Results 1 to 2 of 2

Thread: PHP Form by using validation and security

  1. #1

    PHP Form by using validation and security

    Hey all,
    Before I state my problem, I would like to tell you want i'm doing. First of all i built a form for the users to enter their name, email, etc with security and form validation. Everything is working good because i receive the date to my email. However when a user just his or her name the system doesn't return the appropriate error. Example 'You forgot to enter your email.' To be more specific, the form doesn't validates.
    Here is the code:



    Code:
     <?php
     $page_title = 'Register';
     include ('./includes/header.html');
      function safe($string) 
     { 
         $pattern = "/\r|\n|\%0a|\%0d|Content\-Type:|bcc:|to:|cc:/i"; 
         return preg_replace($pattern, '', $string); 
     }
      $emailPattern = '/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i'; 
      if (isset($_POST['submitted'])) {
        
     if ( preg_match($emailPattern, $_POST['email'] )) 
     {
         $to = "atlnycdude23@gmail.com"; 
           $subject = "Test Form";
         $errors = array();
         if (empty( $_POST['name']))
     { 
         $errors[] = 'You forgot to enter your name.';
         $name = FALSE;
     } else {
         $name = safe ($_POST['name']);
     }
         
     if (empty( $_POST['email']))
     {
         $errors[] = 'You forgot to enter your email.';
         $email = FALSE;
     } else {
         $email = safe ($_POST['email']);
     }
        
         if (empty($errors)) { 
        }
           
           
        $headers = "From: ". $name . "<" . $email. ">\r\n"; 
         $headers .= "Reply-To: " . $email . "\r\n"; 
         $headers .= "Return-path: ". $email; 
           
         $message = "Name: " . $name; 
         $message .= "\n\nEmail: " . $email; 
        $message .= "\n\n\nMovies: " . $movies;
        $message .= "\n\n\n\nGender: " . $gender;
        
        
        if (mail($to,$subject,$message,$headers))
        
          {
           echo  '<h1 id="mainhead">Thank you!</h1>
           <p>You are now registered. An email has been sent to your email address                          confirming the information.</p><p><br /></p>';
           
          } else {
          
           echo '<h1 id="mainhead">Error!</h1>
           <p class="error">The following
           error(s) occurred:<br />';
           
           foreach ($errors as $msg) {
           
           
              echo " - $msg<br />\n";
           
           }
           echo '</p><p>Please go back and try
           again.</p><p><br /></p>';
           
           }
        
           }
           
        } else {
        
     ?>
     <h2>Register</h2>
     <form action="register.php" method="post">
        <p>Name: <input type="text" name="name" size"20" maxlength="40" /></p>
        <p>Email Address: <input type="text" name="email" size"20" maxlength="40" /></p>
        <p><b>Movies:</b>
        <select name="movies">
        <option value="Star Wars">Star Wars</option>
        <option value="Hoodwinked">Hoodwinked</option>
        </select></p>
        <p><b>Gender:</b>
        <input type="radio" name="gender" value="M" />Male
        <input type="radio" name="gender" value="F" />Female
        </p>
        <p><input type="submit" name="submit" value="Register" /></p>
        <p><input type="hidden" name="submitted" value="TRUE" />
        </form>
        <?php
        }
        include ('./includes/footer.html');
        ?>


    Thanks in advance.

  2. #2
    The way you're formatting your code makes it really hard to follow. If I'm reading this correctly, it would appear the execution never reaches the part where it says "You forgot to enter your email." if the user doesn't enter his email.

    If the user didn't supply his email, this would fail:

    PHP Code:
    if ( preg_match($emailPattern$_POST['email'] )) { 
    and it would never reach this because it is nested within the if conditional above:

    PHP Code:
    if (empty( $_POST['email']))
     {
         
    $errors[] = 'You forgot to enter your email.';
         
    $email FALSE;
     } 
    I suggest you rework the logic.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012