PHP - form processor upgrade - PHPBuilder Forums

PHP - form processor upgrade

lokust

This is the basic structure of the form processing script I have been using for some time now.

I am not happy with the data sanitizing and I'm sure some of these duplicate statements such as $headers can be thrown into an array.

Is there a way to combine parsing for empty fields and ensuring that the data is devoid of harmful character combinations?

Thanks for any pointers on how to update this script.

<?php

$variable1 = $_POST['variable1'];
$variable2 = $_POST['variable2'];


// check for missing required fields and sanitize //

// blank
if($_POST["variable1"] == "") {echo "Please enter a value...<br><a href='javascript:history.back()'><< go back</a>"; exit;
}
// sanitize //
if (!ereg ("[a-zA-Z0-9_\.-]", $variable1)) {echo "In the field \"Variable1\" please enter only alphanumeric characters...<a href='javascript:history.back()'><< go back</a>"; exit;
}

// blank
if($_POST["variable2"] == "") {echo "Please enter a value...<br><a href='javascript:history.back()'><< go back</a>"; exit;
}


// prepare email //

$myname .= "AAA"; 
$myemail .= "aaa@domain.com";
$messageclient .= "For your reference,\r\n\r\n";

$message .= "Variable 1 : $variable1";
$message .= "Variable 2 : $variable2";

$messageclient2 .= "Kind Regards,\r\n\r\n";
$messageclient2 .= "AAA\r\n";
$messageclient2 .= "http://www.domain.com\r\n";

$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "From: ".$myname." <".$myemail.">\r\n";
$headers .= "X-Priority: 1\r\n";
$headers .= "X-MSMail-Priority: High\r\n";
$headers .= "X-Mailer: sendmail";

mail(
"$myemail", 
"Subject - AAA", 
"$message", 
"$headers");

mail(
"$clientemail", 
"Subject - AAA", 
"$message", 
"$headers");

header( "Location: http://www.domain.com/thankyou.php");

?>

lokust

eeek!

halojoy

<?php

// trim will remove spaces from beginning and end
// and if someone submitted "    " it will become = ""
// "  hello  " will become "hello"
$variable1 = trim( $_POST['variable1'] );
$variable2 = trim( $_POST['variable2'] );

// here you do not use $_POST["variable"], but the trimmed $variable1/$variable2
// you can test both var1 var2 in one statement
// if var1 OR var2 is empty string
if ( $variable1 == "" || $variable2 == "" ) {
     echo "Please enter a value...<br>
             <a href='javascript:history.back()'><< go back</a>";
     exit;
}

// sanitize //
if ( !ereg( "[a-zA-Z0-9_\.-]", $variable1 ) ) {
    echo "In the field \"Variable1\" please enter only alphanumeric characters...<br>
             <a href='javascript:history.back()'><< go back</a>";
    exit;
}

// prepare email //
// first time you do use: ( $var = "AAA" ),  without the punct  .  ( $var .= "AAA" )
$myname = "AAA"; 
$myemail = "aaa@domain.com";
$messageclient = "For your reference,\r\n\r\n";

// removed . in front of =
$message = "Variable 1 : $variable1";
$message .= "Variable 2 : $variable2";

// removed . in front of =
$messageclient2 = "Kind Regards,\r\n\r\n";
$messageclient2 .= "AAA\r\n";
$messageclient2 .= "http://www.domain.com\r\n";

// removed . in front of =
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "From: ".$myname." <".$myemail.">\r\n";
$headers .= "X-Priority: 1\r\n";
$headers .= "X-MSMail-Priority: High\r\n";
$headers .= "X-Mailer: sendmail";

mail(
"$myemail", 
"Subject - AAA", 
"$message", 
"$headers");

mail(
"$clientemail", 
"Subject - AAA", 
"$message", 
"$headers");

header( "Location: http://www.domain.com/thankyou.php");

?>

Most cases your 2 test are good enough
There are other tests we can put in, besides
- not empty string
- only alpha numeric A-Z0-9 chars
I think the other members here can help us answer this

I am confused, you use 3 different $message variables, but send only $message
$message
$messageclient
$messageclient2

/halojoy