PHP + mySQL Contact Form

curvdaryn

Hey guys,

First time poster here. I didn't know if this belongs under General or the dreaded "noob" category so feel free to move it moderators....

I have a PHP contact form with 3 fields that I want to have imported into mySQL into a database. I have everything setup but I think my code is a little off, I know its not a mySQL issue since it seems to connect alright.

If someone could please help me I would greatly appreciate it. If I was more experienced with PHP the problem would probably scream out at me....

The HTML and the PHP are attached in a zip.

Thanks in Advance,
Daryn

[ATTACH]3774[/ATTACH]

curvdaryn

by the way... here is the code, minus the mySQL connection snippet at the top:

<?php
if(isset($_POST['submit'])) {

$to = "example@example.com";
$subject = "Promotional Download";
$name_field = $POST['name'];
$email_field = $POST['email'];
$date_book_was_bought = $POST['date_book_was_bought'];
$headers = "FROM: $email_field";
$ip = gethostbyname($SERVER['REMOTE_ADDR']);
mysql_select_db($database, $connection);

$insert_query = sprintf("INSERT INTO contacts (name, email, date_book_was_bought, date, ip) VALUES (%s, %s, %s, %s, NOW(), %s)",
						sanitize($name, "text"),
						sanitize($email, "text"),
						sanitize($date_book_was_bought, "text"),
						sanitize($ip, "text"));

$result = mysql_query($insert_query, $connection) or die(mysql_error());

if($result)
{


	//headers and subject
	$headers  = "MIME-Version: 1.0rn";
	$headers .= "Content-type: text/html; charset=iso-8859-1rn";
$body = "Name: $name_field\nE-Mail: $email_field \nDate Book was Purchased: $date_book_was_bought";

echo "Data has been submitted to $to!";
mail($to, $subject, $body, $headers);

} else {

echo "blarg!";

}
function sanitize($value, $type)
{
$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;

switch ($type) {
case "text":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
case "long":
case "int":
$value = ($value != "") ? intval($value) : "NULL";
break;
case "double":
$value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
break;
case "date":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
}

return $value;
}
?>

bretticus

At a glance your code looks fine (however incomplete but you mentioned you didn't post all the code.) The code you are showing is missing a closing bracket for the first if statement though.

if(isset($_POST['submit'])) {//...

Perhaps that closing bracket just didn't get copied for your post (however, it's strange that you'd have your sanitize function in side of an if statement.)

What, if any feedback are you getting from the script?

curvdaryn

hmmm....

My code must have been scrambled somewhere....

Basically I had a fully functional PHP mail process script that just emailed the 3 fields to an email account. I then tried to merge a separate PHP mySQL form with this one. This form basically was a different contact form that just posted to a mySQL server. It included the sanitize functions so the database wouldnt be "injected"

I didn't quite understand the code so I don't think I did a good job trying to get it to work.

That is pretty much why I came here..

bretticus

Ah, I see. Well, you really should be more specific about how it's not working though. 🙂 Like, what are you expecting from the script (although somewhat easy to surmise?) and what specifically ISN'T happening that you expected. Just some coding forum etiquette tips.

I can see right now that the variables you are passing to that sanitize function are not the same ones you are setting above it. For example, you set a variable called $name_field to the value of a form input called 'name.' However, you pass a non-existent (undefined) variable $name to sprintf to build your SQL query. Same goes for $email.

<?php

$to = "example@example.com";
$subject = "Promotional Download";
$name_field = $_POST['name'];
$email_field = $_POST['email'];
$date_book_was_bought = $_POST['date_book_was_bought'];
$headers = "FROM: $email_field";
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);


mysql_select_db($database, $connection);

$insert_query = sprintf("INSERT INTO contacts (name, email, date_book_was_bought, date, ip) VALUES (%s, %s, %s, %s, NOW(), %s)",
sanitize($name, "text"),
sanitize($email, "text"),
sanitize($date_book_was_bought, "text"),
sanitize($ip, "text"));
?>

curvdaryn

i apologize for not giving more information into the issue....

I updated the file to make sure the variables were all named properly. I even went and renamed the fields in the HTML and just kept it consistent with the names.

HEre is where I am at:

<?php
if(isset($_POST['submit'])) {

$to = "example@example.com";
$subject = "Promotional Download";
$name_field = $_POST['name_field'];
$email_field = $_POST['email_field'];
$date_book_was_bought = $_POST['date_book_was_bought'];
$headers = "FROM: $email_field";
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);


mysql_select_db($database, $connection);

$insert_query = sprintf("INSERT INTO contacts (name_field, email_field, date_book_was_bought, date, ip) VALUES (%s, %s, %s, %s, NOW(), %s)",
sanitize($name_field, "text"),
sanitize($email_field, "text"),
sanitize($date_book_was_bought, "text"),
sanitize($ip, "text"));

$result = mysql_query($insert_query, $connection) or die(mysql_error());

if($result)
{


//headers and subject
$headers = "MIME-Version: 1.0rn";
$headers .= "Content-type: text/html; charset=iso-8859-1rn";



$body = "Name: $name_field\nE-Mail: $email_field \nDate Book was Purchased: $date_book_was_bought";

echo "Data has been submitted to $to!";
mail($to, $subject, $body, $headers);

} else {

echo "blarg!";

}
function sanitize($value, $type)
{
$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;

switch ($type) {
case "text":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
case "long":
case "int":
$value = ($value != "") ? intval($value) : "NULL";
break;
case "double":
$value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
break;
case "date":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
}

return $value;
}
}
?>

and IM getting this when I execute:

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/profits/public_html/mailer/mailer3.php on line 13

Fatal error: Call to undefined function sanitize() in /home/profits/public_html/mailer/mailer3.php on line 16

djjjozsi

you have 5 field in the INSERT list, and 6 values inserted with sprintf ( 6x %s )..

and 4 real values as spritf value.

its bad.

As a matter a fact, using date in a SQL field name is invalid, becouse its a reserved name!

I'm not sure you'd connected to the mysql DB..

Take the functions declarations on your beginning of your program not in an else case!

djjjozsi

deleted