php form review before email

Question

I saw another subject relating to this but still was a little confuesed since I am still basic at PHP. So I have a form that posts to my Order.php. This sends the email and works just fine. I would like the form to post to Review.php then send. Below is my Order.PHP (i removed some of the input fields from the array since its rather long). I was thinking on the review.php I can just use all of the order.php code but instead of $send = mail($to, $subject, $body, $headers); I could just request $to, $subject, $body, $headers in some html then have a sumbit button that will send those to order.php that will be simplified since all the data is processed in the review page. Does that sound right?

order.php is as follows

<?php 

$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";

 $to = "packy@mycompany.com";
 $name = $_REQUEST['FitterName'] ; 
 $from = $_REQUEST['FitterEmail'] ; 
 $headers = "From: $from"; 
 $subject = "Online Order"; 
 $name2 = $_REQUEST['CustomerEmail'] ; 

 $grind = join(", ", $_REQUEST["grind"]);
 $woods = join(", ", $_REQUEST["woods"]);
 $hybrids = join(", ", $_REQUEST["hybrids"]);
 $iron = join(", ", $_REQUEST["iron"]);
 $wedges = join(", ", $_REQUEST["wedges"]);

 $fields = array(); 
 $fields{"AccountName"} = "Accounts's Name:  "; 
 $fields{"FitterName"} = "Fitter's Name:  "; 
 $fields{"CustomerCat"} = "__________________________CUSTOMER INFO__________________________"; 
 $fields{"CustomerName"} = "Customer's Name:  ";
 $fields{"CustomerPhone"} = "Customer's Phone:  ";
 $fields{"CustomerAddress"} = "Customer's Address:  ";



 $body = "We have received the following Online Order from www.mycompany.com:\n\n"; foreach($fields as $a => $b){   $body .= sprintf("%2s %s\n",$b,$_REQUEST[$a]); }
 $body2 = "Please Review the following Online Order from www.mycompany.com:\n\n"; foreach($fields as $a => $b){     $body2 .= sprintf("%2s %s\n",$b,$_REQUEST[$a]); }




 $headers2 = "From: noreply@mycompany.com"; 
 $subject2 = "Thank you for your order"; 
 $autoreply = "Thank you for your order. Customer service will call in the next 24 hours to review your order.";

 $autoreply2 = "Company Customer";

 if($from == '') {print "You have not entered an email, please go back and try again";} 
 else { 
 if($name == '') {print "You have not entered a name, please go back and try again";} 
 else { 
 $send = mail($to, $subject, $body, $headers); 
 $send2 = mail($from, $subject2, $autoreply, $headers2); 
 $send3 = mail($name2, $subject2, $autoreply2, $headers2); 
 if($send) 
 {header( "Location: http://fitter.henry-griffitts.com/fitter/success.php" );} 
 else 
 {print "We encountered an error sending your mail, please review your information"; } 
 }
}
 ?>

Answer 1

Yes.

You could present the user with a review page and hidden in that page you could embed the info that they supplied on the order page.

Review page Confirm button markup;

<form name="review" action="order.php" method="POST">
  <input type="hidden" name="FitterName" value="Bob Smith">
  <input type="hidden" name="FitterEmail" value="a@b.com">
  <input type="submit" value="Submit">
</form>

When they click the submit button on the review page their order info. would be forwarded to the order.php page.

Answer 2

Here is a very basic example of what your review.php file could look like. It adds each of the fields as hidden input variables in a form.

<p>Does everything look correct?</p>
<form method="post" action="order.php">
    <ul>
    <?php
        if (is_array($_REQUEST)) {
            foreach ($_REQUEST as $key => $val) {
                echo "<li><strong>" . $key . "</strong>: " . $val . "</li>";

                // This code should support the checkboxes and multiple selects
                if (is_array($val)) {
                    foreach ($val as $val2) {
                        echo "<input type='hidden' name='" . $key . "[]' value='" . $val2 . "' />";
                    }
                }
                else {
                    echo "<input type='hidden' name='" . $key . "' value='" . $val . "' />";
                }
            }
        }
    ?>
    </ul>
    <input type="submit" value="Submit Info" />
</form>

Now on your order.php, lets clean it up and simplify it a bit, just because.

<?php
    //define some fields
    define("HEADERS",   "MIME-Version: 1.0\r\nContent-type:text/html;charset=iso-8859-1\r\nFrom: noreply@mycompany.com\r\n");
    define("BODY_1",    "We have received the following Online Order from www.mycompany.com:");
    define("BODY_2",    "Please Review the following Online Order from www.mycompany.com:");
    define("SUBJECT_1", "Online Order");
    define("SUBJECT_2", "Thank you for your order");
    define("MY_EMAIL",  "packy@mycompany.com");
    define("REPLY",     "Thank you for your order. Customer service will call in the next 24 hours to review your order.")

    //sanitize your inputs. I like to remove every character that is not allowed
    $data = array(
        'name'   => preg_replace('/[^A-Za-z\\s]/', '', $_POST['FitterName']),
        'email'  => preg_replace('/[^A-Za-z0-9\\.@-_]/', '', $_POST['CustomerEmail']),
        'fitter' => preg_replace('/[^A-Za-z0-9\\.@-_]/', '', $_POST['FitterEmail']),
        'grind'  => preg_replace('/[^A-Za-z\\s,]/', '', implode(',', $_POST['grind'])),
        //the rest of your fields
    );

    //do your field checks here, exit out or return them to the form

    //send your emails
    $send = mail(MY_EMAIL, SUBJECT_1, BODY_1 . print_r($data, true), HEADERS);
    $send2 = mail($data['fitter'], SUBJECT_2, BODY_2 . print_r($data, true), HEADERS);
    $send3 = mail($data['email'], SUBJECT_2, REPLY, HEADERS);

    //more code and redirect