php contact form validation (invalid email still sending)

StackOverflow https://stackoverflow.com/questions/18365025

Question

So I am putting together a form and was recommended that I validate the form. I found a tutorial but seem to still be having problems getting the php to function.

The html for the form:

<div id="FGSform"> 
<form action="/working/wp-content/themes/NEW/mail.php" method="post" name="contactFGS"          id="contactFGS">
<ul>
<li>
    <label for="first-name">First Name</label>
<br>
    <input type="text" id="firstname" name="firstname" required aria-required="true">
</li>
<br>
<li>
    <label for="last-name">Last Name</label><br>
    <input type="text" id="lastname" name="lastname" required aria-required="true">
</li>
<br>
<li>
    <label for="email">Email</label>
<br>
    <input type="email" id="email" name="email" required aria-required="true">
</li>
<br>
<li>
  <label for="contact-reason" id="reason" name="reason">Reason for Contact</label>
      <select id="reason" name="reason" required>
      <option value="."></option>
      <option value="Print Services">Print Services</option>
      <option value="Design Services">Design Services</option>
      <option value="Employment">Employment</option>
      <option value="Questions">Questions</option>
      <option value="Other">Other</option>     
      </select> 
</li>
<br>
<li>
  <label for="comments">Comments</label>
<br>
    <textarea name="contactcomments" id="contactcomments" cols="40" rows="10" required></textarea>
</li> 
<br>
<li>
    <input type="radio" id="newsletter" name="newsletter">
    <label for="signmeup">Sign me up for newsletter, updates and other information about FGS</label>  
</li>
<br>
<li>
<input type="submit" value="Send" name="submit">
</li>

Here is the php:

<?php
/*Validate and Sanitaize */

    if (isset($_POST['submit'])){

}

if ($_POST['firstname'] != "") {
    $_POST['firstname'] = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
    if ($_POST['firstname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your name.</br>';
}   

if ($_POST['lastname'] != "") {
    $_POST['lastname'] = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
    if ($_POST['lastname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your last name.</br>';
}

if ($_POST['emial'] != "") {
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALITDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
} else {
    $errors .= 'Please enter your email address.<br/>';
}

if (isset($_REQUEST['reason']) && $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';
}

if ($_POST['contactcomments'] != "") {  
    $_POST['contactcomments'] = filter_var($_POST['contactcomments'], FILTER_SANITIZE_STRING);
    if ($_POST['contactcomments'] == "") {
        $errors .='Please enter a message to send.<br/>';
    }
} else {
    $errors .='Please enter a message to send.<br/>';
}





 /* Email Variables */
 $emailSubject = 'Website Mail!'; 
$webMaster = 'email@here.com';



 /* Data Variables */
 $firstname = $_POST['firstname'];
 $lastname = $_POST['lastname'];
$email = $_POST['email'];
$reason = $_POST['reason'];
$contactcomments = $_POST['contactcomments'];
$newsletter = $_POST['newsletter'];





$body = <<<EOD
<br><hr><br>
Name: $firstname <br>
Last Name: $lastname <br>
Email: $email <br>
Reason: $reason <br>
Comments: $contactcomments <br>
Newsletter = $newsletter <br>
EOD;
$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body,
$headers);


/* Results rendered as HTML */
$theResults = <<<EOD
<html>
<head>
<title>sent message</title>
 <meta http-equiv="refresh" content="3;URL=http://mywebsite.com/working/?       page_id=8">
<style type="text/css">
<!--
body {
background-color: #fff; 
font-family: Arial, Helvetica, sans-serif;
font-size: 20px;
font-style: normal;
line-height: normal;
font-weight: normal;
color: #555555;
text-decoration: none;
padding-top: 200px;
margin-left: 150px;
width: 800px;
}
-->
</style>
</head>
<div align="center">Thank you! We will contact you back as soon as posible.</div>
</div>
</body>
</html>
EOD;
echo "$theResults";
?>

The problem that I am having is a person can submit and invalid e-mail as well they can choose the invalid selection item.

I have the action of the form connected to the php file but I wasn't sure if I need to have each form element call the the specific if/then statement of the php file.

I am new to php so this has proven to be a real challenge.

Thank you to anyone who helps.

Was it helpful?

Solution 2

You have a few options.

In your form take out value="." in <option value="."></option>

then change this if (isset($_REQUEST['reason']) && $_REQUEST['reason'] =='.') {

to

if (!isset($_REQUEST['reason'])) { and that option will work (tested)

Be sure to make the change for if ($_POST['emial'] != "") {

to if ($_POST['email'] != "") {

Along with Dimitri Mostrey's answer.

You could also try what you already have, but include exit; at the end like this and add ! in your if isset:

Notice the added ! which wasn't in your handler and needs it.

Otherwise, using if (isset, you're telling "if it is set" which it isn't.

if (!isset($_REQUEST['reason']) || $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';

exit;

Email validation

Underneath if (isset($_POST['submit'])){

add $email = $_POST['email'];

Then change:

if ($_POST['email'] != "") {


    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
}

to

if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
  echo "E-mail is not valid";

exit;

  }

Here's a total rewrite:

NOTE: It is better to put your variables at the top, instead of further down below.

I added $email = $_POST['email']; underneath if (isset($_POST['submit'])){

<?php
/*Validate and Sanitize */

    if (isset($_POST['submit'])){

    $email = $_POST['email'];

}

$error = ""; // added by me

if ($_POST['firstname'] != "") {
    $_POST['firstname'] = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
    if ($_POST['firstname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your name.</br>';
}   

if ($_POST['lastname'] != "") {
    $_POST['lastname'] = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
    if ($_POST['lastname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your last name.</br>';
}


/*
if ($_POST['email'] != "") {


    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
}
*/

if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
  echo "E-mail is not valid";

exit;

  }

else {
    $errors .= 'Please enter your email address.<br/>';
}

if (!isset($_REQUEST['reason']) || $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';

exit;
}

if ($_POST['contactcomments'] != "") {  
    $_POST['contactcomments'] = filter_var($_POST['contactcomments'], FILTER_SANITIZE_STRING);
    if ($_POST['contactcomments'] == "") {
        $errors .='Please enter a message to send.<br/>';
    }
} else {
    $errors .='Please enter a message to send.<br/>';
}


 /* Email Variables */
 $emailSubject = 'Website Mail!'; 
$webMaster = 'kmurray@frgraphicsolutions.com';


 /* Data Variables */
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$reason = $_POST['reason'];
$contactcomments = $_POST['contactcomments'];
$newsletter = $_POST['newsletter'];


$body = <<<EOD
<br><hr><br>
Name: $firstname <br>
Last Name: $lastname <br>
Email: $email <br>
Reason: $reason <br>
Comments: $contactcomments <br>
Newsletter = $newsletter <br>
EOD;
$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body, $headers);

/* Results rendered as HTML */
$theResults = <<<EOD
<html>
<head>
<title>sent message</title>
<meta http-equiv="refresh" content="3;URL=http://frgraphicsolutions.com/working/?page_id=8">

<style type="text/css">
<!--
body {
background-color: #fff; 
font-family: Arial, Helvetica, sans-serif;
font-size: 20px;
font-style: normal;
line-height: normal;
font-weight: normal;
color: #555555;
text-decoration: none;
padding-top: 200px;
margin-left: 150px;
width: 800px;
}
-->
</style>
</head>
<div align="center">Thank you! We will contact you back as soon as possible.</div>
</div>
</body>
</html>
EOD;
echo "$theResults";
?>

OTHER TIPS

It should be FILTER_VALIDATE_EMAIL instead of FILTER_VALITDATE_EMAIL

Among other misspellings and logic errors (see the answer and comments by Fred -ii-), it looks like you find errors, but don't do anything about it.

Currently, in pseudo code:

Check for errors.
If there are any errors, add them to a message.

Regardless of the possible errors, send the email.

And it should be like:

Check for errors.
If there are any errors, add them to a message.

Check to see if there is any error message(s)
If yes, complain loudly and exit
Otherwise, send the email.

Finding errors is only half the battle! Then you need to correct them if you can, or deal with them other ways if you cant!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top