HomeBuilding Your WebsiteWeb Programming and Application Development
You are viewing this site as a guest. Join our community to get your questions answered and share knowledge. Active members may advertise and ask for a website critique.

php form validation

benjy posted this at 14:08 — 24th June 2009.

They have: 32 posts

Joined: Jun 2009

I use a server-side form validation code in php. It is open source, and I would like to add a couple of modifications to it, but do not know php in any depth at all.

I have saved the code as a .txt file, so can be read:
Link to code

It works great as is, but I would like to enable the user to either leave email field blank, or enter a valid email address.

Also, I would like it to incorporate a check for a checkbox, ie: return the result of checked or not to me - all I have achieved so far is a valid return if the user has checked the box. If left unchecked, I get an error.

Any help, much appreciated,
thanks.

Kiss Computing

kazimmerman posted this at 16:48 — 24th June 2009.

He has: 670 posts

Joined: Jul 2005

Alright, this should allow users to leave the email field blank:

<?php


if(isset($_POST['email'])) {
   
    // EDIT THE 2 LINES BELOW AS REQUIRED
    $email_to = // COMENTED OUT ON PURPOSE! "MYEMAILADDRESS";
    $email_subject = "Website enquiry";
   
   
    function died($error) {
        // your error code can go here
        echo "We are very sorry, but there are problems with the form you submitted.<br />";
        echo "These errors appear below.<br /><br />";
        echo $error."<br />";
        echo "Please go back and fix these errors.<br />";
        die();
    }
   
    // validation expected data exists
    if(!isset($_POST['name']) ||
        !isset($_POST['surname']) ||
        !isset($_POST['comments']) ) {
                //REMOVED THE NEED FOR AN EMAIL HERE
        died('We are sorry, but there appears to be a problem with the form your submitted.');       
    }
   
    $first_name = $_POST['name'];
    $last_name = $_POST['surname'];
        //THIS WILL TELL YOU THE EMAIL OR THAT THE EMAIL WASN'T PROVIDED
    if (isset($_POST['email'])) {
    $email_from = $_POST['email'];
    }
    else {
    $email_from = "Email not given";
    }
    $comments = $_POST['comments'];
   
    $error_message = "";
    $string_exp = "^[a-z .'-]+$";
  if(!eregi($string_exp,$first_name)) {
      $error_message .= 'The First Name you entered does not appear to be valid.<br />';
  }
  if(!eregi($string_exp,$last_name)) {
      $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
  }
    $email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$";
  if(isset($_POST['email']) && !eregi($email_exp,$email_from)) {
        //NOW THIS IS ONLY CHECKED IF THE EMAIL EXISTS
      $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
  if(strlen($comments) < 2) {
      $error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }
 
   
  if(strlen($error_message) > 0) {
      died($error_message);
  }
    $email_message = "Form details below.\n\n";
   
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }
   
    $email_message .= "First Name: ".clean_string($first_name)."\n";
    $email_message .= "Last Name: ".clean_string($last_name)."\n";
    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Comments: ".clean_string($comments)."\n";
   
   
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers); 
?>

I left comments about what I did. As for the checkbox problem, I'm not sure what you need. Have you added it to the PHP? Because I see nothing in the file you provided about a checkbox value...

form-fitting: where design meets necessity

benjy posted this at 10:43 — 26th June 2009.

They have: 32 posts

Joined: Jun 2009

Thankyou very much for taking the time.. However, I get the error message:
"we are very sorry......... Email is not valid" !!

As for the checkbox, I tried it a while ago, but again, it threw up an error if it wasn't checked. If it was checked, I had confirmation in my email..

Going from memory, I placed code here:

// validation expected data exists
if(!isset($_POST['name']) ||

!isset($_POST['checkbox']) ||

and here:

$email_message .= "Checkbox: ".clean_string($checkbox)."\n";

Hope you can assist further.

Kiss Computing

kazimmerman posted this at 13:17 — 26th June 2009.

He has: 670 posts

Joined: Jul 2005

Alright, this should work for the email part:

<?php

if(isset($_POST['email'])) {
  
    // EDIT THE 2 LINES BELOW AS REQUIRED
    $email_to = // COMENTED OUT ON PURPOSE! "MYEMAILADDRESS";
    $email_subject = "Website enquiry";
  
  
    function died($error) {
        // your error code can go here
        echo "We are very sorry, but there are problems with the form you submitted.<br />";
        echo "These errors appear below.<br /><br />";
        echo $error."<br />";
        echo "Please go back and fix these errors.<br />";
        die();
    }
  
    // validation expected data exists
    if(!isset($_POST['name']) ||
        !isset($_POST['surname']) ||
        !isset($_POST['comments']) ) {
                //REMOVED THE NEED FOR AN EMAIL HERE
        died('We are sorry, but there appears to be a problem with the form your submitted.');      
    }
  
    $first_name = $_POST['name'];
    $last_name = $_POST['surname'];
    $email_from = $_POST['email'];
    $comments = $_POST['comments'];
  
    $error_message = "";
    $string_exp = "^[a-z .'-]+$";
  if(!eregi($string_exp,$first_name)) {
      $error_message .= 'The First Name you entered does not appear to be valid.<br />';
  }
  if(!eregi($string_exp,$last_name)) {
      $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
  }
    $email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$";
  if(($email_from != "") && !eregi($email_exp,$email_from)) {
        //NOW THIS IS ONLY CHECKED IF THE EMAIL EXISTS
      $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
  if(strlen($comments) < 2) {
      $error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }

  
  if(strlen($error_message) > 0) {
      died($error_message);
  }
    $email_message = "Form details below.\n\n";
  
    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }
  
    $email_message .= "First Name: ".clean_string($first_name)."\n";
    $email_message .= "Last Name: ".clean_string($last_name)."\n";
    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Comments: ".clean_string($comments)."\n";
  
  
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
}
?>

As for the checkbox, I don't believe you can use isset() to check it because it will throw an error if it is not checked. If you use the code you provided, the if statement will only validate if the checkbox value is set. Wink

form-fitting: where design meets necessity