Here is an email form I did for a family member's business. I'm pretty new to php and I'm curious as to what you guys would have done differently. Any feedback would be great. (I realize I'm not too picky with Regex, I just don't want anyone sending javascript or html code)
<?php
$to = "email@address.here";
$subject = "SUBJECT";
$theirname = $_POST['yourname'];
$company = $_POST['companyname'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$city = $_POST['city'];
$ice = $_POST['ice'];
$dov = $_POST['dov'];
$tod = $_POST['tod'];
$message = $_POST['message'];
#########
if(isset($_POST['submit']))
{//^^A
if(!eregi("^[A-Za-z ]+$", $theirname))
{
$a = '<font color="red">*</font>';
}
if(!eregi("^[A-Za-z 0-9\.\"\'\&\@\!\#\%]+$", $company))
{
$b = '<font color="red">*</font>';
}
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email))
{
$c = '<font color="red">*</font>';
}
if(!eregi("^[0-9 -\(\)\+]+$", $phone))
{
$d = '<font color="red">*</font>';
}
if(!eregi("^[A-Za-z0-9 -\,\.\(\)\/\\]+$", $address))
{
$e = '<font color="red">*</font>';
}
if(!eregi("^[A-Za-z ]+$", $city))
{
$f = '<font color="red">*</font>';
}
if(!eregi("^[0-9A-Za-z ]+$", $ice))
{
$g = '<font color="red">*</font>';
}
if(!eregi("^[A-Za-z0-9 -\_\(\)\\\/\,\.\"\'\:]+$", $dov))
{
$h = '<font color="red">*</font>';
}
if(!eregi("^[A-Za-z0-9 -\_\(\)\\\/\,\.\"\'\:]+$", $tod))
{
$i = '<font color="red">*</font>';
}
if(!eregi("^[A-Za-z0-9 -\)\n\r\t\v\/\*\&\^\%\#\@\!\;\:\'\"\?\.\,\+\=]+$", $message))
{
$j = '<font color="red">*</font>';
}
}//endA
#########
if (isset($_POST['submit']) and !isset($a) and !isset($b) and !isset($c) and !isset($d) and !isset($e) and !isset($f) and !isset($g) and !isset($h) and !isset($i) and !isset($j) )
{//^^X
$body =
"From: $theirname\n
Company: $company\n
E-Mail: $email\n
Phone Number: $phone\n
Address: $address\n
City: $city\n
How much ice: $ice pounds total.\n
Date of event: $dov\n
Time of Delivery: $tod
Their message: $message";
mail($to, $subject, $body,
"From: <email@address.com>\n");
echo '<body><center><p>Your order has been sent.</p><input type="button" value="Close this window" onclick="self.close()"><p><font color="#32626c">This window will close in 5 seconds.</font></p></center><script language="JavaScript">window.resizeTo(350,250)
var message="Function Disabled.";
function clickIE4(){
if (event.button==2){
alert(message);
return false;
}
}
function clickNS4(e){
if (document.layers||document.getElementById&&!document.all){
if (e.which==2||e.which==3){
alert(message);
return false;
}
}
}
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=clickNS4;
}
else if (document.all&&!document.getElementById){
document.onmousedown=clickIE4;
}
document.oncontextmenu=new Function("alert(message);return false")
function closeWindow() {
setTimeout(function() {
window.close();
}, 5000);
}
window.onload = closeWindow();
</script><body>';
} //endX
if(!isset($_POST['submit']) or isset($a) or isset($b) or isset($c) or isset($d) or isset($e) or isset($f) or isset($g) or isset($h) or isset($i) or isset($j))
{
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<title>Make an Order</title>
</head>
<body>
<form method="POST" action="order.php">
<font face="Verdana, Arial, Helvetica, sans-serif"><strong><font size="2">Thank you for choosing the XXXXX 400lbs. "Party Special" for your event. Please complete the form below and we will reply with a confimation of your order within 24 hours.</font></strong></font>
<table width="569" border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="198"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$a.'Your Name:</font></td>
<td width="356"><input name="yourname" type="text" value="'.$theirname.'" size="35"></td>
</tr>
<tr>
<td width="198"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$b.'Company Name:</font></td>
<td width="356"><input name="companyname" type="text" value="'.$company.'" size="35"></td>
</tr>
<tr>
<td width="198"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$c.'Email Address:</font></td>
<td width="356"><input name="email" type="text" value="'.$email.'" size="35"></td>
</tr>
<tr>
<td width="198"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$d.'Phone Number:</font></td>
<td width="356"><input name="phone" type="text" value="'.$phone.'" size="35"></td>
</tr>
<tr>
<td width="198"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$e.'Delivery Address:</font></td>
<td width="356"><input name="address" type="text" value="'.$address.'" size="35"></td>
</tr>
<tr>
<td width="198"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$f.'City:</font></td>
<td width="356"><input name="city" type="text" id="city" value="'.$city.'" size="35" /></td>
</tr>
<tr>
<td width="198"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$h.'Date of Event:</font></td>
<td width="356"><input name="dov" type="text" value="'.$dov.'" size="35"></td>
</tr>
<tr>
<td width="198"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$i.'Time of Delivery:</font></td>
<td width="356"><input name="tod" type="text" value="'.$tod.'" size="35"></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">'.$g.'Need more than 400 lbs. of ice? </font><font size="2" face="Verdana, Arial, Helvetica, sans-serif">How much total?</font></td>
<td><input name="ice" type="text" value="'.$ice.'" size="35" />
lbs.</td>
</tr>
</table>
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong> '.$j.'Comment:<br />
</strong></font><font color="black">
<textarea rows="9" name="message" cols="60">'.$message.'</textarea>
</font><br />
<br />
<input type="submit" value="Submit Your Order" name="submit" />
</p>
</form>
</body>
</html>';
}
?>
