IF Statements

aftabn10

I have created a form where a customer can fill their details, and the following is the code i have used to process this form. Currently i have got code that makes sure that all fields are filled in, but i was hoping to change this.

If a customer fills in the date field for time lived at original address and if this is over 3 years then the fields for previous address and 2nd previous do not need to be filled in. Is this possible?

if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") {
    exit("<p>You did not press the submit button; this page should not be accessed directly.</p>");
} else {
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
    $profanity = "/(beastial|bestial)/i";
    $spamwords = "/(spam|spam|spam|eggandspam)/i";
    $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
    exit("<p>Known spam bots are not allowed.</p>");
}
foreach ($_POST as $key => $value) {
    $value = trim($value);

    if (empty($value)) {
        exit("<p>Empty fields are not allowed. Please go back and fill in the form properly.</p>");
    } elseif (preg_match($exploits, $value)) {
        exit("<p>Exploits/malicious scripting attributes aren't allowed.</p>");
    } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
        exit("<p>That kind of language is not allowed through our form.</p>");
    }

    $_POST[$key] = stripslashes(strip_tags($value));
}

if (!ereg("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,6})$",strtolower($_POST['email']))) {
    exit("<p>That e-mail address is not valid, please use another.</p>");
}

$recipient = "myemail@domain.com";

$subject = "You have a new order";

    $message = "Order Form: \n";
    $message .= "Title: {$_POST['title']} \n";
    $message .= "Forename: {$_POST['forename']} \n";
$message .= "Surname: {$_POST['surname']} \n";
$message .= "Home Address: {$_POST['haddress']} \n";
$message .= "Town: {$_POST['htown']} \n";
$message .= "Postcode: {$_POST['hpostcode']} \n";
$message .= "Time At Current Address: {$_POST['htime']} Years {$_POST['htime2']} \n";
$message .= "Billing Address: {$_POST['baddress']} \n";
$message .= "Town: {$_POST['btown']} \n";
$message .= "Billing Postcode: {$_POST['bpostcode']} \n";
$message .= "Occupation: {$_POST['jobtitle']} \n";
$message .= "Time With Present Employer: {$_POST['jobtime']} Years {$_POST['jobtime2']} \n";
$message .= "Marital Status: {$_POST['marital']} \n";
$message .= "Date of Birth: {$_POST['dob']}/{$_POST['dobm']}/{$_POST['doby']} \n";
$message .= "Telephone: {$_POST['telephone']} \n";
$message .= "Mobile: {$_POST['mobile']} \n"; 
$message .= "Previous Address: {$_POST['paddress']} \n";
$message .= "Town: {$_POST['ptown']} \n";
$message .= "Postcode: {$_POST['ppostcode']} \n";
$message .= "Time At Address: {$_POST['ptime']} Years {$_POST['ptimem']} \n";
$message .= "Second Previous Address: {$_POST['paddress2']} \n";
$message .= "Town: {$_POST['ptown2']} \n";
$message .= "Postcode: {$_POST['ppostcode2']} \n";
$message .= "Time At Address: {$_POST['ptime2']} Years {$_POST['ptimem2']} \n";
$message .= "Accomodation Type: {$_POST['accom']} \n";
$message .= "Occupation Type: {$_POST['occ']} \n"; 
$message .= "Proof of Address: {$_POST['proof']} \n";  
$message .= "Date of Birth: {$_POST['dproof']}/{$_POST['dproofm']}/{$_POST['dproofy']} \n";   
$message .= "E-mail: {$_POST['email']} \n";
$message .= "Country: {$_POST['country']} \n";
$headers = "From: Sacranie-Mobiles.co.uk <$recipient> \n";
$headers .= "Reply-To: <{$_POST['email']}>";

if (mail($recipient,$subject,$message,$headers)) {
    echo "<p>Thank you! Your order has now been placed. We will be in touch shortly.</p>";
} else {
    echo "<p>Sorry, there was an error and your mail was not sent. Please find an alternative method of contacting the webmaster.</p>";
}
}
?>

Installer

It's possible, but to spare the client entering the unneeded data depending on already-entered data you'll need to do it with client-side code, such as javascript.

To not fill in the email with the unneeded values, even if the client has entered them, put something like this before your foreach loop:

$long_enough = false;
if ($_POST['htime'] > 3) {
    $long_enough = true;
}

Inside the loop:

        if (empty($value) && (!$long_enough && ($key == 'paddress' || $key = 'ptown' || $key = 'ppostcode' || $key == 'ptime' 
                                             || $key == 'paddress2' || $key == 'ptown2' || $key == 'ppostcode2' || $key == 'ptime2'))) { 
            exit("<p>Empty fields are not allowed. Please go back and fill in the form properly.</p>");

Then, in your message constuction:

if (!$long_enough) {
    $message .= "Previous Address: {$_POST['paddress']} \n"; 
    $message .= "Town: {$_POST['ptown']} \n"; 
    $message .= "Postcode: {$_POST['ppostcode']} \n"; 
    $message .= "Time At Address: {$_POST['ptime']} Years {$_POST['ptimem']} \n"; 
    $message .= "Second Previous Address: {$_POST['paddress2']} \n"; 
    $message .= "Town: {$_POST['ptown2']} \n"; 
    $message .= "Postcode: {$_POST['ppostcode2']} \n"; 
    $message .= "Time At Address: {$_POST['ptime2']} Years {$_POST['ptimem2']} \n"; 
}

But the code could be simplified if you divided the form input into separate arrays or into subarrays.

aftabn10

Thank you installer. I dont mean to trouble.

could you just create me a simple script as an example with the html form and the process file then i will try and incorporate within the required fields. For example;

Fields
Name
Address
Time (years and months)
Previous Address
Time (years and months)

will that be possible?

Installer

This is far from ideal, but maybe it will help:

form.php

echo '<form action="process.php" method="post">'
   . 'Name <input type="text" name="name" /><br />'
   . 'Address <input type="text" name="haddress" />'
   . ' Time Years: <input type="text" name="htime" />'
   . ' Months: <input type="text" name="htime2" /> If three years or more stop here.<br />'
   . 'Previous Address <input type="text" name="paddress" />'
   . ' Time Years: <input type="text" name="ptime" />'
   . ' Months: <input type="text" name="ptime2" /><br />'
   . '<input type="submit" name="submit" />'
   . '</form>';

process.php

if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") { 
    exit("<p>You did not press the submit button; this page should not be accessed directly.</p>"); 
} else { 
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i"; 
    $profanity = "/(beastial|bestial)/i"; 
    $spamwords = "/(spam|spam|spam|eggandspam)/i"; 
    $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i"; 

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) { 
    exit("<p>Known spam bots are not allowed.</p>"); 
} 

$long_enough = false; 
if ($_POST['htime'] >= 3) { 
    $long_enough = true; 
} 

foreach ($_POST as $key => $value) { 
    $value = trim($value); 

    if (empty($value) && (!$long_enough && ($key == 'paddress' || $key == 'ptime'  || $key == 'ptime2'))) {
        exit("<p>Empty fields are not allowed. Please go back and fill in the form properly.</p>"); 

    } elseif (preg_match($exploits, $value)) { 
        exit("<p>Exploits/malicious scripting attributes aren't allowed.</p>"); 
    } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) { 
        exit("<p>That kind of language is not allowed through our form.</p>"); 
    } 

    $_POST[$key] = stripslashes(strip_tags($value)); 
} 

$subject = "You have a new order"; 

$message = "Order Form: \n"; 
$message .= "Name: {$_POST['name']} \n"; 
$message .= "Home Address: {$_POST['haddress']} \n"; 
$message .= "Time At Current Address: {$_POST['htime']} Years {$_POST['htime2']} \n"; 

if (!$long_enough) { 
    $message .= "Previous Address: {$_POST['paddress']} \n"; 
    $message .= "Time At Address: {$_POST['ptime']} Years {$_POST['ptime2']} \n"; 
}

echo $message;
}

aftabn10

Thank you installer, really appreciate it. Dont mean to ask too much but the data received could this be saved into a mysql database?

Installer

Yes. 🙂

aftabn10

is it quite straightforward? could you show me an example?

Installer

Something like this should do it:

foreach ($_POST as $key => $val) {
    if (empty($val)) {
        $_POST[$key] = 'DEFAULT';
    }
    $_POST[$key] = mysql_real_escape_string($_POST[$key]);

}
$post_vars = extract($_POST, EXTR_PREFIX_ALL, 'e');
$query = "INSERT INTO my_table (name, haddress, htime, htime2, paddress, ptime, ptime2) "
       . "VALUES ($e_name, $e_haddress, $e_htime, $e_htime2, $e_paddress, $e_ptime, $e_ptime2";

Assuming you have the db table set up, have an open connection to the db, and execute the query.

aftabn10

Thanks for that installer, really appreciate it !!!

🙂

aftabn10

sorry Installer, just one more query within the email that is sent could a <br> be added to space it out abit. If so where would i add this?

aftabn10

installer,

i have tried to combine everything and it keeps coming up with a 'empty fields error message which i have in my code'. so i tried to just run (mysql insert code). the mail gets sent but nothing is added in the database. please could you show me how i could combine it all together;

This is the code i used (excluding code for previous address as i want to try this on its own as kept getting errors when i combined everything)

<?php
require_once ('mysql_connect.php'); // Connect to the database.
if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") {
    exit("<p>You did not press the submit button; this page should not be accessed directly.</p>");
} else {
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
    $profanity = "/(beastial|bestial|blowjob|clit|cock|cum|cunilingus|cunillingus|cunnilingus|cunt|ejaculate|fag|felatio|fellatio|fuck|fuk|fuks|gangbang|gangbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus|orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i";
    $spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i";
    $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
    exit("<p>Known spam bots are not allowed.</p>");
}
foreach ($_POST as $key => $val) {
if (empty($val)) {
    $_POST[$key] = 'DEFAULT';
}
$_POST[$key] = mysql_real_escape_string($_POST[$key]);

}
$post_vars = extract($_POST, EXTR_PREFIX_ALL, 'e');
$query = "INSERT INTO orders (title, forename, surname, haddress, htown, hpostcode, htime, htime2, baddress, btown, bpostcode, jobtitle, jobtime, jobtime2, marital, dob, dobm, doby, telephone, mobile,  paddress, ptown, ppostcode, ptime, ptimem, paddress2, ptown2, ppostcode2, ptimey2, ptimem2, accom, occ, proof, dproof, dproofm, dproofy, email, country ) "
       . "VALUES ($e_title, $e_forename, $e_surname, $e_haddress, $e_htown, $e_hpostcode, $e_htime, $e_htime2, $e_baddress, $e_btown, $e_bpostcode, $e_jobtitle, $e_jobtime, $e_jobtime2, $e_marital, $e_dob, $e_dobm, $e_doby, $e_telephone, $e_mobile, $e_paddress, $e_ptown, $e_ppostcode, $e_ptime, $e_ptimem, $e_paddress2, $e_ptown2, $e_ppostcode2, $e_ptimey2, $e_ptimem2, $e_accom, $e_occ, $e_proof, $e_dproof, $e_dproofm, $e_dproofy, $e_email, $e_country";
	   }

foreach ($_POST as $key => $value) {
    $value = trim($value);

    if (empty($value)) {
        exit("<p>Empty fields are not allowed. Please go back and fill in the form properly.</p>");
    } elseif (preg_match($exploits, $value)) {
        exit("<p>Exploits/malicious scripting attributes aren't allowed.</p>");
    } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
        exit("<p>That kind of language is not allowed through our form.</p>");
    }

    $_POST[$key] = stripslashes(strip_tags($value));
}

if (!ereg("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,6})$",strtolower($_POST['email']))) {
    exit("<p>That e-mail address is not valid, please use another.</p>");
}

$recipient = "aftab@mediadezines.co.uk";

$subject = "You have a new order";

$message = "Order Form: \n";
$message .= "Title: {$_POST['title']} \n";
$message .= "Forename: {$_POST['forename']} \n";
$message .= "Surname: {$_POST['surname']} \n";
$message .= "Home Address: {$_POST['haddress']} \n";
$message .= "Town: {$_POST['htown']} \n";
$message .= "Postcode: {$_POST['hpostcode']} \n";
$message .= "Time At Current Address: {$_POST['htime']} Years {$_POST['htime2']} \n";
$message .= "Billing Address: {$_POST['baddress']} \n";
$message .= "Town: {$_POST['btown']} \n";
$message .= "Billing Postcode: {$_POST['bpostcode']} \n";
$message .= "Occupation: {$_POST['jobtitle']} \n";
$message .= "Time With Present Employer: {$_POST['jobtime']} Years {$_POST['jobtime2']} \n";
$message .= "Marital Status: {$_POST['marital']} \n";
$message .= "Date of Birth: {$_POST['dob']}/{$_POST['dobm']}/{$_POST['doby']} \n";
$message .= "Telephone: {$_POST['telephone']} \n";
$message .= "Mobile: {$_POST['mobile']} \n"; 
$message .= "Previous Address: {$_POST['paddress']} \n";
$message .= "Town: {$_POST['ptown']} \n";
$message .= "Postcode: {$_POST['ppostcode']} \n";
$message .= "Time At Address: {$_POST['ptime']} Years {$_POST['ptimem']} \n";
$message .= "Second Previous Address: {$_POST['paddress2']} \n";
$message .= "Town: {$_POST['ptown2']} \n";
$message .= "Postcode: {$_POST['ppostcode2']} \n";
$message .= "Time At Address: {$_POST['ptimey2']} Years {$_POST['ptimem2']} \n";
$message .= "Accomodation Type: {$_POST['accom']} \n";
$message .= "Occupation Type: {$_POST['occ']} \n"; 
$message .= "Proof of Address: {$_POST['proof']} \n";  
$message .= "Date of Birth: {$_POST['dproof']}/{$_POST['dproofm']}/{$_POST['dproofy']} \n";   
$message .= "E-mail: {$_POST['email']} \n";
$message .= "Country: {$_POST['country']} \n";
$headers = "From: Sacranie-Mobiles.co.uk <$recipient> \n";
$headers .= "Reply-To: <{$_POST['email']}>";

if (mail($recipient,$subject,$message,$headers)) {
    echo "<p>Thank you! Your order has now been placed. We will be in touch shortly.<br><br>Abu Sacranie</p>";
} else {
    echo "<p>Sorry, there was an error and your mail was not sent. Please find an alternative method of contacting the webmaster.</p>";
}
?>http://www.tutorialtastic.co.uk/page/php_mail_form_secure_and_protected

aftabn10

The following is the code;

<?php
if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") { 
    exit("<p>You did not press the submit button; this page should not be accessed directly.</p>"); 
} else { 
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i"; 
    $profanity = "/(beastial|bestial)/i"; 
    $spamwords = "/(spam|spam|spam|eggandspam)/i"; 
    $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i"; 

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) { 
    exit("<p>Known spam bots are not allowed.</p>"); 
} 

$long_enough = false; 
if ($_POST['htime'] >= 3) { 
    $long_enough = true; 
} 

foreach ($_POST as $key => $value) { 
    $value = trim($value); 

    if (empty($value) && (!$long_enough && ($key == 'paddress' || $key == 'ptime'  || $key == 'ptime2'))) { 
        exit("<p>Empty fields are not allowed. Please go back and fill in the form properly.</p>"); 

    } elseif (preg_match($exploits, $value)) { 
        exit("<p>Exploits/malicious scripting attributes aren't allowed.</p>"); 
    } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) { 
        exit("<p>That kind of language is not allowed through our form.</p>"); 
    } 

    $_POST[$key] = stripslashes(strip_tags($value)); 
} 

$recipient = "user@domain.co.uk";

$subject = "You have a new order"; 

$message = "Order Form: \n"; 
$message .= "Title: {$_POST['title']} \n";
$message .= "Forename: {$_POST['forename']} \n"; 
$message .= "Surname: {$_POST['surname']} \n"; 
$message .= "Home Address: {$_POST['haddress']} \n"; 
$message .= "Time At Current Address: {$_POST['htime']} Years {$_POST['htime2']} \n";
$message .= "Billing Address: {$_POST['baddress']} \n";
$message .= "Town: {$_POST['btown']} \n";
$message .= "Billing Postcode: {$_POST['bpostcode']} \n";
$message .= "Occupation: {$_POST['jobtitle']} \n";
$message .= "Time With Present Employer: {$_POST['jobtime']} Years {$_POST['jobtime2']} \n";
$message .= "Marital Status: {$_POST['marital']} \n";
$message .= "Date of Birth: {$_POST['dob']}/{$_POST['dobm']}/{$_POST['doby']} \n";
$message .= "Telephone: {$_POST['telephone']} \n";
$message .= "Mobile: {$_POST['mobile']} \n"; 
$message .= "Second Previous Address: {$_POST['paddress2']} \n";
$message .= "Town: {$_POST['ptown2']} \n";
$message .= "Postcode: {$_POST['ppostcode2']} \n";
$message .= "Time At Address: {$_POST['ptime2']} Years {$_POST['ptimem2']} \n";
$message .= "Accomodation Type: {$_POST['accom']} \n";
$message .= "Occupation Type: {$_POST['occ']} \n"; 
$message .= "Proof of Address: {$_POST['proof']} \n";  
$message .= "Date of Birth: {$_POST['dproof']}/{$_POST['dproofm']}/{$_POST['dproofy']} \n";    
$message .= "E-mail: {$_POST['email']} \n";
$message .= "Country: {$_POST['country']} \n";  

if (!$long_enough) { 
    $message .= "First Previous Address: {$_POST['paddress']} \n"; 
   	$message .= "Town: {$_POST['ptown']} \n";
$message .= "Postcode: {$_POST['ppostcode']} \n";
    $message .= "Time At Previous Address: {$_POST['ptime']} Years {$_POST['ptime2']} \n"; 
} 

echo $message; 
}   

    $headers = "From: <$recipient> \n";
    $headers .= "Reply-To: <{$_POST['email']}>";

if (mail($recipient,$subject,$message,$headers)) {
    echo "<p>Thank you! Your order has now been placed. We will be in touch shortly.<br><br>Abu Sacranie</p>";
} else {
    echo "<p>Sorry, there was an error and your mail was not sent. Please find an alternative method of contacting the webmaster.</p>";
}
?>

Thats all, hope that helps.

Again, i cant thank you enough.