Forms stopped passing variables

rosegarden

I have several websites with email forms that were written years ago and they have all suddenly stopped working. They do not seem to pass any variables. I believe the server upgraded their PHP.

Can anyone point me in the right direction to find out what I need to change (and apparently learn)? From what I have tried to investigate on this forum. I think it has something to do with the way I need to use POST and GET with the server upgrade.

Listed below is the code that I use on a basic contact form.

<? include "header.inc"; ?>


<center>
<table cellpadding="15" width=475 cellspacing=0 bgcolor="#c0c0c0" style="BORDER-RIGHT: #666666 1px solid; BORDER-TOP: #666666 1px solid; BORDER-LEFT: #666666 1px solid; BORDER-BOTTOM: #666666 1px solid"><tr><td align="center">

<?

$form_block = "


<p align=justify>Please fill in this information below.  We will contact you shortly.

<p align=justify>Privacy Note: Your information will not be shared or sold.

<p align=justify><font color=red>*</font> Required Fields
<FORM method=\"POST\" action=\"$PHP_SELF\">

<P>Your Name:<font color=red>*</font><br>
<INPUT type=\"text\" name=\"sender_name\" 
	value=\"$sender_name\" size=30></p>

<P>Your E-Mail Address:<font color=red>*</font><br>
<INPUT type=\"text\" name=\"sender_email\"  

	value=\"$sender_email\" size=30></p>

<P>Your Phone Number:<br>
<INPUT type=\"text\" name=\"sender_phone\"  

	value=\"$sender_phone\" size=30></p>

<P>Your Message:<font color=red>*</font><br>
<textarea name=\"message\" cols=30 
	rows=5>$message</textarea>
</p>

<INPUT type=\"hidden\" name=\"op\" value=\"ds\">


<P><INPUT type=\"submit\" value=\"Send This Form\"></p>

</FORM>

";

if ($op != "ds") {

// they need to see the form

echo "$form_block";

} else if ($op == "ds") {

$send = "yes";

// check each required field and create an error message.
// if any of the required fields are blank, set $send to "no".

if ($sender_name == "") {

$name_err = "
<font color=red>Please enter your name!</font><br>
";
	$send = "no";

} 

if ($sender_email == "") {

$email_err = "
<font color=red>Please enter your e-mail address!</font><br>
";
$send = "no";	

} 

if ($message == "") {

$message_err = "
<font color=red>Please enter a message!</font><br>
";
$send = "no";

} 



// now do something depending value of $send 

if ($send == "yes") {

$message .= "\n\n$sender_phone";

$headers = "From: \"$sender_name\" <$sender_email>\n";
mail("you@yourmail.com", "Website Contact", $message, $headers);
echo "<P align=center>Your mail has been sent!<br>We will contact you as soon as possible.</p>";

} else if ($send == "no") {

echo "$name_err";
echo "$email_err";
echo "$message_err";
echo "$form_block";	

}


}

?>
</td></tr></table>
</center>



<? include "footer.inc"; ?>

big_nerd

rosegarden,

I can not see the header.inc file - however unless that file has $GET[] and $POST[] variables in it, you are correct.

If the information is being posted, use $variable = $POST['form_varname']; and likewise, if you are using the GET method, you can use $variable = $POST['frorm_varname'];

You can both use it inline:

<INPUT type=\"text\" name=\"sender_phone\"  

    value=\"{$_POST['sender_phone']}\" size=30></p>

Which I would not recommend doing so with any SQL query as it leaves you completely open to SQL Injection attacks.

You can declair all of the used variables in the head of your document with the $variable = $_POST['form_variable']; and the remainder of your code should then work.

Good luck!

Weedpacket

As for a "pointer in the right direction" see the answer to question one in the Newbies' Forum FAQ. Further pointers and links to the relevant part of the manual can be found there.

grallis

<FORM method=\"POST\" action=\"$PHP_SELF\">

Your server may or may not have upgraded it's PHP version - there's no way to know unless you do a phpinfo();, however, I believe part of the problem may be that your host provider has finally(and fortunately) turned off register globals.

Eg: $PHP_SELF will work with register globals on(which is a security issue), but you should always call it properly using the $SERVER superglobal array like so: $SERVER[PHP_SELF]

If register globals being turned off is the case, you will in deed have to go through your header.inc and make sure it's using all the proper superglobals for example: $_POST['name'] instead of just $name

Hope this helps ...