开发者

Form sending mail despite validation errors

问答 作者:

I have just built my first PHP contact form with validation and yet it is sending an email regardless. I must have missed something. Can anyone spot it?

<?php if($_SESSION['instance'] == '1') {

    $email = $_POST['ENQemail'];
    $firstname = $_POST['ENQfirst_name'];
    $lastname = $_POST['ENQla开发者_Go百科st_name'];
    $message = $_POST['ENQmessage'];
    $secword = $_POST['ENQsecword'];



  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    $ERRemail = 'invalid email address';
  }
  if (strlen($firstname < 2)) {

    $ERRfirstname = 'Please enter your first name';
  }
  if (strlen($lastname < 2)) {

    $ERRlastname = 'Please enter your surname';
  }
  if (strlen($message < 50)) {

    $ERRmessage = 'Your message must be at least 50 characters';
  }
  if ($secword == $_SESSION['instance']) {

    $ERRsecword = 'Your security word did not match the image';
  }

  else {

      $to = "enquire@divethegap.com";
  $subject = "DTG Enquiry - ".$firstname." ".$lastname ;
  $message = $message;
  $headers = "From: ".$firstname." ".$lastname." ".$email. "\r\n" .
             "Content-type: text/html" . "\r\n";

  mail($to, $subject, $message, $headers);


  }
    }
?>

Any ideas?

The else statement that contains the email-sending code is only associated with the previous if statement. This means that the only time it will not be called is if $secword == $_SESSION['instance'] evaluates to false. It doesn't matter whether the other validation checks succeed or not.

One strategy is to keep track of all the errors that occurred by storing them in an array. If the array is empty, then you know all the fields are OK and that it is safe to send the email:

$errors = array();
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
  $errors[] = 'invalid email address';
}
if (strlen($firstname < 2)) {
  $errors[] = 'Please enter your first name';
}
//...

if (count($errors) == 0){
  //send the email
  mail(...);
} else {
  //display the error messages
}

Your code looks pretty good otherwise! Here are some other suggestions:

  • In order to use sessions in PHP, you must first call the session_start() function. This should be the very first thing your PHP script does.

  • The ereg() function has been deprecated in the latest version of PHP. This means that the function may be removed in a future version of PHP. It is recommended that you use the preg_match() function instead (note that with preg_match(), the regex string must begin and end with a / character).

At the bottom is a fixed version of the logic. You missed the "else if"s.

Also the following line looks like it should check for inequality but it depends on your code so you would know better:

if ($secword == $_SESSION['instance'])

Here is the full fix:

    <?php if($_SESSION['instance'] == '1') {

    $email = $_POST['ENQemail'];
    $firstname = $_POST['ENQfirst_name'];
    $lastname = $_POST['ENQlast_name'];
    $message = $_POST['ENQmessage'];
    $secword = $_POST['ENQsecword'];



  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    $ERRemail = 'invalid email address';
  }
  else if (strlen($firstname < 2)) {

    $ERRfirstname = 'Please enter your first name';
  }
  else if (strlen($lastname < 2)) {

    $ERRlastname = 'Please enter your surname';
  }
  else if (strlen($message < 50)) {

    $ERRmessage = 'Your message must be at least 50 characters';
  }
  else if ($secword == $_SESSION['instance']) {

    $ERRsecword = 'Your security word did not match the image';
  }

  else {

      $to = "enquire@divethegap.com";
  $subject = "DTG Enquiry - ".$firstname." ".$lastname ;
  $message = $message;
  $headers = "From: ".$firstname." ".$lastname." ".$email. "\r\n" .
             "Content-type: text/html" . "\r\n";

  mail($to, $subject, $message, $headers);


  }
    }
?>

You're doing all the validations independent of each other and you send out the email if the security image is correct irrespective of whether everything else passed the check or not because your else to send the email matches up with the if ($secword == $_SESSION['instance']) {

You could do one of the following:

  1. Change all the ifs but the first to elseifs so that only if all checks pass will the last else (which sends the email) be entered

    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    $ERRemail = 'invalid email address';
}
elseif (strlen($firstname < 2)) {
    $ERRfirstname = 'Please enter your first name';
}
elseif (strlen($lastname < 2)) {
    $ERRlastname = 'Please enter your surname';
}
elseif (strlen($message < 50)) {
    $ERRmessage = 'Your message must be at least 50 characters';
}
elseif ($secword == $_SESSION['instance']) {
    $ERRsecword = 'Your security word did not match the image';
}
else {
  $to = "enquire@divethegap.com";
  $subject = "DTG Enquiry - ".$firstname." ".$lastname ;
  $message = $message;
  $headers = "From: ".$firstname." ".$lastname." ".$email. "\r\n" . "Content-type: text/html" . "\r\n";

  mail($to, $subject, $message, $headers);
}

  2. Set a flag indicating if any check failed. And at the end, only send the email if everything worked out:

    $isValid = true;

if(invalidEmail){
    $isValid =false;
}

if(invalidName){
    $isValid =false;
}

//finally send mail if all validation passed
if($isValid) {
   //send email
}

继续阅读:formsphpvalidation

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9