Web Form Submit using Server-Side PHP script

[Elemental]

Hello,

 

I recently had to migrate from one hosting package to another (Classic to cPanel) and in the process my Contact Form stopped functioning.

 

Using the W3Schools PHP tutorials I created the following PHP file:

<?php

// define variables and or set to empty values
$to = "jose@joseantonio.biz";
$subject = "Web Contact Form";
$name = "";
$email = "";
$message = "";
$value-check = "";
$header = "From: $email";

// define Error variables
$nameError = "";
$emailError = "";
$messageError = "";


if ($_SERVER["REQUEST_METHOD"] == "POST"){
if (empty($_POST["name"])){
$nameError = "Name is required";
} else {
$name = test_input($_POST["name"]);
//check if name contains only letteres and whitespce
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameError = "Only letters and white-space allowed";
}
}

if (empty($_POST["email"])){
$emailError = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailError = "Please check email format";
}
}

if (empty($_POST["message"])){
$messageError = "Message is required";
} else {
$message = test_input($_POST["message"]);
}

if (empty($_POST["value-check"])){
$value-checkError = "Please Enter Value";
} else {
$value-check = test_input($_POST["value-check"]);
}
}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

// send email
mail($to, $subject, $message, $header);
header('Location: contact.html');

// End PHP Script 
?>

And here's the HTML form section:

<!-- ** BEGIN form ** //-->
<form method="post" action="contact_form.php" name="contactForm" id="contactForm">

<fieldset id="fieldSet-01">
<label for="name" id="name-label"> Name: <input type="text" name="name" id="name" value="" maxlength="60" title="type your name" autocomplete="off" /><span class="error"><?php echo $nameError;?></span></label>
<label for="email" id="email-label"> Email: <input type="text" name="email" id="email" value="" maxlength="60" title="type your email" autocomplete="off" /><span class="error"><?php echo $emailError;?></span></label>

<label for="message" id="message-label"> Message:  </label>
<textarea onKeyPress=check_length(this.form); onKeyDown=check_length(this.form); name="message" id="message" cols="45" rows="6" wrap="hard" maxlength="250" title="type your message"></textarea><span class="error"><?php echo $messageError;?></span>
</fieldset>

<fieldset id="fieldSet-02">
<label for="word-count" id="word-count"><input size="2" value="250" readonly name="text_num" /><span id="countTxt">  = Characters Left</span></label>

<p id="checkImg"><img src="images/checkImg.jpg" alt="" /><input id="value-check" name="value-check" autocomplete="off" size="5" maxlength="5" /><span>enter text as seen above</span><span class="error"><?php echo $value-checkError;?></span></p>

<input name="submitBtn" id="submitBtn" type="image" value="Submit" src="images/submitBtn_link.png" title="Submit Form" onmouseover="mouseOver()" onmouseout="mouseOut()" />

<label for="required" id="required">all fields are required</label>
</fieldset>
</form>
<!-- **** END form **** //-->

A couple of notes / questions

 

I tried using the form action:"" method from the tutorial:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" name="contactForm" id="contactForm">

but the last two characters of the form tag "> kept showing up in the browser window; any clues as to why?

 

Other examples, else where, showed that you can place the PHP script on the server and have it called when you submit the form by placing the name of the PHP file in the action section of the form tag:

<form method="post" action="contact_form.php" name="contactForm" id="contactForm">

Neither form approach Validates the form.

The redirect: header('Location: contact.html') in the PHP file is not working either.

 

Where am I off?; a hint would be helpful.

Should I be using some kind of call within the html's head tag for the "contact_form.php" file?

 

In case the URL to the online contact page helps: http://joseantonio.biz/contact.html

 

Any help or advise would be appreciated.

 

 

Peace,

 

 

 

 

 

[Ingolme]

The PHP is not executing because the file has a ".html" extension. Give the file a ".php" extension.

[Elemental]

Ingolme,

 

Thanks for your reply, unfortunately changing my contact.html to contact.php didn't work. When I submit the page no validation takes place and no redirect to contact.php, a blank page loads with the following URL http://joseantonio.biz/contact_form.php which is the php document I'm using to validate the form. ???????

 

 

The only thing that happened after changing the file to .php was that now a 0 appears under "enter text as seen above". Even though it does not appear when I edit the document (I use Notepad) nor does it appear when I view it locally nor does it appear when the document is HTML; still, there it is.

 

The weird thing is that when I view the contact.php page source (Firefox) there is a 0 between two <span> tags that don't appear otherwise.

A new dilemma to add to my quest.

 

 

Peace,

[justsomeguy]

Your PHP code has some problems. First, this is a syntax error:

 

$value-check

Hyphens are for subtraction, not variable names. You use hyphens in a few places in that file in variable names.

 

Second, that code doesn't do anything if there is an error. You define a variable called $nameError, for example, and you put some text in it if there was a problem with the name, but you never show the error message. And, you always try to send the email regardless of whether or not there were errors.

[Elemental]

justsomeguy,

 

Thank you for your reply,

 

Thanks for pointing out the "Hyphen" error, I totally missed that; now corrected.

 

As for the code, I believe you're referencing the following:

if ($_SERVER["REQUEST_METHOD"] == "POST"){
if (empty($_POST["name"])){
$nameError = "Name is required";
} else {
$name = test_input($_POST["name"]);
//check if name contains only letteres and whitespce
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameError = "Only letters and white-space allowed";
}
}

and they all look the same but for the "variable names", I took it straight from the W3Schools tutorial page on PHP I only changed a couple of things from the original code.

 

If I'm wrong then please advise but are you referring to the if / else statement, should the if section read:

if ($_SERVER["REQUEST_METHOD"] == "POST"){
if (empty($_POST[""])){
echo $nameError = "Name is required";
} else { ...

so that the error message fires?

 

But I'm guessing that the example on W3Schools, as is written, only works when the PHP is within the same document of the HTML.

 

 

Peace,

Edited May 24, 2016 by Elemental

[justsomeguy]

Right, just read through your code. You do a bunch of validation and checking and set error messages if there are problems, but then you still send the email and redirect. You don't check if there were errors before sending the email, and the code you posted doesn't print the error messages. Most of the time the PHP code that processes the form also displays the form, that's the easiest way to do it when you want to show error messages on the form. You have PHP code at the top that initializes all of your variables and then checks if the form was submitted. If it was submitted then it will validate and process the data. If it was valid then you can redirect. If it wasn't valid or if the form wasn't submitted then it displays the form with any error messages.