pratikshahse
asked on
Requird fields in PHP file
Here is the PHP file I use to get contact info of users who visit my site. I want to make name and address1 as required fields. what should I do for that.
<?php
$name = $_POST['name'];
$sname = $_POST['spousename'];
$ad1 = $_POST['Address1'];
$ad2 = $_POST['Address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$message = "Name: $name\n";
$message .= "Spouse Name: $spousename\n";
$message .= "Address1: $address1\n";
$message .= "Address2: $address2\n";
$message .= "City: $city\n";
$message .= "State: $state\n";
$message .= "Zip: $zip\n";
$message .= "Email: $email\n";
$message .= "Phone: $phone\n";
if (!mail('myemailid@yahoo.co
header("Location: http://www.yahoo.com");
exit();
?>
Thank You
<?php
$name = $_POST['name'];
$sname = $_POST['spousename'];
$ad1 = $_POST['Address1'];
$ad2 = $_POST['Address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$message = "Name: $name\n";
$message .= "Spouse Name: $spousename\n";
$message .= "Address1: $address1\n";
$message .= "Address2: $address2\n";
$message .= "City: $city\n";
$message .= "State: $state\n";
$message .= "Zip: $zip\n";
$message .= "Email: $email\n";
$message .= "Phone: $phone\n";
if (!mail('myemailid@yahoo.co
header("Location: http://www.yahoo.com");
exit();
?>
Thank You
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@mukhtar2t, JavaScript can only be used as a user convenience, and is never nor should it ever be suggested as a replacement for server side validation.
It is easily bypassed. Only server side validation can be reliable.
It is easily bypassed. Only server side validation can be reliable.
You are right,
It just an additional user convenience to let the code more effectivety.
It just an additional user convenience to let the code more effectivety.
The typical vay to do this is to have the form submit to the same php file that generated the page. then expand the code in the page so it can also handle the submitted form.
Then you check in post data if the submit button was pressed.
If it was not you just display the page with the form empty (as your old page did).
If the submitbutton was pressed you check the posted data for validity, are det required fields filled out, is the zipcode in the proper format, etc and build an errormessage the way rdivilbiss show abowe.
and then you redraw the page with that error message added (usually red so the user notice there have been a change) and with the data entered prefilled into the fields of the form for the user to change as needed.
Use a schema something like this:
----------------- start of page.php ---------------
<?php
if( $_POST['submitbutton'] ] {
// validate posted date
if( <the data is valid> ) {
// code to use the date
header("Location: http://www.yoursite.com/thank_you_page.php");
// Redirect to next page
exit; //and stop this one
}else{
$refilldata = true;
}
}
?>
<!-- and here you put the 'old page' but change the fields in the form so they kan reshow the users data -->
<form action="{$_SERVER['PHP_SEL
<input type='text' name='field1' value="<? echo ($refilldata) ? $_POST['field1'] : "" ?>">
...
<input type='submit' name='ubmitbutton' value='send it' ... >
</form>
Then you check in post data if the submit button was pressed.
If it was not you just display the page with the form empty (as your old page did).
If the submitbutton was pressed you check the posted data for validity, are det required fields filled out, is the zipcode in the proper format, etc and build an errormessage the way rdivilbiss show abowe.
and then you redraw the page with that error message added (usually red so the user notice there have been a change) and with the data entered prefilled into the fields of the form for the user to change as needed.
Use a schema something like this:
----------------- start of page.php ---------------
<?php
if( $_POST['submitbutton'] ] {
// validate posted date
if( <the data is valid> ) {
// code to use the date
header("Location: http://www.yoursite.com/thank_you_page.php");
// Redirect to next page
exit; //and stop this one
}else{
$refilldata = true;
}
}
?>
<!-- and here you put the 'old page' but change the fields in the form so they kan reshow the users data -->
<form action="{$_SERVER['PHP_SEL
<input type='text' name='field1' value="<? echo ($refilldata) ? $_POST['field1'] : "" ?>">
...
<input type='submit' name='ubmitbutton' value='send it' ... >
</form>
For an example I suppose this is fine but you might want to point out the XSS vulnerabilities, in $_SERVER['PHP_SELF'] and <input type='text' name='field1' value="<? echo ($refilldata) ? $_POST['field1'] : "" ?>">.
I'm all for simplifying examples, but failure to mention XSS is irresponsible.
Filter your input before re-writing it to a inputs value and understand that $_SERVER['PHP_SELF'] can be manipulated by a malicious user.
I'm all for simplifying examples, but failure to mention XSS is irresponsible.
Filter your input before re-writing it to a inputs value and understand that $_SERVER['PHP_SELF'] can be manipulated by a malicious user.
ASKER
rdivilbiss, i am trying to use your code but it does not work. when i hit submit it takes me to page not found error. This happens even when i fill out the required fields and also when i leave them blank.
here is the php i am using.
<?php
$errorMsg = '';
$name = $_POST['name'];
{
errorMsg .= "Then name is required.
}
$sname = $_POST['spousename'];
$ad1 = $_POST['Address1'];
$ad2 = $_POST['Address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$phone = $_POST['phone'];
if ($errorMsg=='') {
$message = "Name: $name\n";
$message .= "Spouse Name: $spousename\n";
$message .= "Address1: $address1\n";
$message .= "Address2: $address2\n";
$message .= "City: $city\n";
$message .= "State: $state\n";
$message .= "Zip: $zip\n";
$message .= "Email: $email\n";
$message .= "Phone: $phone\n";
if (!mail('myemailid@yahoo.co
header("Location: http://www.yahoo.com");
exit();
}
else {
echo $errorMsg . "<a href=\"new_member.htm\">Go
}
?>
here is the php i am using.
<?php
$errorMsg = '';
$name = $_POST['name'];
{
errorMsg .= "Then name is required.
}
$sname = $_POST['spousename'];
$ad1 = $_POST['Address1'];
$ad2 = $_POST['Address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$phone = $_POST['phone'];
if ($errorMsg=='') {
$message = "Name: $name\n";
$message .= "Spouse Name: $spousename\n";
$message .= "Address1: $address1\n";
$message .= "Address2: $address2\n";
$message .= "City: $city\n";
$message .= "State: $state\n";
$message .= "Zip: $zip\n";
$message .= "Email: $email\n";
$message .= "Phone: $phone\n";
if (!mail('myemailid@yahoo.co
header("Location: http://www.yahoo.com");
exit();
}
else {
echo $errorMsg . "<a href=\"new_member.htm\">Go
}
?>
>>when i hit submit it takes me to page not found error
There is no submit in my code...
Save my code to formhandler.php and in your form page set the form tag's action to formhandler.php
Read this: http://www.cafesong.com/ert/form_article/index.php
There is no submit in my code...
Save my code to formhandler.php and in your form page set the form tag's action to formhandler.php
Read this: http://www.cafesong.com/ert/form_article/index.php
ASKER
ok here is my html and below that is the file thats given by you. when i click on submit it just takes me to a blank page and does not do anything. it does not throw me an error when i dont put any information in and also it does not e mail me when i put all the information in. Please let me know what am i missing
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Please enter the requested infor</title>
</head>
<body bgcolor="#FFCC99">
<form action="formhandler.php" method="POST">
<p>Please enter the requested information.
</p>
<table style="width:240px" border="0">
<tr>
<td style="width:62px">Name:</
<td><input name="name" size="30"></td>
</tr>
<tr>
<td style="width:62px">Spouse Name:</td>
<td><input name="spousename" size="30"></td>
</tr>
<tr>
<td style="width:62px">Address
<td><input name="Address1" size="30"></td>
</tr>
<tr>
<td style="width:62px">Address
<td><input name="Address2" size="30"></td>
</tr>
<tr>
<td style="width:62px">City:</
<td><input name="city" size="30"></td>
</tr>
<tr>
<td style="width:62px">State:<
<td><input name="state" size="5"></td>
</tr>
<tr>
<td style="width:62px">Zip:</t
<td><input name="zip" size="11"></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="email" size = "30"></td>
</tr>
<tr>
<td>Phone:</td>
<td><input name="phone" size="16"></td>
</tr>
</table>
<br>
</br>
<input type="submit" value="Send">
<input type="reset" value="Clear the form">
</form>
</body>
</html>
PHP
<?php
$errorMsg = '';
$name = $_POST['name'];
if ($name=="") {
errorMsg .= "Then name is required.
}
$sname = $_POST['spousename'];
$ad1 = $_POST['Address1'];
if ($ad1=="") {
errorMsg .= "Then address is required.
}
$ad2 = $_POST['Address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$phone = $_POST['phone'];
if ($errorMsg=='') {
$message = "Name: $name\n";
$message .= "Spouse Name: $spousename\n";
$message .= "Address1: $address1\n";
$message .= "Address2: $address2\n";
$message .= "City: $city\n";
$message .= "State: $state\n";
$message .= "Zip: $zip\n";
$message .= "Email: $email\n";
$message .= "Phone: $phone\n";
if (!mail('myemailid@yahoo.co
header("Location: http://www.yahoo.com");
exit();
} else {
echo $errorMsg . "<a href=\"prevpage\">Go Back</a>";
}
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Please enter the requested infor</title>
</head>
<body bgcolor="#FFCC99">
<form action="formhandler.php" method="POST">
<p>Please enter the requested information.
</p>
<table style="width:240px" border="0">
<tr>
<td style="width:62px">Name:</
<td><input name="name" size="30"></td>
</tr>
<tr>
<td style="width:62px">Spouse Name:</td>
<td><input name="spousename" size="30"></td>
</tr>
<tr>
<td style="width:62px">Address
<td><input name="Address1" size="30"></td>
</tr>
<tr>
<td style="width:62px">Address
<td><input name="Address2" size="30"></td>
</tr>
<tr>
<td style="width:62px">City:</
<td><input name="city" size="30"></td>
</tr>
<tr>
<td style="width:62px">State:<
<td><input name="state" size="5"></td>
</tr>
<tr>
<td style="width:62px">Zip:</t
<td><input name="zip" size="11"></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="email" size = "30"></td>
</tr>
<tr>
<td>Phone:</td>
<td><input name="phone" size="16"></td>
</tr>
</table>
<br>
</br>
<input type="submit" value="Send">
<input type="reset" value="Clear the form">
</form>
</body>
</html>
PHP
<?php
$errorMsg = '';
$name = $_POST['name'];
if ($name=="") {
errorMsg .= "Then name is required.
}
$sname = $_POST['spousename'];
$ad1 = $_POST['Address1'];
if ($ad1=="") {
errorMsg .= "Then address is required.
}
$ad2 = $_POST['Address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$phone = $_POST['phone'];
if ($errorMsg=='') {
$message = "Name: $name\n";
$message .= "Spouse Name: $spousename\n";
$message .= "Address1: $address1\n";
$message .= "Address2: $address2\n";
$message .= "City: $city\n";
$message .= "State: $state\n";
$message .= "Zip: $zip\n";
$message .= "Email: $email\n";
$message .= "Phone: $phone\n";
if (!mail('myemailid@yahoo.co
header("Location: http://www.yahoo.com");
exit();
} else {
echo $errorMsg . "<a href=\"prevpage\">Go Back</a>";
}
?>
add this attribute to your form tag
onsubmit="return check_required()"
so if the check required function returns false the form will not submit
and add this function to your head section
function check_required()
{
if(!document.getElementByI
{
alert('name field is required');
document.getElementByID('n
return false;
}
if(!document.getElementByI
{
alert('address1 field is required');
document.getElementByID('n
return false;
}
return true;
}
Notice that javascript may not be active on all your clients computers