}

else {

echo "Your E-mail address is invalid.";
}

if (empty($_POST['contactCOMMENTS'])) {

echo "Your comments cannot be blank.";

exit();

}

?>

my form goes here . . .

<?php include("footer.php"); ?>


what did i do wrong? sorry again

The validation has to take place on the mailer.php script.

ohh i misunderstood the "Yes, you need to put the validation in the .php file." sorry.
so i will have to have a sep mailer.php for each form, i.e. contact-mailer.php, support-mailer.php to have sep validation, ... in mailer.php how should i lay it out if i want my header/footer to be loaded within any error msgs that may come? thanks again.

Additionally 3 qus for you, i'm very sorry.

1. How do I get all the errors to be displayed at once if there are any - at the moment it goes through until one is corrected, then displays the next, etc.
2. How can I get it to use my header/footer.php if there's an error so they show nicely on in the theme (or is it even possible to have them echoe'd onto the form.php itself? (not something i really need...).
3. I think i've really screwed up the e-mail part, what did i do wrong, it doesn't seem to do much if anything, or is it not validating whether the mail is correct? not sure what i've done , i just want it to echo that error if it's wrong.

The code i have:


<?PHP

if (empty($_POST['contactNAME'])) {

echo "Your name cannot be blank.";

exit();

}

if (preg_match('/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+/', $_POST['contactEMAIL'])) {

echo "Your E-mail is invalid.";

exit();

}

if (empty($_POST['contactCOMMENTS'])) {

echo "Your comments cannot be blank.";

exit();

}

if (!isset ($_POST['TERMSon'])) {

echo "You must accept the terms.";

exit();

}

#######################################################
# This script is Copyright 2003, Infinity Web Design #
# Distributed by http://www.webdevfaqs.com #
# Written by Ryan Brill - ryan@infinitypages.com #
# All Rights Reserved - Do not remove this notice #
#######################################################

## The lines below need to be edited...

###################### Set up the following variables ######################
#
$to = "me@me.com"; #set address to send form to
$subject = "Results from your web form."; #set the subject line
$headers = "From: me@me.com"; #set the from address, or any other headers
$forward = 1; # redirect? 1 : yes || 0 : no
$location = "thanks.php"; #set page to redirect to, if 1 is above
#
##################### No need to edit below this line ######################

## set up the time ##

$date = date ("l, F jS, Y");
$time = date ("h:i A");

## mail the message ##

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}
else {
foreach ($_GET as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
header ("Location:$location");
}
else {
echo "Thank you for submitting our form. We will get back to you as soon as possible.";
}

?>


thanks.

Please?

#1 - you'll just want to set up a variable that will contain your error message, and just add the fields/messages that you need to echo out to that.

#2 - check if the error variable has been set, and if so, include your header, echo the error, and include your footer; then call exit() to stop the script.

#3 - are you getting any errors?

Hi pyro thanks, i'm not really good with this stuff *blank look* :confused:

With the E-mail it's almost as if it doesn't check if it's wrong, i can leave the field completely empty and it will still submit, weird!

Dunno what i'm doing but it's completely not working at ALL! Eeek.

:confused:

Let's see the code, then.

pyro hi and thanks.
basically i'v been trying to achieve those 3 things I wanted to do with the code below, if you cannot see those ideas they were:


1. How do I get all the errors to be displayed at once if there are any - at the moment it goes through until one is corrected, then displays the next, etc.
2. How can I get it to use my header/footer.php if there's an error so they show nicely on in the theme (or is it even possible to have them echoe'd onto the form.php itself? (not something i really need...).
3. I think i've really screwed up the e-mail part, what did i do wrong, it doesn't seem to do much if anything, or is it not validating whether the mail is correct? not sure what i've done , i just want it to echo that error if it's wrong.


Any help is much appreciated, thanks.


<?PHP

if (empty($_POST['contactNAME'])) {

echo "Your name cannot be blank.";

exit();

}

if (preg_match('/[^x00-x20()<>@,;:\".[]x7f-xff]+(?:.[^x00-x20()<>@,;:\".[]x7f-xff]+)*@[^x00-x20()<>@,;:\".[]x7f-xff]+(?:.[^x00-x20()<>@,;:\".[]x7f-xff]+)+/', $_POST['contactEMAIL'])) {

echo "Your E-mail is invalid.";

exit();

}

if (empty($_POST['contactCOMMENTS'])) {

echo "Your comments cannot be blank.";

exit();

}

if (!isset ($_POST['TERMSon'])) {

echo "You must accept the terms.";

exit();

}

##################################################
#####
# This script is Copyright 2003, Infinity Web Design #
# Distributed by <a href="http://www.webdevfaqs.com" target="_blank">http://www.webdevfaqs.com</a> #
# Written by Ryan Brill - ryan@infinitypages.com #
# All Rights Reserved - Do not remove this notice #
##################################################
#####

## The lines below need to be edited...

###################### Set up the following variables ######################
#
$to = "me@me.com"; #set address to send form to
$subject = "Results from your web form."; #set the subject line
$headers = "From: me@me.com"; #set the from address, or any other headers
$forward = 1; # redirect? 1 : yes || 0 : no
$location = "thanks.php"; #set page to redirect to, if 1 is above
#
##################### No need to edit below this line ######################

## set up the time ##

$date = date ("l, F jS, Y");
$time = date ("h:i A");

## mail the message ##

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}
else {
foreach ($_GET as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
header ("Location:$location");
}
else {
echo "Thank you for submitting our form. We will get back to you as soon as possible.";
}

?>

Try this:

<?PHP
$msg = "";
if (empty($_POST['contactNAME'])) {
$msg .= "Your name cannot be blank.<br>";
}
if (!preg_match('/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+/', $_POST['contactEMAIL'])) {
$msg .= "Your E-mail is invalid.<br>";
}
if (empty($_POST['contactCOMMENTS'])) {
$msg .= "Your comments cannot be blank.<br>";
}
if (!isset ($_POST['TERMSon'])) {
$msg .= "You must accept the terms.<br>";
}

if (!empty($msg)) {
include "header.php"; # include your header
echo "<p>$msg</p>";
include "footer.php"; # include your footer
}

#######################################################
# This script is Copyright 2003, Infinity Web Design #
# Distributed by http://www.webdevfaqs.com #
# Written by Ryan Brill - ryan@infinitypages.com #
# All Rights Reserved - Do not remove this notice #
#######################################################

## The lines below need to be edited...

###################### Set up the following variables ######################
#
$to = "me@me.com"; #set address to send form to
$subject = "Results from your web form."; #set the subject line
$headers = "From: me@me.com"; #set the from address, or any other headers
$forward = 1; # redirect? 1 : yes || 0 : no
$location = "thanks.php"; #set page to redirect to, if 1 is above
#
##################### No need to edit below this line ######################

## set up the time ##

$date = date ("l, F jS, Y");
$time = date ("h:i A");

## mail the message ##

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}
else {
foreach ($_GET as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
header ("Location:$location");
}
else {
echo "Thank you for submitting our form. We will get back to you as soon as possible.";
}

?>

That is wonderful pyro thank you so much!
Is this script quite secure? I'm kinda new to all this so I really wouldn't know.

Am I also thinking right that if I want to use that type of thing for each form I have, i'd simply use another "mailer.php" for each form, so for example, a signup form could have signup-mailer.php with the validation checks for that, and contact-mailer.php for a contact form?

Lastly is there a way to have the IP and stuff submitted a bit like FormMail does, it says what IP the visitor sent the form from ?

EEK UPDATE: It's still submitting even if the things are blank, the errors are showing, but it still submits???

Thank you again!

Yes, it is quite secure, and yes, the easiest way to do it would be to use separate files, if you want different validation.

If you want to send the IP along, Add this:

$msg .= "IP: ".$_SERVER['REMOTE_ADDR']."\n\n";

below this:

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";

As for why the script still submits, it is because I forgot to add the exit() to the if conditional that checks if $msg is not empty. Change it to this:

if (!empty($msg)) {
include "header.php"; # include your header
echo "<p>$msg</p>";
include "footer.php"; # include your footer
exit();
}

Working Great, thank you very much!
Here's the updated, i hope i've understood what you've said and done that:


<?PHP
$msg = "";
if (empty($_POST['contactNAME'])) {
$msg .= "Your name cannot be blank.<br />";
}
if (!preg_match('/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+/', $_POST['contactEMAIL'])) {
$msg .= "Your E-mail address is invalid.<br />";
}
if (empty($_POST['contactCOMMENTS'])) {
$msg .= "Your comments cannot be blank.<br />";
}
if (!isset ($_POST['TERMSon'])) {
$msg .= "You must accept the terms.<br />";
}

if (!empty($msg)) {
include "header.php"; # include your header
echo "<br />$msg<br />";
include "footer.php"; # include your footer
exit();
}

#######################################################
# This script is Copyright 2003, Infinity Web Design #
# Distributed by http://www.webdevfaqs.com #
# Written by Ryan Brill - ryan@infinitypages.com #
# All Rights Reserved - Do not remove this notice #
#######################################################

## The lines below need to be edited...

###################### Set up the following variables ######################
#
$to = "me@me.com"; #set address to send form to
$subject = "Results from your web form."; #set the subject line
$headers = "From: me@me.com"; #set the from address, or any other headers
$forward = 1; # redirect? 1 : yes || 0 : no
$location = "thanks.php"; #set page to redirect to, if 1 is above
#
##################### No need to edit below this line ######################

## set up the time ##

$date = date ("l, F jS, Y");
$time = date ("h:i A");

## mail the message ##

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";
$msg .= "IP: ".$_SERVER['REMOTE_ADDR']."\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}
else {
foreach ($_GET as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
header ("Location:$location");
}
else {
echo "Thank you for submitting our form. We will get back to you as soon as possible.";
}

?>

Yep, looks good to me, except this part:

echo "<br />$msg<br />";

Why'd you remove the <p> tags?

Well, I don't use <p anywhere else on my site, and I used the <br />'s so that there's a space above/below the error message as the errors are shown in a "box" .
Can't there be a <br> there ?

You don't use the <p> tag anywhere on your site?!? Why??? Wha...? huh? :confused:

Nopes :D I use just divs and <br />'s + CSS.

PS, could I use this? As I want a back button too :D


if (!empty($msg)) {
include "header.php"; # include your header
echo "<br />$msg<br />";
echo "<input type="button" class="option" value="< Back" onclick="history.back()"><br />";
include "footer.php"; # include your footer
exit();
}

You do realize that almost undoubtedly that is incorrect use of markup, don't you? Any paragraphs should be marked up as such - the <p> tag.

Hmm true, yes...I'll do that now, thanks.
Was what I put though okay, if it wasn't for the breaks with the back button?

No, as you did not escape the quotes. Also, the < in the value should be translated to it's character entity: &amp;lt;

echo "<input type=\"button\" class=\"option\" value=\"&lt; Back\" onclick=\"history.back()\"><br />";

Now the only problem with it (besides the fact that an <input> tag needs to be inside a <form> tag) is that it relies on JavaScript.

Okay pyro thanks, i'll leave that - it's working all nicely, so I won't muck it up! hehehehe.
I guess my next venture would be to have one of those nice php generated "human input" things where random words are put on a background that has to be entered and validated. I think that's a step in a few months though ;)

Thanks!!!

You are welcome, and good luck. :)

Last qu on this pyro, :D sorry.

Say for argument's sake my feedback form's mailer is called "contact-mailer.php" if i visit http://mysite.com/contact-mailer.php i'm presented with those validation errors even tho it hasn't been submitted from the form, is that normal and if not how do i stop that?

thanks!

Yes, that's normal, and I don't see any real reason to stop it, as no one should be viewing the file directly, and if they do, the error message will not hurt anything.

hey 2 things:
1) I always thought to go back u would use: onclick="history.go(-1);"
2) If u want the error to stop do this at the beginning of the php script:

if (exists $_POST[valadator]){

then in the end of the script put:

}

then in the form put this code in:

<input type=hidden name=valadator>

now they will only recive the error if it is submitted from the form. I think the first php code i gave u is correct with the exists thing. But I never put exists I just put $_POST[valadator]... oh well.

1 - They are equivalent

2 - What is exists? Certainly no defined function in PHP. Best use isset() (http://us3.php.net/isset) to detect if a variable is set (exists).

Hi there again.
Kyleva2204 i don't really understand your post, was it meant here? :confused:

pyro thanks for all your help :D
Two last qus if I may.

Say on my forms I have a select with the name "language" and one of the options was:

<option value="notselected" selected>Please select</option>

How can I make it that it validates that if it's submitted with that "Please select" as the value it will give an error telling them to select a language?

Also, lastly, I guess this is more difficult, but if I have a table full of checkboxes which is for a pattern of times, how can i check whether something within that table is selected, would it be easy or would I have to give the value of each checkbox (there's lots...)

thanks!

pyro do you understand the post before, what does it mean / what did i do wrong?

:D Thank you again.

UPDATE think i've sorted the select thing, please tell me if i've done it right!
I've changed the <option to a value of "" so <option value="">Please select</option>
with the select name of TIMEZONE

then i used:


if (empty($_POST['TIMEZONE'])) {
$msg .= "Your select a timezone.<br />";
}

Originally posted by Teach
I have a table full of checkboxes which is for a pattern of times, how can i check whether something within that table is selected
The easiest way would be to name your checkboxes with a [] at the end, so PHP will interpret it as an array. Unfortunatly, it is not valid to do so.

Originally posted by Teach
pyro do you understand the post before, what does it mean / what did i do wrong?
No, what was the question?

pyro ok thanks, it's not important about the checkboxes, but was I correct with the select thing with that piece of code I pasted to make sure they select an option?

The other question was what Kyleva2204 said.
Thanks.

Yep, it looks ok to me.

ok thanks.

You're welcome. :)

pyro hi there again, sorry to make this drag!
Just a couple more qus about the PHP i've pasted below relating to this thread.

Firstly, is how I've done all the below okay? Any comments/suggestions?
Secondly, hopefully I'm using the correct Email check thing, it looks Dutch to me ;)
And lastly, I need to achieve one more thing with this. The siteUSERNAME already has in the input tax the maxlength so that's not a problem, however - can you tell me how I can make the below validate that siteUSERNAME only contains A to Z, a to z and 0 to 9 only? The usernames they have cannot contain any special chars or anything like that, just what I mentioned above.

If you can help me with this it'd be much appreciated.
Once again thank you pyro.

The code:


<?PHP
$msg = "";
if (empty($_POST['contactNAME'])) {
$msg .= "Your name cannot be left blank.<br />";
}
if (empty($_POST['siteUSERNAME'])) {
$msg .= "Your username cannot be left blank.<br />";
}
if (!preg_match('/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+/', $_POST['contactEMAIL'])) {
$msg .= "Your E-mail address is invalid.<br />";
}
if (!isset ($_POST['TERMSon'])) {
$msg .= "You must accept the terms.<br />";
}

if (!empty($msg)) {
include "../header.php"; # include your header
echo "<p>$msg</p>";
include "../footer.php"; # include your footer
exit();
}

#######################################################
# This script is Copyright 2003, Infinity Web Design #
# Distributed by http://www.webdevfaqs.com #
# Written by Ryan Brill - ryan@infinitypages.com #
# All Rights Reserved - Do not remove this notice #
#######################################################

## The lines below need to be edited...

###################### Set up the following variables ######################
#
$to = "me@me.com"; #set address to send form to
$subject = "Results from your web form."; #set the subject line
$headers = "From: me@me.com"; #set the from address, or any other headers
$forward = 1; # redirect? 1 : yes || 0 : no
$location = "thanks.php"; #set page to redirect to, if 1 is above
#
##################### No need to edit below this line ######################

## set up the time ##

$date = date ("l, F jS, Y");
$time = date ("h:i A");

## mail the message ##

$msg = "Below is the result of your feedback form. It was submitted on $date at $time.\n\n";
$msg .= "IP: ".$_SERVER['REMOTE_ADDR']."\n\n";

if ($_SERVER['REQUEST_METHOD'] == "POST") {
foreach ($_POST as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}
else {
foreach ($_GET as $key => $value) {
$msg .= ucfirst ($key) ." : ". $value . "\n";
}
}

mail($to, $subject, $msg, $headers);
if ($forward == 1) {
header ("Location:$location");
}
else {
echo "Thank you for submitting our form. We will get back to you as soon as possible.";
}

?>

Looks ok. The easiest way to judge that is to check if it is working. ;)

As far as checking for A-Z, a-z, and 0-9, try this:

if (!preg_match("/^[a-zA-Z0-9]+$/", $variable)) {
$msg .= "That field must only contain A-Z, a-z and 0-9";
}

Thank you pyro, so i'd have something like this (as i'd keep the other to check something has indeed been entered first!, that's correct right?


if (empty($_POST['siteUSERNAME'])) {
$msg .= "Your username cannot be blank.<br />";
}
if (!preg_match("/^[a-zA-Z0-9]+$/", $siteUSERNAME)) {
$msg .= "That field must only contain A-Z, a-z and 0-9";
}

The regex itself should do, as it does not allow the field to be empty.

Ah yes, thank you very much pyro, it's working great, i'm just using:


if (!preg_match("/^[a-zA-Z0-9]+$/", $siteUSERNAME)) {
$msg .= "That field must only contain A-Z, a-z and 0-9";
}


now, thank you very much again.

You are very welcome. :)

Hiya.

I'm using the same script, and same validation, how can I make it that if all the fields are filled in, and it submits ok, that instead of directing or showing a thank you message, how can I make the mailer load my header and footer, and then show what was sent in a easy-to-read fashion? would this be difficult?

Thanks in advance.

Regards,