[RESOLVED] Contact Form Support (Its killing me haha)

SoapDodger

Hey Guys,

I have just signed up as I have embarked on a website which is simple yet complicated 😃 It will eventually have a back end database but for now lets talk contact forms...

There are a few issues I would like help with... Issue 1:

if (isset($_POST["checkbox"]))  { echo $_POST["checkbox"];}

My contact form contains: Name, Email, Message and a tick box for the terms and conditions. I tried the above code with a Exit function as well. This didn't work but even if it did I would have taken them off the page 😛 Which I have no clue how to stop lol

Issue 2:

$email = $_POST['email'];
function email_valid ($email) {  

if (eregi("^[a-z0-9._-]+@[a-z0-9._-]+.[a-z]{2,6}$", $email)) 
    { return TRUE; } else
	 { exit();
	  header("Location: http://www.google.co.uk"); } 
}

Here I wanted to revert them back to my page if the email was invalid (I used google as an example) but this does nothing, apart from typing "Email in not valid" on the screen :/ lmao

They are my main two problems at the moment.

Little bit about my background: I am studying Computer Science at Uni so I have a good knowledge of C# which I think got me this far haha I am creating this webpage as a little project but it will be going live hopefully by the end of this month 😛

Cheers, Dan

leatherback

You do not tell us what your problem is in the first situation
In the second: If you exit() the script exits. So your header() will never kick in.

SoapDodger

On the second one, Thats a very good point haha Sometimes code is so simple 😛

And the first part just doesn't seem to work full stop. Regardless of whether they select the tick box for terms and conditions it runs the script 😛

Any thoughts? Or a better way? I would rather they stayed on the page lol

leatherback

well.. the obvious would be: What is the name of the chackbox? Did you call it exactly that? Naturally, one can check what is in the $POST array, by using a print_r($POST); statement. Then you can figure out what is actually send to your script..

johanafm

SoapDodger;10985721 wrote:
And the first part just doesn't seem to work full stop.

When coding, and especially when asking for help about coding, a statement such as the above is of absolutely no help. If you need help with something, it obviously isn't working (as you wishes it to do), otherwise you wouldn't have asked in the first place.

SoapDodger;10985721 wrote:
Regardless of whether they select the tick box for terms and conditions it runs the script 😛

This however, is the kind of information you need to provide. It also makes the error very very easy to spot.

if (isset($_POST["checkbox"]))  { echo $_POST["checkbox"];}

If you used a common form of coding style and indentation, like this

if (isset($_POST["checkbox"]))
{
	echo $_POST["checkbox"];
}

... it should be obvious that the code block executed for that if conditon contains only one line of code: echo $POST["checkbox"];
Yet if I understand you correctly, you don't wish the rest of the code to execute unless this if condition is true. Should this be the case, move the rest of the code inside this block of code.
And here you should be able to understand why I needed you to state that "Regardless of whether they select the tick box for terms and conditions it runs the script", since the above code is perfectly valid, and even makes sense (until your particaular wishes are known). If $POST['checkbox'] wasn't set, you can't echo it, and since we don't know what you want to do unless you tell us exactly what that is, we would believe that you wanted to show the value of $_POST['checkbox'] if it is set, rather than do something that the code doesn't do.

Your email validation function tells me that you either need to turn on error reporting, since the ereg family of functions has been deprecated since PHP 5.3, which came out over a year ago, or upgrade whatever version you are using to PHP 5.3.6 and then possibly turn on error reporting. Come PHP 6, these functions will no longer exist.

Moreover, I don't believe that it's good coding practice for a function such as this one to do redirects or exit program execution. In my opinion, you should do it along these lines instead

/* the function that validates email addresses now does NOTHING, other than
	validate the email address. The choice to exit, redirect, display feedback to the
	user etc now lies where it belongs: somewhere else.
*/
function email_valid($email)
{
	if ('the actual validation test goes here')
		return true;
	else
		return false;
}


$errors = array();
/* This part of code, rather than send the user away when they make a misstake
	filling out your form, now gets informative feedback and can correct their
	misstake.
*/
if (email_valid($email))
{
	/* do what you need to with the validated email address:
			send an email, store address in database etc
	*/
}
else
{
	$errors[] = 'Invalid email address. Please verify your input';
}


# And then, where you display your form, right before the actual form is shown
foreach ($errors as $e)
{
	printf('<div style="color: red;">%s</div>', $e);
}

# and then inside the form
printf('<input type="text" name="email" value="%s" />',
	isset($_POST['email']) ? htmlentities($_POST['email'], ENT_QUOTES, 'utf-8') : ''
);

And finally, when it comes to validating email addresses, if you want to do it properly you should google for something like "php email validation rfc compliant" which finds you this page among others. The linked page claims to

validates all parts of a given email address, according to RFCs 1123, 2396, 3696, 4291, 4343, 5321 & 5322.

If you don't care about properly accepting valid email addresses as valid, then you might as well just use [man]filter_var[/man]

filter_var($email, FILTER_VALIDATE_EMAIL)

which returns false on "invalid" email addresses, except that it doesn't properly validate email addreses. However, while failing its job, it seems to be failing somewhat less than your approach, at least when testing a few valid (according to RFC 3696) email addresses, such as

$valid_emails = array(
	'Abc\@def@example.com',
	'Fred\ Bloggs@example.com',
	'Joe.\\Blow@example.com',
	'"Abc@def"@example.com',
	'!def!xyz%abc@example.com',
	'customer/department=shipping@example.com',
	'$A12345@example.com'
);

Your function fails validating all of them, filter_var "only" fails on 3 out of 7.

SoapDodger

First of all I had a look at the link you gave me for the validation which copes with all RFC's and that is amazing. Who knew you could write so mmuch code to validate one box! I decided for now my page doesn't require that kind of code so I went with the one you mentioned that validates 3 emails.

Secondly I am sorry if I didn't convey my problem properly in the first place, I had spent a lot of time going backwards and forwards all day and I kinda rushed my message.

As regards the different version of PHP that is a mystery to me. As I say I have only just started using it and have no real knowledge. I am using Dreamweaver CS5 and just opened a .php document :p I presume that would include the latest version?

Lastly this section of code that you posted:

# And then, where you display your form, right before the actual form is shown 
foreach ($errors as $e) 
{ 
    printf('<div style="color: red;">%s</div>', $e); 
} 

# and then inside the form 
printf('<input type="text" name="email" value="%s" />', 
    isset($_POST['email']) ? htmlentities($_POST['email'], ENT_QUOTES, 'utf-8') : '' 
);

I don't really get this sorry? I was under the impression that PHP did not work in a HTML file? thus why it has its own file type? sorry if I am being dumb 🙁 lol

Cheers for the support so far, Its greatly appreciated!

johanafm

The code part you posted above, as well as the other references to $error that I had in my code were ment to handle feedback to the user, so that they could be informed that the email address they entered was invalid, along with any other misstakes.
The exact part that you posted first includes the output of these, one error message per div so that they align under each other and using red text to draw attention.

The second part of that piece of code is supposed to go inside the html form displayed if there were any errors, since it's nice to refill the form with the values posted by the user so they only need to correct whatever wasn't right, rather than fill out the whole form.

As for the file extension used, the only thing that actually matters is what file extensions your web server is set to parse as php files. Usually, this will only be .php files, but you could tell your web server to also parse .txt or .html files as php.
And the nifty thing with php, or any other programming language capable of sending output, is that you can output html code. This means that your php script can both validate the form (check that all required fields are filled out, check if the email address is correct etc), and then use that information in a way that suits you, such as send an email or save the information in a database etc.
But since php code can be used to output html code, you can also use it to create an entire html document, and in the case where there is an error in the posted data, that is particularly useful for redisplaying the data entered as well as give meaningful error messages.

johanafm

Oh, the thing about PHP versions is in regard to your use of [man]ereg[/man], which as you can see if you follow that link to the PHP doc, has been deprecated since PHP 5.3.

Now, I have no idea how Dreamweaver works, but if it does include PHP >= 5.3, then you should get an error message along the lines of E_DEPRECATED: ereg has been deprecated. You set the level of what errors to report in php.ini, using error_reporting, you tell php where to log errors using log_errors and you tell php to send error messages using display_errors (stdout for standard output). Do note that you should turn off display_errors in production environment, but it's nice to have in a development environment.

SoapDodger

Thanks guys for that, I have just got back from a short break and I shall dig back into to my website.

Cheers, Dan