Here is a very basic example of what your review.php file could look like. It adds each of the fields as hidden input variables in a form.
<p>Does everything look correct?</p>
<form method="post" action="order.php">
<ul>
<?php
if (is_array($_REQUEST)) {
foreach ($_REQUEST as $key => $val) {
echo "<li><strong>" . $key . "</strong>: " . $val . "</li>";
// This code should support the checkboxes and multiple selects
if (is_array($val)) {
foreach ($val as $val2) {
echo "<input type='hidden' name='" . $key . "[]' value='" . $val2 . "' />";
}
}
else {
echo "<input type='hidden' name='" . $key . "' value='" . $val . "' />";
}
}
}
?>
</ul>
<input type="submit" value="Submit Info" />
</form>
Now on your order.php, lets clean it up and simplify it a bit, just because.
<?php
//define some fields
define("HEADERS", "MIME-Version: 1.0\r\nContent-type:text/html;charset=iso-8859-1\r\nFrom: noreply@mycompany.com\r\n");
define("BODY_1", "We have received the following Online Order from www.mycompany.com:");
define("BODY_2", "Please Review the following Online Order from www.mycompany.com:");
define("SUBJECT_1", "Online Order");
define("SUBJECT_2", "Thank you for your order");
define("MY_EMAIL", "packy@mycompany.com");
define("REPLY", "Thank you for your order. Customer service will call in the next 24 hours to review your order.")
//sanitize your inputs. I like to remove every character that is not allowed
$data = array(
'name' => preg_replace('/[^A-Za-z\\s]/', '', $_POST['FitterName']),
'email' => preg_replace('/[^A-Za-z0-9\\.@-_]/', '', $_POST['CustomerEmail']),
'fitter' => preg_replace('/[^A-Za-z0-9\\.@-_]/', '', $_POST['FitterEmail']),
'grind' => preg_replace('/[^A-Za-z\\s,]/', '', implode(',', $_POST['grind'])),
//the rest of your fields
);
//do your field checks here, exit out or return them to the form
//send your emails
$send = mail(MY_EMAIL, SUBJECT_1, BODY_1 . print_r($data, true), HEADERS);
$send2 = mail($data['fitter'], SUBJECT_2, BODY_2 . print_r($data, true), HEADERS);
$send3 = mail($data['email'], SUBJECT_2, REPLY, HEADERS);
//more code and redirect