Please check form code - something is screwed up (probably me!)

[DennisA]

This is what I have for the form (in short version) along with the text area and submit button.

The form shows up OK on the Internet http://www.lakegenevapieco.com/test_product_list.php

 

The problem is when I fill it out & submit it doesn't do two things:

1) It doesn't E-Mail me the information

2) It doesn't say, Thank you for using our mail form. It actually says page not available.

 

Here is the code:

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<title>Products to be listed on the web site for the month of</title>
</head>

<body>
  Products to be listed on the web site for the month of 
  <select size="1" name="MONTH">
  <option selected>PICK MONTH</option>
  <option>1-JANUARY</option>
  <option>2-FEBUARY</option>
  <option>3-MARCH</option>
  <option>4-APRIL</option>
  <option>5-MAY</option>
  <option>6-JUNE</option>
  <option>7-JULY</option>
  <option>8-AUGUST</option>
  <option>9-SEPTEMBER</option>
  <option>10-OCTOBER</option>
  <option>11-NOVEMBER</option>
  <option>12-DECEMBER</option>
  </select> <select size="1" name="YEAR">
  <option selected>PICK YEAR</option>
  <option>2010</option>
  <option>2011</option>
  <option>2012</option>
  <option>2013</option>
  <option>2014</option>
  <option>2015</option>
  </select></p>
  <p><input type="checkbox" name="PumpkinSB" value="ON"> Pumpkin   
  Price increase to
  <input type="text" name="PriceIncreaseTo151" size="20" value="$"></p>
  <p><input type="checkbox" name="PumpkinWalnutSB" value="ON"> Pumpkin Walnut   
  Price increase to
  <input type="text" name="PriceIncreaseTo152" size="20" value="$"></p>
  <p><input type="checkbox" name="RaspberrySB" value="ON"> Raspberry   
  Price increase to
  <input type="text" name="PriceIncreaseTo153" size="20" value="$"></p>
  <p> </p>
  <p> </p>
  <p>
<?php
function spamcheck($field)
  {
  //filter_var() sanitizes the e-mail
  //address using FILTER_SANITIZE_EMAIL
  $field=filter_var($field, FILTER_SANITIZE_EMAIL);

  //filter_var() validates the e-mail
  //address using FILTER_VALIDATE_EMAIL
  if(filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
  else
    {
    return FALSE;
    }
  }

if (isset($_REQUEST['email']))
  {//if "email" is filled out, proceed

  //check if the email address is invalid
  $mailcheck = spamcheck($_REQUEST['email']);
  if ($mailcheck==FALSE)
    {
    echo "Invalid input";
    }
  else
    {//send email
    $email = $_REQUEST['email'] ;
    $subject = $_REQUEST['subject'] ;
    $message = $_REQUEST['message'] ;
    mail("myemail@mia.net", "Subject: $subject",
    $message, "From: $email" );
    echo "Thank you for using our mail form";
    }
  }
else
  {//if "email" is not filled out, display the form
  echo "<form method='post' action='mailform.php'>
  Email: <input name='email' type='text' /><br />
  Subject: <input name='subject' type='text' /><br />
  Message:<br />
  <textarea name='message' rows='15' cols='40'>
  </textarea><br />
  <input type='submit' />
  </form>";
  }
?>

</p>
</form>

</body>

</html>

[rwwd]

Non of the options have values, so the $_POST data from the selects isn't available from when the form is submitted.

 

And please don't use the $_REQUEST global as this will open you up to security issues, use $_POST or $_GET depending on how your doing your links/forms.

 

Nice to see the "filter_var($field, FILTER_VALIDATE_EMAIL)" in the wild too, I have been advocating this method of sanitising for ages, it's a lot better than using preg_ functions as you don't need to know regex; but the parsers on regex engine for this functions 'option' is HUGE -  I have found it on the php.net website somewhere, HUGE!!

 

Please clean all incoming data that you intend to use in this email too, you don't want any malicious data injections now; especially if this could end up in a mysql database or the like..

 

Rw

[snowman15]

I'm not really sure what your trying to accomplish here (probably because this is a dumbed down version of your code),

but when you declare 'mailform.php' as your action to your email form, it is going to pass the $_request variables to 'mailform.php'. Your code is trying to pull the form variables from the page the form is actually on. This would only work if you declared your action='test_product_list.php'.

 

So you have two options the way I see it,

1. you create mailform.php and make sure its in the same directory on your server as test_product_list.php. You will then be able to write php code in mailform.php to use the $_REQUEST variables. again this is because you defined your form action as mailform.php.

Another suggestion is to use the $_POST variables for your forms. Read up on them here:

http://www.w3schools.com/php/php_post.asp

 

2. your second option is to set the action to the same page as your form (more advanced version). This would require you to set your form action as the same page (test_product_list.php). This allow you to check if the $_REQUEST variables are set and run your email code.

 

Without either of these options, your $_REQUEST variables are NOT EVER entering the email script because the email script is not on the page that your form ACTION= is set. These variables also disappear after they've reached your ACTION= page.

 

Hope this helps!

[DennisA]

I'm a newbie & this is going to take me a month of Sundays to figure out.

However, I will go back to that link and figure out what I did wrong.

Let me tell you that I really appreciate the time & effort that you people take to help us newbies!

Maybe one day I too will be able to give back.