E-mail Form Problem

xeonman9000

Hi, I have adapted a basic e-mail form I downloaded from the web and am trying to make the validation a bit better by outlining which input(s) were incorrect and leaving the rest of the inputted data in the form. Here is the if statement I am using;

IF (($email == "") && ($message == "")) {
header("Location: nothing.php");
exit;
}

IF ($message == "") {
header("Location: nomessage.php");
exit;
}

IF ($email == "") {
header("Location: noaddress.php");
exit;
}

this works with outlining the incorrect input, but when I add something like VALUE="<? echo "$name"; ?>" to the name input HTML tag it doesn't display anything in that text box. The "no___.php" pages are exactly the same as the initial HTML form page but with their respective error message and bit of PHP to fill in the properly entered information.
The form is located at http://catharsis.cjb.cc/falham/contact/index.html

Thanks for any help you can give.

bretticus

You are basically forwarding the browser to another page with NO information about POST variables.

IMHO, the best way to do form validation is to submit the form to itsself, do validations, if you don't find errors, send the email, then redirect to a confirmation page. If you do find errors, you can use the POST data to repopulate the users previous inputs. You can also even put the error message right next to the input, etc.

Oh, and one more thing, it is more secure to use super globals instead of making use of "register_globals on." In other words, $email becomes $_POST['email'] and so on.

xeonman9000

Thanks for the reply, I made $_POST['email'] be just $email at the top of my mail script as it is easier to write out.
I thought about putting the error pages HTML inside the IF statement like this?

IF ($message == "") {
echo"<HTML>
blah blah
</HTML>";
exit;
}

but I though it might slow the process down, or does PHP skip the HTML if the condition is false?

xeonman9000

I got it working that way (after backslashing all the double quotes) but the file is now 7kb instead of 2.

bretticus

There is no need to produce an HTML document for every error case. Here is a very quick example of what I was referring to below:

$errors = array();
if (empty($_POST['txtEmail'])) {
	$errors['txtEmail'] = "Email is empty.";
}
if (!count($errors)){
	// send email
	// mail(//...);
	// redirect
	header('Location: confirm.html');
}
echo "<html>\n";
echo "<head>\n";
echo "<title>Email Form</title>\n";
echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n";
echo "</head>\n";
echo "<body bgcolor=\"#FFFFFF\">\n";
echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n";
echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n";
echo "<tr> \n";
echo "<td align=\"right\">Email:</td>\n";
echo "<td> \n";
echo "<input type=\"text\" name=\"txtEmail\" value=\"" . $_POST['txtEmail'] . "\">\n";
echo $errors['txtEmail'];
echo "</td>\n";
echo "</tr>\n";
echo "<tr align=\"center\"> \n";
echo "<td colspan=\"2\">\n";
echo "<input type=\"submit\" name=\"Submit\" value=\"Submit\">\n";
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "</form>\n";
echo "</body>\n";
echo "</html>\n";

You don't really even need to have PHP echo/print out the HTML content either.