MY PHP FORM

[reflex84]

Hi,I've got a problem with a form on my website.I got tickboxes on my form which always seems to complicate things for me and the problem ONLY occurs when I DON'T tick the checkboxes - I get error messages for each tickbox that hasn't been ticked:Notice: Undefined index: check1 in c:\domains\xxxxxxx.co.za\wwwroot\newprocess.php on line 358Notice: Undefined index: check2 in c:\domains\xxxxxxx.co.za\wwwroot\newprocess.php on line 366Notice: Undefined index: check3 in c:\domains\xxxxxxx.co.za\wwwroot\newprocess.php on line 374etc etc ... (it goes on like this for each tickbox.BUT when I tick each tickbox - my form goes through like normal!Now the error and coding picked up in line 358 for example ( like i mentioned above ) looks like this:<td valign="top">' . $_POST['check1'].'<br> <td valign="top">'.$_POST['product1'].'</td>Can anybody see anything wrong with this code that gives me these error messages?Please help - thanks!!!Dale

[justsomeguy]

Checkboxes that aren't checked don't get submitted to the server. So when you're looking for $_POST['check1'], if the check1 box was not checked, then $_POST['check1'] does not exist. You can use isset to check if something is set before using it.<td valign="top">' . (isset($_POST['check1']) ? $_POST['check1'] : '') .'<br> ...

[supertrucker]

Thats a valid expression? I thought it had to be like:x = (condition) ? a : b;I didn't realize you could throw it in like that.Thanks,ST

[jeffman]

x = (condition) ? a : b is actually a combination of statements, but so commonly used that it feels like one.The way the ternary part works is this:(does A evaluate to true)? if so, return B: if not, return C;Setting x equal to that expression simply sets it to the return value, B or C. In JSG's example, he has omitted the C portion. That simply means that when the condition is false, the return value will be false. It's a sweet shortcut for a four-line if-else expression, especially when the else does nothing. Used unwisely, it can be a real mess for the person who ends up revising your code. I think this case is not only straightforward, but reads more like human language, which is always a plus.You can put nearly anything in the A position, as long as it can be resolved to true or false. So you'll often see a separate ternary supplied in the B or C position.

[reflex84]

Thanks JUSTSOMEGUY!!You're a legend - my form is working 100%!I honestly didn't think the change was going to work (because that just my hard luck when it comes to FORMS)but now its working!!Thanks again!Dale.

[justsomeguy]

No problem.Everything should be there. If a ternary operator takes this form:c ? a : byou can see those here:<td valign="top">' . (isset($_POST['check1']) ? $_POST['check1'] : '') .'<br> ...

[reflex84]

All this reminds me of the days I did badly at maths!!You guys definitly know what you're doing and know your maths! lol!"ternary operator"? - what does that mean?Anyway you don't have to really explain - I probally won't understand a thing - haha!I guess when theres a problem - I'll ask for your guys help.

[smartalco]

think of it as a really slick/cheating way to do an if statement

[justsomeguy]

Ternary means that there are 3 (3 what?). Binary indicates 2. Most operators are binary operators, they have 2 operands. There are also some unary operators that only have one operand. We call the ternary operator "the ternary operator" because it's the only ternary operator in PHP, there is no other operator that has 3 operands (or more than 2). Unary operators:++, --e.g. $a++;Binary operators:+, -, =, *, /, %, &, |, &&, || etce.g. $a + $b ($a and $b are the two operands to the plus operator)In a language where you can define your own operators like C++ it becomes a little more clear. If I have a custom class that I created, and I want to define the plus operator for that class, I can write a function like this:myclass operator+(myclass operand_A, myclass operand_ ...And then when I "add" two instances of my class together...myclass A;myclass B;A + B;it runs the function I defined above with those two operands. This is called operator overloading, where you can redefine any operator for any type of operands. PHP doesn't support operator overloading.The ternary operator is the only ternary operator, so it takes three operands. The ternary operator is actually just a shorthand if/else statement, so the three operands are the condition to evaluate, the expression to evaluate if the condition is true, and the expression to evaluate if the condition is false. The return value of the operator is the result of the expression that got evaluated. These two are the same:$a = $b ? $c : $d;if ($ $a = $c;else $a = $d;Other than "the ternary operator", it's also referred to as the ?: operator.

[reflex84]

Ok now you're just showing off! lolDo you know all this off hand? Man thats hectic stuff! Coding must take a WHILE to learn!!Hey well since we are writing on this forum ... Would you know how to strengthen forms? IE: to prevent spam more.My form uses the validation system (Graphic that has numbers on it) but apparently a few of my clients who has this form still gets SPAM Emails and some get quite a few daily(they getting fed up with it - bottom line) - So I am not sure if this validation system is working all that well!... and I'm pretty sure SPAMBOTS are doing this - but how are they getting past the 'number graphic'?Here is the code at the top of my form that links to this validation system: session_start(); include("verification_image.class.php"); $image = new verification_image(); if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") { header('Location: http://www.examplewebsite.co.za/fail.htm'); exit; }And then at the real bottom of my php form ... there is more code that links to this validation system:'; $headers = "From: $from\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($to, $subject, $sBodyNew, $headers); header('Location: http://www.examplewebsite.co.za/successenquiry.htm'); Looks I've heard about EMAIL INJECTIONS - type of SPAM?If you could help - again i'd appreciate it MAJOR!d.

[justsomeguy]

Do you know all this off hand? Man thats hectic stuff! Coding must take a WHILE to learn!!

They teach all this stuff in college.For email forms, the method I use is just to use random names for the form elements. If you name your fields "email" and "name" or whatever then a spam bot is going to be able to identify those and fill them in. If you name them "ad93jsd892" and "d92jd934jf" then a spam bot won't know what to do with that. For extra points, have additional fields with the normal names, like "email" or "subject", but use CSS to hide the fields so a normal user doesn't see them. If those fields are filled in then you know it's a spam bot. I like that method because it doesn't require a normal user filling out the form to do anything special. Captcha images are a decent idea, even though they annoy me, but there are just as many people working on breaking captchas as there are people working on strengthening them. Even Yahoo's and Hotmail's captchas have been broken.Check this thread for info about exploiting email forms:http://w3schools.invisionzone.com/index.php?showtopic=16773

[reflex84]

Captcha's - thats what they called!!Thanks - I'll definitly use that bit of advise with regards to naming the fields RANDOM.Now when it comes to hiding 1 or 2 fields - is this just a test to see if a SPAMBOT filled in the form ?To do this HIDING of fields - I would use a css style like this:http://www.w3schools.com/css/tryit.asp?fil...ycss_visibilityI am busy reading that link you gave me - looks interesting! Will get back to you!

[reflex84]

OK so what I have gathered from that LINK you gave me to read - I must make sure my FROM field in my php form is VALIDATED.And to do this is to add the code:

<?PHP// Create the syntactical validation regular expression$regexp = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$";// Presume that the email is invalid$valid = 0;// Validate the syntaxif (eregi($regexp, $email)){list($username,$domaintld) = split("@",$email);if (getmxrr($domaintld,$mxrecords))$valid = 1;} else {$valid = 0;}return $valid;}

Where about do I add this code in my php form? - is there anything I have to edit in this code?

[reflex84]

Here is my PHP form:

 <?	session_start();	include("verification_image.class.php");	$image = new verification_image();	if (($image->validate_code($_POST['validate']) ? "true" : "false") == "false") {		header('Location: http://www.examplewebsite.co.za/fail.htm');			exit;	}	$to = "example@email.co.za"; 	$from = $_POST['email']; 	$subject = "Miniwebs Enquiry"; 	$sbody = '<table width="420" height="135" border="0" align="center" cellpadding="0" cellspacing="0">				<!--DWLayoutTable-->				<tr>				  <td height="90" colspan="5"><div align="center">Reservation & Enquiries Submission Form </div></td>				</tr>				<tr>				  <td height="25" colspan="3" align="center" valign="middle"><span class="style7">Full Name</span></td>				  <td width="180" valign="top">'.$_POST['name'].'</td>				  <td width="42"> </td>				</tr>				<tr>				  <td height="25" colspan="3" align="center" valign="middle"><span class="style7">Email</span></td>				  <td valign="top">'.$_POST['email'].'</td>				  <td> </td>				</tr>				<tr>				  <td height="25" colspan="3" align="center" valign="middle"><span class="style7">Contact number</span></td>				  <td valign="top">'.$_POST['num'].'</td>				  <td> </td>				</tr>				<tr>				  <td height="35" colspan="3" align="center" valign="bottom"><span class="style7">Enquiry</span></td>				  <td colspan="2" rowspan="2" valign="middle">'.$_POST['enquiry'].'</td>				</tr>				<tr>				  <td width="84" height="108" align="center" valign="middle"><!--DWLayoutEmptyCell--> </td>				  <td width="69" align="center" valign="middle"><!--DWLayoutEmptyCell--> </td>				  <td width="17"> </td>				</tr>				<tr>				  <td height="17"></td>				  <td></td>				  <td></td>				  <td></td>				  <td></td>				</tr>			  </table>';	$sBodyNew = '<style type="text/css"><!--.style {	font-family: Arial;	font-size: 12px;	color: #4D241E;}body {	background-image: url();	background-color: #F1EAE4;}.style1 {font-size: 14px}--></style><p> </p><table width="420" border="0" align="center" cellpadding="0" cellspacing="5">  <tr>	<td><table width="100%"  border="0" cellpadding="8" cellspacing="0" bgcolor="#E7D3AF" class="style">	  <tr>		<td colspan="2" valign="top"><div align="center"><strong><span class="style1">examplewebsite.co.za Enquiry</span><br> ......................................................................................................................</strong><br> </div></td>		</tr>	  <tr>		<td width="32%" valign="top"><div align="left"><strong>Date Submitted</strong></div></td>		<td width="68%" valign="top">'. date("F j, Y, g:i a") .'</td>	  </tr>	  <tr>		<td valign="top"><div align="left"><strong>Name</strong></div></td>		<td valign="top">'.$_POST['name'].'</td>	  </tr>	  <tr>		<td valign="top"><div align="left"><strong>Email</strong></div></td>		<td valign="top">'.$_POST['email'].'</td>	  </tr>	  <tr>		<td valign="top"><div align="left"><strong>Contact number</strong></div></td>		<td valign="top">'.$_POST['num'].'</td>	  </tr>	  <tr>		<td valign="top"><div align="left"><strong>Enquiry</strong></div></td>		<td valign="top">'.$_POST['enquiry'].'</td>	  </tr>	</table></td>  </tr></table>';			  	$headers  = "From: $from\r\n";	$headers .= "Content-type: text/html\r\n"; 	$success = mail($to, $subject, $sBodyNew, $headers);			  	header('Location: http://www.examplewebsite.co.za/successenquiry.htm');	?>

[justsomeguy]

The code you posted above isn't going to work as-is, it's part of a function (but only part of it). If you remove the return statement and the last closing bracket then the code will set $valid to 1 if the email is in a valid format and if the domain exists and contains a DNS record for a mail server. You would want to use that code before sending the mail to determine if you should continue sending it.