kurt.santo Posted January 6, 2008 Share Posted January 6, 2008 Used a Perl-cgi script in past to foward info from web forms. I have been told that this is a security threat and I should use php. In general, this is great. Have no problem sending a simple mail. But in this case there are 20 fields to be sent, which exceeds the 5 parameter limit. How can I use php to achieve what I am after?Kurt Link to comment Share on other sites More sharing options...
jhecht Posted January 6, 2008 Share Posted January 6, 2008 Let's assume you're using POST as your data type. now, here is pretty much the code you use: $S = '';foreach($_POST as $key=>$value){ $S.= $key ." : ". $value."\n";}mail('your.email@domain.com','From Web Form', $S,$yourAdditionalHeaders); Word of Advice when using this case: don't give your submit button a name. otherwise you'll get something in your email at the very end that says "submitName : Send!" or whatever you submit button may happen to say Link to comment Share on other sites More sharing options...
Synook Posted January 7, 2008 Share Posted January 7, 2008 POST is the way to go, as there are no limits like with GET. Also, you can't send newlines with GET. Link to comment Share on other sites More sharing options...
kurt.santo Posted January 7, 2008 Author Share Posted January 7, 2008 Let's assume you're using POST as your data type. now, here is pretty much the code you use:$S = '';foreach($_POST as $key=>$value){ $S.= $key ." : ". $value."\n";}mail('your.email@domain.com','From Web Form', $S,$yourAdditionalHeaders); Word of Advice when using this case: don't give your submit button a name. otherwise you'll get something in your email at the very end that says "submitName : Send!" or whatever you submit button may happen to say Could you just explain the script a bit more? Sorry to bother, but not sure what I need to modify |-) Kurt Link to comment Share on other sites More sharing options...
jhecht Posted January 7, 2008 Share Posted January 7, 2008 $S = '';//Just a string, i didn't feel like making up a name for it, so i just chose S for Stringforeach($_POST as $key=>$value){//Almost exactly like the for loop, but this one is instead looping through the $_POST data array, every key (I.E. $_POST['keyName']) will be put into the value $key. So echo-ing $key would list all the key names ("Name","Age","Address","email" etc). $value is the corresponding values to those keys. ("Bob","20","123 Fayke St", "bob.joe@email.com" etc) $S.= $key ." : ". $value."\n"; // the .= operator is the same thing as $S = $S.'new values'; its like the javascript += operator; this is just adding the new key name and the value, seperated by the colon so that you know when one ends, and when the other begins.}mail('your.email@domain.com','From Web Form', $S,$yourAdditionalHeaders);//Just calling the mail function. Don't put your email into a variable, makes it easier for hackers to get access to. This way they have to single out the call to the mail() function and somehow print it out to find it) Link to comment Share on other sites More sharing options...
justsomeguy Posted January 8, 2008 Share Posted January 8, 2008 POST is the way to go, as there are no limits like with GET. Also, you can't send newlines with GET.They're the same thing, just one goes on the end of the URL and the other goes in the body of the request. Anything you can with one you can do with the other, with the exception of a file upload which needs to be a post request because it's a multi-part message. Link to comment Share on other sites More sharing options...
kurt.santo Posted January 8, 2008 Author Share Posted January 8, 2008 Thanks for your help! I will have a go and see what I come up with...Kurt Link to comment Share on other sites More sharing options...
kurt.santo Posted April 6, 2008 Author Share Posted April 6, 2008 Thanks for your help! I will have a go and see what I come up with...KurtI search now for a way to send data from a form with over 20 input fields to my email address. The mail function does not take more than 5 parameters. How do you do that?Kurt Link to comment Share on other sites More sharing options...
Synook Posted April 6, 2008 Share Posted April 6, 2008 You concatenate all the input fields into the message parameter, just as Jhecht's code does. It loops through the $_POST array (which contains all your fields) and adds them onto the string $S, which end up in the message parameter to be sent. Link to comment Share on other sites More sharing options...
kurt.santo Posted April 6, 2008 Author Share Posted April 6, 2008 You concatenate all the input fields into the message parameter, just as Jhecht's code does. It loops through the $_POST array (which contains all your fields) and adds them onto the string $S, which end up in the message parameter to be sent.Cheers, will have a go...Kurt Link to comment Share on other sites More sharing options...
kurt.santo Posted April 6, 2008 Author Share Posted April 6, 2008 Tested with <?php$S = '';foreach($_POST as $key=>$value){ $S.= $key ." : ". $value."\n";}mail(kurt@domain.co.uk','From Web Form', $S);?> underneath my form. Obviously, as soon as I opened the page it sent an empty message. I realise that I have to include a check to see if form is submitted. Still, for testing purposes: when I then entered data in all given fields the email got send to my given email address, but again empty. Why does it not send the data stored in $S? Do I need to use the additonal headers? Also when I include an if clause as if (isset($_POST['submitted'])){$S = '';foreach($_POST as $key=>$value){ $S.= $key ." : ". $value."\n";}mail('testing@metastar.co.uk','From Web Form', $S);} with <input type="submit" value="Submit" n name="submitted" /> no email gets send (or at least nothing arrives). What am I doing wrong here?Kurt Link to comment Share on other sites More sharing options...
jhecht Posted April 7, 2008 Share Posted April 7, 2008 check every part of the loop; if (isset($_POST['submitted'])){echo "We have gotten inside the IF statement";$S = '';foreach($_POST as $key=>$value){$S.= $key ." : ". $value."\n";}echo "Loop finished, final value:". $S;//mail('testing@metastar.co.uk','From Web Form', $S); //Since mailing isn't the issue, lets comment it out momentarily to make sure you don't receieve any extra emails.} One thing i noticed about your first example, however, is that you are missing a quote at the beginning of your email( its mail(kurt@domain.co.uk','From Web Form', $S); and notmail('kurt@domain.co.uk','From Web Form', $S).Tell me the value you get from that, or point me to the web address so i can figure it out from there Link to comment Share on other sites More sharing options...
kurt.santo Posted April 7, 2008 Author Share Posted April 7, 2008 Jhecht,Thanks for your input. I changed the single quotation mark and it works now. Emails arrive with relevant content. Cheers, mate!Another question in same context: I am working now on the form validatation. The code I use now is: if (isset($_POST['submitted'])){if (!empty($_REQUEST['name'])) {$name = stripslashes($_REQUEST['name']);} else {$name = NULL;echo '<p>Please enter your name!</p>';}$S = '';foreach($_POST as $key=>$value){ $S.= $key ." : ". $value."\n";}mail('kurt@domain.co.uk','From Web Form', $S);} As I put the code now on top of form it shows "Please enter your name!" on top of form. I think it might be easier for user to see the error next to the field where the input should be. How can you do that? Would be great if that was possible...Kurt Link to comment Share on other sites More sharing options...
justsomeguy Posted April 7, 2008 Share Posted April 7, 2008 Of course it's possible. You just need a way to tell the script which field has an error. So in addition to keeping track of error messages, you also need to keep track of where the messages go. When you're printing your form then you check to see if there is an error for a particular field. There are several different ways to do that, I would probably use an array of error messages and field names. Link to comment Share on other sites More sharing options...
kurt.santo Posted April 7, 2008 Author Share Posted April 7, 2008 Of course it's possible. You just need a way to tell the script which field has an error. So in addition to keeping track of error messages, you also need to keep track of where the messages go. When you're printing your form then you check to see if there is an error for a particular field. There are several different ways to do that, I would probably use an array of error messages and field names.Following your advice I created an error array with just two checks to start off with, will add more later on when it works. The code for error array and the form so far is: <?phpif (isset($_POST['submitted'])){// store errors in an array$errors = array();//check for name to be filled outif (!isset($_POST['name']) OR empty($_POST['name'])) {$errors[] = 'name';}//check for comments to be filled outif (!isset($_POST['comments']) OR empty($_POST['comments'])) {$errors[] = 'comments';}$S = '';foreach($_POST as $key=>$value){ $S.= $key ." : ". $value."\n";}mail('testing@domain.co.uk','From Web Form', $S);}?><form action="contact2.php" method="post"> <fieldset> <table> <tr> <td><label for="name">Name*</label></td><td class="right"><input type="text" id="name" name="name" maxlength="30" size="40" /></td></tr> <tr> <td> <label for="email">Email Address*</label></td><td class="right"><input type="text" id="email" name="email" maxlength="30" size="40" /></td></tr> <tr> <td><label for="email2">Confirm Email Address*</label></td><td class="right"><input type="text" id="email2" name="email2" maxlength="30" size="40" /></td></tr> <tr> <td><label for="telephone">Telephone</label></td><td class="right"><input type="text" id="telephone" name="telephone" maxlength="30" size="40" /></td></tr> <tr> <td height="198"><label for="comments">Comments*</label></td><td class="right"><textarea rows="11" cols="30" id="comments" name="comments" /></textarea></td></tr></table></fieldset></form> You how can I keep track of where the messages go? That is great that you can do that...Kurt Link to comment Share on other sites More sharing options...
justsomeguy Posted April 7, 2008 Share Posted April 7, 2008 If you're saving the field names in the array then when you get to each field in the HTML you would search through the array looking for an error message for that field. It would make the code a little cleaner if you put that into a function that you could just call once for each field. Link to comment Share on other sites More sharing options...
kurt.santo Posted April 7, 2008 Author Share Posted April 7, 2008 If you're saving the field names in the array then when you get to each field in the HTML you would search through the array looking for an error message for that field. It would make the code a little cleaner if you put that into a function that you could just call once for each field.I would have thought to use sth like: <tr> <td><label for="name"><?php if (empty($errors)) {echo 'Name*';exit;} else {echo 'You forgot to enter your name!';}</label></td><td class="right"><input type="text" id="name" name="name" maxlength="30" size="40" /></td></tr> but it throws me an error in the next line (next normal HTML field there). Also, what did you mean by putting everything in a function? Do I not to say that I need for example the error code for name from the array?Kurt Link to comment Share on other sites More sharing options...
justsomeguy Posted April 7, 2008 Share Posted April 7, 2008 You forgot to close the PHP code. What I mean by a function is instead of putting all of this for every field: if (empty($errors)) {echo 'Name*';exit;} else {echo 'You forgot to enter your name!';} you put this: <?php echo check_error("name", "Name*"); ?> it keeps the code cleaner. Then you put whatever error-checking logic you want into the check_error function, you only have to write it once. Link to comment Share on other sites More sharing options...
kurt.santo Posted April 7, 2008 Author Share Posted April 7, 2008 You forgot to close the PHP code. What I mean by a function is instead of putting all of this for every field:function check_error () {if (empty($errors['name'])) {echo 'Name*';exit;} else {echo 'You forgot to enter your name!';}if (empty($errors[comments])) {echo Comments*';exit;} else {echo 'You forgot to enter a comment!';}} Kurt Link to comment Share on other sites More sharing options...
justsomeguy Posted April 7, 2008 Share Posted April 7, 2008 Not necessarily. You would need to send the function the name of the field you want to look up, and default text to print if it didn't find an error. It would loop through the array looking for the name that you gave it, and if it found it then it would return the error message (I assume you're saving error messages also, not just names). If it didn't find it then it would return the default text instead. Also, have the function return the output instead of directly printing it, it will be more useful that way. Link to comment Share on other sites More sharing options...
kurt.santo Posted April 8, 2008 Author Share Posted April 8, 2008 Not necessarily. You would need to send the function the name of the field you want to look up, and default text to print if it didn't find an error. It would loop through the array looking for the name that you gave it, and if it found it then it would return the error message (I assume you're saving error messages also, not just names). If it didn't find it then it would return the default text instead. Also, have the function return the output instead of directly printing it, it will be more useful that way.Came up with: <?phpif (isset($_POST['submitted'])){// store errors in an array $errors = array(); //check for name to be filled out if (!isset($_POST['name']) OR empty($_POST['name'])) { $errors['name'] = 'Please fill out the name field'; } //check for email to be filled out if (!isset($_POST['email']) OR empty($_POST['email'])) { $errors['email'] = 'Please enter your email address'; } //check pattern of email address if (!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', $_POST['email'])) { $errors['email'] = 'Please enter a valid email address'; } //check for confirm email to be filled out if (!isset($_POST['email2']) OR empty($_POST['email2'])) { $errors['email2'] = 'Please confirm your email address'; } //check pattern of email address 2 if (!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', $_POST['email2'])) { $errors['email2'] = 'Please enter again the same valid email address'; } //check that email address 1 matches email address 2 if ($_POST['email'] != $_POST['email2']) { $errors['match'] = 'Please match Email Address and Confirm Email Address'; } //check for comments to be filled out if (!isset($_POST['comments']) OR empty($_POST['comments'])) { $errors['comments'] = 'Please enter your comments'; } if (empty($errors)) { echo 'Thank you for your enquiry. We will get back to you as soon as possible.'; $S = ''; foreach($_POST as $key=>$value){ $S.= $key ." : ". $value."\n"; } mail('testing@domain.co.uk','From Web Form', $S); } else { echo '<strong>There are some amendments necessary before we can sent your data.</strong>'; }}function check_error ($field, $text) {if (empty($errors[$field])) { echo $text; } else { echo $errors[$field]; }}?> <form action="contact3.php" method="post"> <fieldset> <table> <tr> <td><label for="name"><?php echo check_error("name", "Name*"); ?></label></td><td class="right"><input type="text" id="name" name="name" maxlength="30" size="40" /></td></tr> Which displays nicely the default text, but not the error text. If I change "if (empty($errors[$field])) " to "if (!empty($errors[$field])) " there is nothing being displayed. I would think that the problem lies somewhere in my error array, but after hours on end cannot figure out what is wrong. Does anyone know what is going wrong?Kurt Link to comment Share on other sites More sharing options...
justsomeguy Posted April 8, 2008 Share Posted April 8, 2008 The function doesn't have access to the $errors array, you either need to pass it in as another argument or make it global. function check_error ($field, $text) { global $errors; if (empty($errors[$field])) { echo $text; } else { echo $errors[$field]; }} Link to comment Share on other sites More sharing options...
kurt.santo Posted April 8, 2008 Author Share Posted April 8, 2008 The function doesn't have access to the $errors array, you either need to pass it in as another argument or make it global. //check for email to be filled out if (!isset($_POST['email']) OR empty($_POST['email'])) { $errors['email'] = 'Please enter your email address'; } //check pattern of email address if (!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', $_POST['email'])) { $errors['email'] = 'Please enter a valid email address'; } //check for confirm email to be filled out if (!isset($_POST['email2']) OR empty($_POST['email2'])) { $errors['email2'] = 'Please confirm your email address'; } //check pattern of email address 2 if (!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', $_POST['email2'])) { $errors['email2'] = 'Please enter again the same valid email address'; } //check that email address 1 matches email address 2 if ($_POST['email'] != $_POST['email2']) { $errors['match'] = 'Please match Email Address and Confirm Email Address'; } I am sorry to be so inquisitive, but I really want to get my head around those things and start off with to do it the best possible way...Kurt Link to comment Share on other sites More sharing options...
justsomeguy Posted April 8, 2008 Share Posted April 8, 2008 Use else to only test the later cases if the first one fails. Link to comment Share on other sites More sharing options...
kurt.santo Posted April 9, 2008 Author Share Posted April 9, 2008 Use else to only test the later cases if the first one fails.Thanks a lot! Does the trick. Almost happy with my form now...Kurt Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.