HTML / PHP form
I am trying to code an all in one HTML/PHP contact from with error checking. When I load this file in my browser there is not HTML. I am a newb php programmer so most likely forgot something pretty obvious.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transition开发者_Go百科al//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>All In One Feedback Form</title>
</head>
<body>
<?
$form_block = "
<input type=\"hidden\" name=\"op\" value=\"ds\">
<form method=\"post\" action=\"$server[PHP_SELF]\">
<p>Your name<br />
<input name=\"sender_name\" type=\"text\" size=30 value=\"$_POST[sender_name]\" /></p>
<p>Email<br />
<input name=\"sender_email\" type=\"text\" size=30 value=\"$_POST[sender_email]\"/></p>
<p>Message<br />
<textarea name=\"message\" cols=30 rows=5 value=\"$_POST[message]\"></textarea></p>
<input name=\"submit\" type=\"submit\" value=\"Send This Form\" />
</form>";
if ($_POST[op] != "ds") {
//they see this form
echo "$form_block";
} else if ($_POST[op] == "ds") {
if ($_POST[sender_name] == "") {
$name_err = "Please enter your name<br>";
$send = "no";
}
if ($_POST[sender_email] == "ds") {
$email_err = "Please enter your email<br>";
$send = "no";
}
if ($_POST[message] == "ds") {
$message_err = "please enter message<br>";
$send = "no";
}
if ($send != "no") {
//its ok to send
$to = "jack@xxxxxxx.com.au";
$subject = "All in one web site feed back";
$mailheaders = "From: website <some email address@hhhh.com> \n";
$mailheaders .= "Reply-To: $_POST[sender_email]\n";
$msg = "Email sent from this site www.ccccc.com\n";
$msg .= "Senders name: $_POST[senders_name]\n";
$msg .= "Sender's E-Mail: $_POST[sender_email]\n";
$msg .= "Message: $_POST[message]\n\n";
mail($to, $subject, $msg, $mailheaders);
echo "<p>Mail has been sent</p>";
}
else if ($send == "no") {
echo "$name_err";
echo "$email_err";
echo "$message_err";
echo "$form_block";
}
}
?>
</body>
</html>
FYI I am trying the example from a book named PHP 6 Fast and Easy Wed Development
UPDATE!!!
The code I see via view source is this.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>All In One Feedback Form</title>
</head>
<body>
<input type="hidden" name="op" value="ds">
<form method="post" action="">
<p>Your name<br />
<input name="sender_name" type="text" size=30 value="" /></p>
<p>Email<br />
<input name="sender_email" type="text" size=30 value=""/></p>
<p>Message<br />
<textarea name="message" cols=30 rows=5 value=""></textarea></p>
<input name="submit" type="submit" value="Send This Form" />
</form></body>
</html>
Try switching the tags
'<?' to: '<?php'
Your development environnement may not recognize short tags, thus producting an empty page.
When you access the source code of the page, do you see the doctype/html/body tags ?
You can use html with php as follows
<?php if ($_POST[op] != "ds") { ?>
<input type="hidden" name="op" value="ds">
<form method="post\" action=\"$server[PHP_SELF]\">
/* your html code here */
</form>";
<php } else if ($_POST[op] == "ds") { ?>...............
Your left out some dashes when trying to access some of the $_POST and $_SERVER varibles.
Example: It's $_POST['op'] and not $_POST[op]
also $_SERVER[PHP_SELF] and not $server[PHP_SELF]
( ! ) Notice: Undefined variable: server in /home/vidves/public_html/www01/test.php on line 14
Call Stack
# Time Memory Function Location
1 0.0011 111512 {main}( ) ../test.php:0
( ! ) Notice: Undefined index: sender_name in /home/vidves/public_html/www01/test.php on line 16
Call Stack
# Time Memory Function Location
1 0.0011 111512 {main}( ) ../test.php:0
( ! ) Notice: Undefined index: sender_email in /home/vidves/public_html/www01/test.php on line 18
Call Stack
# Time Memory Function Location
1 0.0011 111512 {main}( ) ../test.php:0
( ! ) Notice: Undefined index: message in /home/vidves/public_html/www01/test.php on line 20
Call Stack
# Time Memory Function Location
1 0.0011 111512 {main}( ) ../test.php:0
( ! ) Notice: Use of undefined constant op - assumed 'op' in /home/vidves/public_html/www01/test.php on line 25
Call Stack
# Time Memory Function Location
1 0.0011 111512 {main}( ) ../test.php:0
( ! ) Notice: Undefined index: op in /home/vidves/public_html/www01/test.php on line 25
Call Stack
# Time Memory Function Location
1 0.0011 111512 {main}( ) ../test.php:0
Found it. Your hidden input field is not inside the form tags and does not get sent when the form is submitted which does not trigger the rest of the PHP code.
So, instead of:
...
<input type=\"hidden\" name=\"op\" value=\"ds\">
<form method=\"post\" action=\"$server[PHP_SELF]\">
...
Swap them round like::
...
<form method=\"post\" action=\"$server[PHP_SELF]\">
<input type=\"hidden\" name=\"op\" value=\"ds\">
...
Very naughty.
As a stylistic tip, you may want to read up on the HEREDOC syntax. You could do your form building and variable assignment without all the escaping:
$form_block = <<<EOL
<input type="hidden" name="op" value="ds">
<form method="post" action="$_SERVER[PHP_SELF]">
<p>Your name<br />
<input name="sender_name" type="text" size=30 value="$_POST[sender_name]" /></p>
<p>Email<br />
<input name="sender_email" type="text" size=30 value="$_POST[sender_email]"/></p>
<p>Message<br />
<textarea name="message" cols=30 rows=5 value="$_POST[message]"></textarea></p>
<input name="submit" type="submit" value="Send This Form" />
</form>
EOF;
Also be aware that blindly inserting user-provided data into the form as you are (sender_name and sender_email) can lead to trivial cross-site-scripting attacks. Consider what would happen if the user filled out the form and included a double-quote in either field, but caused a form error some other way (e.g: double quote in sender_name, but left sender_email blank). The double-quote gets inserted into the form and prematurely terminates the "value" attribute of the input field.
To mitigate this, pass all values that will be inserted into the form through htmlspecialchars()
first, which will escape any special characters.
Some installations care about file-extensions, is your file called *.html or *.php?
It is not uncommon that *.html is just sent out to the client, while the *.php parsed by the php-engine and then to the client.
精彩评论