Issue regarding my contact form

StackOverflow https://stackoverflow.com/questions/21727804

  •  10-10-2022
  •  | 
  •  

Question

I have a contact form on my page, now most of it is working fine, however I have create some validation which does some back end checking of string lengths if somehow the user bypasses the regular HTML maxlength argument for text inputs.

Here are my two problems:

1) If I enter numbers in a field then I automatically get a message saying ive gone over the max limit, which obviously shouldn't be getting executed.

2) The second problem Is that, when I get that message ( which was received wrong) it should of at least stopped the mail from being sent, since there was a problem, but it sends the email anyway!!

Feel free to go try it and see for your self:

http://eclipse-developers.com/v2/eclipse-developers.com/#contactUs

Here is the PHP script for my contact form:

// here we put in an if statement to check against missing variables (empty values)
        if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['subject']) && isset($_POST['message'])){

            $name=$_POST['name'];
            $organisation=$_POST['organisation'];
            $reference=$_POST['reference'];
            $email=$_POST['email'];
            $subject=$_POST['subject'];
            $message=$_POST['message'];
            // here we are checking to see if that value anything and not just black.

            if (!empty($name) && !empty($email) && !empty($subject) && !empty($message) ){  
                // this is doing a check for max length, its doing it in php just in case the user
                // cheats and bypasses the html check.

            if (strlen($name>31) || strlen($lname>31) || strlen($organisation>31) || strlen($email>51) || strlen($subject>31) || strlen($reference>31) || strlen($message>2001)){
                echo"sorry, max length for a field has been exceeded. Go back and try again</a><br><br>";
            }
            $to='skyrocketing132@yahoo.com';
            $emailsubject=$subject;
            $body=$name."\nCompany Name: ".$organisation."\nRef: ".$reference."\nMessage: ".$message;
            $headers= 'From: '.$email;

            // mails, if statement so if its true (mail did send)
                if  (mail($to,$emailsubject,$body,$headers)){
                    echo'Thanks for contacting us.';        
                }else{
                    echo'Sorry, an error occurred. Try again later.';
                }
            }
            } else{
            }
Was it helpful?

Solution

Your conditions are wrong, you have:

strlen($name > 31)

This will first check if $name has a value higher than 31, which returns a boolean value of true or false. This is then cast to a string and the length of it is checked, which will always be higher than 0 and thus be true. It should be:

strlen($name) > 31

To prevent the e-mail from being sent, you have to abort after these conditions are true. Your code would become something like:

if (strlen($name) > 31 || strlen($lname) > 31 || strlen($organisation) >31 || strlen($email)>51 || strlen($subject)>31 || strlen($reference)>31 || strlen($message)>2001){
    echo"sorry, max length for a field has been exceeded. Go back and try again</a><br><br>";
} else {
    $to='skyrocketing132@yahoo.com';
    $emailsubject=$subject;
    $body=$name."\nCompany Name: ".$organisation."\nRef: ".$reference."\nMessage: ".$message;
    $headers= 'From: '.$email;

    // mails, if statement so if its true (mail did send)
    if  (mail($to,$emailsubject,$body,$headers)){
        echo'Thanks for contacting us.';        
    }else{
        echo'Sorry, an error occurred. Try again later.';
    }
}

OTHER TIPS

1) If I enter numbers in a field then I automatically get a message saying ive gone over the max limit, which obviously shouldn't be getting executed.

Your conditions are wrong.

strlen($name>31)

Change to

strlen($name)>31

2) The second problem Is that, when I get that message ( which was received wrong) it should of at least stopped the mail from being sent, since there was a problem, but it sends the email anyway!!

Put an exit;/die; after a failure, or add if/else logic.

Force end

 if (strlen($name)>31 || strlen($lname)>31 || strlen($organisation)>31 || strlen($email)>51 || strlen($subject)>31 || strlen($reference)>31 || strlen($message)>2001){
     echo"sorry, max length for a field has been exceeded. Go back and try again</a><br><br>";
    exit;
 }

if/else logic

 if (strlen($name)>31 || strlen($lname)>31 || strlen($organisation)>31 || strlen($email)>51 || strlen($subject)>31 || strlen($reference)>31 || strlen($message)>2001){
     echo"sorry, max length for a field has been exceeded. Go back and try again</a><br><br>";
 } else {
    //Attempt email send
 }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top