I'd like to know how to build a "better-mouse trap" for my form. (Online: http://sonoracabinets.com/contact.html and don't worry, it is valid HTML 4.01 Transitional but not Strict.) There is a way to by-pass the JavaScript form validation, so I am using PHP to validate the form if the person trying to by-pass validation just happens to know how to get past it (there's only one Javascript way that exists that I know of).

I have the following PHP code for my form validation and it works great, however, I was wondering if there were any tips or other better ways of validating the form (in addition to what I already have).


if($_POST['clientName']=="" || $_POST['clientName']==" "){
$msg = "<li type=\"square\">Your <i>full</i> name.</li>";
} else{$correct=1;}
if($_POST['clientEmail']=="" || $_POST['clientEmail']==" "){
$msg .= "<li type=\"square\">Your <i>email</i> address.</li>";
} else {$correct+=1;}
if($_POST['clientMsg']=="" || $_POST['clientMsg']==" " || $_POST['clientMsg']=='\n'){
$msg .= "<li type=\"square\">Your <i>message</i>.</li>";
} else {$correct+=1;}
if($correct==3){
$compMsg="You have received an email from $_POST['clientName'] from your Web site: www.SonoraCabinets.com. Here is their information:\nClient Name: ".$_POST['clientName']."\nClient Email Address: ".$_POST['clientEmail']."\nClient Message: ".$_POST['clientMsg'];
mail("sales@sonoracabinets.com","Email from www.SonoraCabinets.com",$compMsg,"From:$_POST['clientEmail']");
echo ("<P><h2>Here is the information you sent us:</h2></p>
<p>Full Name: ".$_POST['clientName']."</p>
<p>Email address: ".$_POST['clientEmail']."</p>
<p>Your message: ".$_POST['clientMsg']."</p><br>
<p><h3>Thank you for your email! We will get back to you as soon as possible!</h3></p>");
} else {
echo ("<font color=\"red\">You have left out the following field(s):<br><ul>");
echo $msg;
echo ("</ul><br>Please click the <a href=\"javascript:history.go(-1)\">back</a> button on your browser and fill out the form correctly.</font>");
}


Thanks, guys. ;)

P.S. I just so wanted to post a PHP question in the new forum. lol :D

It looks pretty good, unless you want to validate the email address. Also, just to point out how most people would do it syntactially, they would set $correct = 0; before any validation takes place, then any errors set $correct = 1; You can then check if ($correct == 0). But, that is just a matter of preference, I would say...

Also, in the $compMsg and mail() did you forget to \ some of your "s? It looks like it to me...

Actually, it works perfectly, but I did want to make it validate the email address better. (Did you take a look at my JavaScript code on that page? It's hard to read, but it works very well.) This forum added UBB code to my script, so the quotes were screwed. lol, it has the quotes escaped properly in the *real* script. :D

So, how would I go about validating the email field? I tried using if(strlen($_POST['clientName']<3)){ but that caused a parse error (T_VARIABLE is undefined or something like that). I'm not sure why, but that doesn't really matter, though. Does PHP have a method like JavaScript's indexOf() method?

I would use regular expressions to do this. Something like this... (untested)

if (preg_match("/^\w+@\w+\.[a-z]{2,}(\.[a-z]{2,})?$/i", $_POST['clientEmail'])) {
echo "Address is valid";
}
else {
echo "Address is invalid";
}

Hmmm.. This brings up a new question. I've never use Regular Expressions in PHP (ok, so I've used them once (http://jona.t35.com/form_test.html) before, but.. ;)) Could you break that down for me?

/^w+@w+.[a-z]{2,}(.[a-z]{2,})?$/i

Ignore case, I understand the a-z thing, but what is the {2,} for? And what is the w for?

Ah, crap... the forums messed it up. It is supposed to be \w which stands for any alpha-numeric character, including the underscore. It is equivalent to [A-Z-a-z0-9_] And, the {2,} is to check the lenght of the TLD. It makes sure the TLD is at least 2 characters long, but it can be longer. I am not certain on the maximum length of a TLD, so I left the second part blank (and lenght) For insance .museum is a valid TLD, and if we were sure that was the longest, we could do {2,6} to make sure the TLD is anywhere from 2 to 6 characters long.

Let me know if you need me to explain any of the rest of it...

Actually, I do understand... Except... What is a TLD? lol

TLD stands for 'Top Level Domain' and is the domain ending, ie. .com, .net, etc...

PHP:--------------------------------------------------------------------------------
if (preg_match("/^w+@w+.[a-z]{2,}(.[a-z]{2,})?$/i", $_POST['clientEmail'])) {
echo "Address is valid";
}
else {
echo "Address is invalid";
}

--------------------------------------------------------------------------------Unfortunately that regex will reject some valid addresses. Here's a regex derived from RFC822: Standard for ARPA Internet Text Messages. Obviously more complex, but nothing short of perfect. :)/^[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+$/This regex was tested in Perl, so some characters preceeded with a backslash (such as @) may not need be in PHP.

*Eyes enlarge to 3 feet* Whoa! OK, I'll give that one a shot. Jeff, what was the URL/site that you got the from? I really need to have a look at what else they have to say. lol ;)

http://www.w3.org/Protocols/rfc822/rfc822.txt

Wow, very interesting, indeed. lol Thanks, Jeff. :)

Problem, guys.... I tried it and it give me an error: "Unexpected '[' line 35" Of course, line 35 in the document is plain HTML, and line 35 starting with the first line of PHP code is almost the last line of PHP and has nothing to do with the error for sure. Here's what I tried:


if(preg_match("/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff](?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff])*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff](?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff])*/", $_POST['clientEmail']))
{$correct+=1;}
else{$msg.="<li>Your <i>email</i> address.</li>";}


I took out the quotes and made them apostrophes, but that just cause error: "Unexpected '{' line 35" instead! (I used preg_match(' ') instead of preg_match(" ").)

Often times the line number means you forgot something one line before ( like a closing } ). Check line 34 for errors.

Jona -

You need to use single quotes (') rather than double (") around the regexp, like this:

if (preg_match('/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+/i', $_POST['clientEmail']))

I tried that and it gave me the error that I had an extra { in there. I'll try again (for your sake, lol), but if you have any other suggestions, I'd be glad to hear 'em! ;)

Thanks, man.

Here was my test page that was working:

http://www.infinitypages.com/temp/regexp.php
<?PHP

if ($submit) {
if (preg_match('/[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)*\@[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+(?:\.[^\x00-\x20()<>@,;:\\".[\]\x7f-\xff]+)+/i', $_POST['email'])) {

echo ("valid");
}
else {
echo ("invalid");
}
}

?>

<html>
<head>
<title>Validate Email</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<form name="myform" method="post" action="regexp.php">

<input type="text" name="email"/>
<input type="submit" name="submit" value="Submit"/>

</form>

</body>
</html>

Hmmmm.... OK, I'll try it. I can probably figure it out after that. ;)

BTW, it doesn't validate it all the way. I entered test@lo and it said, "valid."

BTW, it doesn't validate it all the way. I entered test@lo and it said, "valid."According to the syntax rules in RFC822, it is indeed a valid address. But if you wish it to not be, simply change the final * in the pattern to +

All right, Jeff. I'm gonna try that one now! lol ;)

Also, has anyone else noticed that the PHP syntax highlighting on this forum seems to parse backslashes? \x and \w is chaged to x and w, \\ is chaged to \. Is this a bug in the forums?

Yes, I've noticed that as well. Must be a bug with the forums. Very annoying...

Oh, Jeff, you're right. So can you post the *real* regexp without using PHP syntax highlighting? So that I'm sure I got it right? (That's probably what messed it up last time I tried.)

I edited my above post to remove the php syntax highlighting. Try that one...

I got it! Thanks, Jeff and Pyro! Difficult to understand but I'm learning this odd stuff now.... lol

Super, guys.... TTYL

I edited my post above when I first posted the pattern. I also noticed a typo while doing it. Seeing it now I'm actually a little amazed it matched anything. :o

Hi,

I am using the same code as above, but for me it is not working. If is just saying that everything isn't valid when it should be?

Any ideas why


if (substr($key, 0, 2) == 'E_') {
if (preg_match('/[^x00-x20()<>@,;:\".[]x7f-xff]+(?:.[^x00-x20()<>@,;:\".[]x7f-xff]+)*@[^x00-x20()<>@,;:\".[]x7f-xff]+(?:.[^x00-x20()<>@,;:\".[]x7f-xff]+)+/i', $_POST['E_EmailAddress'])) {
$error_msg .= "<li>The Email address \"$val\" is not valid.</li><br>\n";
$errors = true;
}
}


Thanks
Adam

I just tried to look at yout js validation code on the form but couldn't see any !

i looked at: http://sonoracabinets.com/contact.php

Originally posted by DaveinLondon
I just tried to look at yout js validation code on the form but couldn't see any !

i looked at: http://sonoracabinets.com/contact.php

I redesigned the site since then. This post was made a very long time ago.

Originally posted by Jona
I redesigned the site since then. This post was made a very long time ago.

It is still just as helpful today as it was 2 years ago ;)

It has helped me big time! Still don't grasp regex though :confused:


::Edit:: Oh man that script is GREAT!!! You are a lifesaver I have been reading up alot on this whole regex thing and it just wasn't working right but this oh yes man!!!:D :D :D

Now onward and forward to validating a phone number :p