[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-db
Subject:    [PHP-DB] How to test PHP form for proper input
From:       Phil Matt <admin () philmatt ! com>
Date:       2007-08-03 18:49:15
Message-ID: 46B378AB.1080505 () philmatt ! com
[Download RAW message or body]

I've got a mail form that automatically pulls in the addressee from a MySQL db, and lets the sender
fill in his/her own info before sending. I figured out how to set up tests for legal input in the
different fields, but I don't know how to incorporate the test results into my form submission code.
(Sorry for the dumb question, but I'm not an experienced PHP coder...)

Here the basic stuff:

//SENDS MAIL
<?
if ($submit){
mail($recipient, $subject, $message, "From:\"$from_name\"<$from_email>\r\n" .
"Reply-to: $from_email\r\n" .	
"X-Mailer: PHP/" . phpversion());
echo "<h1>Your message has been sent!</h1>";}
	?>
//FORM USED
	
<form name="mymail" id="talign3" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
    <table class="bg" summary="Form for sending email" cellspacing="0">
<tr rowspan="2"><th colspan="3">Send e-mail to: <? $recip=$_GET['recip']; echo "$recip"; ?></th></tr>
    <tr>
      <td width="23%"><label for="your name">Your Name</label></td>
      <td width="77%"><input name="from_name" type="text" id="from_name" value="<?=$from_name?>"
size="45"></td>
    </tr>
    <tr>
      <td nowrap><label for="email address">Your Email Address</label></td>
      <td width="70%"><input name="from_email" type="text" id="from_email" value="<?=$from_email?>"
size="45"></td>
    </tr>
    <tr>
      <td><label for="subject">Subject</label></td>
      <td><input name="subject" type="text" id="subject" value="<?=$subject?>" size="55"></td>
    </tr>
    <tr>
        <td style="vertical-align:top">Message</td>
      <td><textarea name="message" cols="45" rows="15" id="message"><?=$message?></textarea></td>
    </tr>
    <tr>

      <td><div align="right">
          <input name="userid" type="hidden" id="userid" value="<?$to_name?>" />
          <input name="cmd" type="hidden" id="cmd" value="validate_form">
          <input type="submit" name="submit" value="send mail">
        </div></td>
    </tr>
  </table></form>

//TESTING CODE
<?
  $pattern = '/.*@.*\..*/';
  extract($_POST);
  /*validate*/
  function check_from($from_name)
  {
  if(!preg_match("/[^a-zA-Z0-9\.\-\Ä\ä\Ö\ö\Ü\ü\]+$/s",$from_name))
  return TRUE;
  else
  return FALSE;
  }
  function check_email($from_email)
  {
  if (!preg_match($pattern,$from_email))
  return TRUE;
  else
  return FALSE;
  }
  function check_subject($subject)
  {
  if(!preg_match("/[^a-zA-Z0-9\.\-\Ä\ä\Ö\ö\Ü\ü\]+$/s",$from_name))
  return TRUE;
  else
  return FALSE;
  }
  function check_message($message)
  {
  if(!preg_match("/[^a-zA-Z0-9\.\-\Ä\ä\Ö\ö\Ü\ü\]+$/s",$message))
  return TRUE;
  else
  return FALSE;
  }
 /*test fails*/
 $error=0; // check up variable
 /*start*/
 if(!check_from($from_name))
 {
 echo "You haven't entered your name in the Name box!";
 $error++; // $error=$error+1;
 }
 if(!check_email($from_email))
 {
 echo "You haven't entered a valid email address in the email box!";
 $error++;
 if(!check_subject($subject))
 {
 echo "You haven't entered your name in the Name box!";
 $error++;
 if(!check_message($message))
 {
 echo "You haven't entered anything in the Message box!";
 $error++;
 }
 if($error==0)
 {echo
 "Thank you for your email. You should receive a reply shortly from the staff person you contacted";
 } else
 {
 echo"Number of errors: $error";
 }
 ?>

TIA for your help!

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]