Okay. I think I've fixed this, to the extent that this code has any point at present. I haven't introduced the "recommended practice" code yet, but that could take some time... (The E-mail code fragments and the references to header and body are remnants of when this was meant to send an e-mail, before I discovered that my free site host has disabled php e-mail functions for free accounts. If anyone sees this in the future, remember that there are some things being added here that aren't necessary just to read a few fields. The code to evaluate the user's e-mail address is not very careful about what it accepts, as it is primarily intended to keep the user from making a mistake in addition to helping to prevent some of the malicious code I've seen involving <>= from being accepted.) Thanks to those who responded to my inquiries!
<?php
$to = $_REQUEST['Email'] ;
$from = $_REQUEST['Email'] ;
$name = $_REQUEST['Name'] ;
$headers = "From: $from";
$subject = "Web Contact Data";
$fields = array();
$fields{"Name"} = "Name";
$fields{"Email"} = "Email";
$body = "We have received the following information:\n\n"; foreach($fields as $a => $b){ $body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]); }
$headers2 = "From: noreply@YourCompany.com";
$subject2 = "Thank you for contacting us";
$autoreply = "Thank you for contacting us. Somebody will get back to you as soon as possible, usualy within 48 hours. If you have any more questions, please consult our website at www.oursite.com";
//Functions used to evaluate whether data entered by user conforms to an acceptabled selection of characters
//check_field1 evaluates whether input data is a string containing alphabetical characters or a hyphen
//in case of a hypenated last name or a space ($/)
function check_field1($field_name_1)
{
if(!preg_match("/[^a-zA-Z-\Ä\ä\Ö\ö\Ü\ü\ ]+$/s",$field_name_1))
return TRUE;
else
return FALSE;
}
//check_field2 is used to check e-mail addresses
//allows numbers 0 to 9 and alphabetical characters as well as umlauted a,o,u and the '@' symbol
function check_field2($field_name_1)
{
if(!preg_match("/[^0-9a-zA-Z\.\-\Ä\ä\Ö\ö\Ü\ü\@\ ]/",$field_name_1))
return TRUE;
else
return FALSE;
}
//check_field3 is used to check zip codes and allows no spaces, just numbers or a hyphen for zip + 4
function check_field3($field_name_2)
{
if(!preg_match("/[^0-9-\ ]",$field_name_2))
return TRUE;
else
return FALSE;
}
//First do basic checking to see if anything was entered by the user in the two fields of
//this test routine (name and e-mail address in this instance)
if($name == '') {print "You have not entered a name, please go back and try again<br>";}
if($to == '') {print "You have not entered an Email address, please go back and try again<br>";}
//if name and e-mail address have something in them, then go on to do more checking
//otherwise send an error message to a new form indicating which field wasn't filled out.
//this has the disadvantage of sending the user to a blank screen with some text on it, and
//of requiring that the user use the browser's back button, but improving this script is
//an incremental process.
else {
//If the user filled something into both fields, check to see if the contents are reasonable in a general sense
//using the check_field# functions above.
//These functions were taken from a tutorial on checking fields located at:
// http://www.htmlcenter.com/tutorials/tutorials.cfm/149/PHP/
/* Validation */
$error=0; // initialize check up variable to false
/* get it checking */
if(!check_field1($name))
{
print "Illegal input $name in 'name'. Please go back and correct this problem.<br>";
$error++; // $error=$error+1;
}
if(!check_field2($to))
{
print "Illegal input $to in 'E-mail'. Please go back and correct this problem.<br>";
$error++;
}
if($error == 0)
{
print
"
The data you entred was correct, thank you!<p>
Your data:<br>
Your name: $name<br>
Your E-mail: $to<br>
";
}else{
print "Number of errors: $error";
}
}
?>
