spacepoet Posted January 31, 2011 Share Posted January 31, 2011 Hi: I have few small issues with a Contact Us form I am putting together. 1 - When quotes or apostrophes are added to the input fields, they get turned into '\ (slashes). The "myCodeLib.php" file has a function to remove the slashes. I use it in the same way in the admin area and it works fine, so I don't see what I am missing: <?php //STRIP SLASHES if(get_magic_quotes_gpc()) { $_POST = array_map('stripslashes',$_POST); $_GET = array_map('stripslashes',$_GET); $_COOKIE = array_map('stripslashes',$_COOKIE); } ?> 2 - A small issuse, but the Email validation doesn't seem to work entirely. It will accept a single character (like an "a") as valid, but it looks like it's suppose to check for a format like "a@a.com" 3 - How can I properly SPAN this code that write out the error: echo $error; I want to do <span class="textError">echo $error;</span> to make it red but I keep getting a snytax error This is the full code: include('include/myConn.php'); include('include/myCodeLib.php'); <?php $error = NULL; $myDate = NULL; $FullName = NULL; $Address = NULL; $City = NULL; $State = NULL; $Zip = NULL; $Phone = NULL; $Email = NULL; $Website = NULL; $Comments = NULL; if(isset($_POST['submit'])) { $myDate = $_POST['myDate']; $FullName = $_POST['FullName']; $Address = $_POST['Address']; $City = $_POST['City']; $State = $_POST['State']; $Zip = $_POST['Zip']; $Phone = $_POST['Phone']; $Email = $_POST['Email']; $Website = $_POST['Website']; $Comments = $_POST['Comments']; if(empty($FullName)) { $error .= '-- Enter your Full Name. <br />'; } if(empty($Email) || preg_match('~^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$~',$Email)) { //<- if email is empty, or doesn't follow the expression. $error .= '-- Enter your Email. <br />'; //<- this is the error message. } if($error == NULL) { $sql = sprintf("INSERT INTO myContactData(myDate,FullName,Address,City,State,Zip,Phone,Email,Website,Comments) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')", //<-database structure must be right. mysql_real_escape_string($myDate), mysql_real_escape_string($FullName), mysql_real_escape_string($Address), mysql_real_escape_string($City), mysql_real_escape_string($State), mysql_real_escape_string($Zip), mysql_real_escape_string($Phone), mysql_real_escape_string($Email), mysql_real_escape_string($Website), mysql_real_escape_string($Comments)); if(mysql_query($sql)) { $error .= 'Thank you for your comment!'; } else { $error .= 'There was an error in our Database, please Try again!'; } } } echo $error; $myDate = $_REQUEST['myDate'] ; $FullName = $_REQUEST['FullName'] ; $Address = $_REQUEST['Address'] ; $City = $_REQUEST['City'] ; $State = $_REQUEST['State'] ; $Zip = $_REQUEST['Zip'] ; $Phone = $_REQUEST['Phone'] ; $Email = $_REQUEST['Email'] ; $Website = $_REQUEST['Website'] ; $Comments = $_REQUEST['Comments'] ; mail( "email@website.com", "Contact Request", "Date Sent: $myDate\nFull Name: $FullName\nAddress: $Address\n City: $City\n State: $State\n Zip: $Zip\n Phone: $Phone\n Email: $Email\n Website: $Website\n Comments: $Comments\n", "From: $Email" ); ?> <form name="myform" action="" method="post"> <input type="hidden" name="myDate" size="45" maxlength="50" value="<?php echo date("F j, Y"); ?>" /> <div id="tableFormDiv"> <fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">* - Required</span></span> <span class="floatFormLeft"> </span></fieldset> <fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">*</span> Full Name:</span> <span class="floatFormLeft"><input type="text" name="FullName" size="45" maxlength="50" value="<?php echo $FullName; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Address:</span> <span class="floatFormLeft"><input type="text" name="Address" size="45" maxlength="50" value="<?php echo $Address; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">City:</span> <span class="floatFormLeft"><input type="text" name="City" size="45" maxlength="50" value="<?php echo $City; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">State:</span> <span class="floatFormLeft"><input type="text" name="State" size="45" maxlength="50" value="<?php echo $State; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Zip:</span> <span class="floatFormLeft"><input type="text" name="Zip" size="45" maxlength="50" value="<?php echo $Zip; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Phone:</span> <span class="floatFormLeft"><input type="text" name="Phone" size="45" maxlength="50" value="<?php echo $Phone; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">*</span> Email:</span> <span class="floatFormLeft"><input type="text" name="Email" size="45" maxlength="50" value="<?php echo $Email; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Website:</span> <span class="floatFormLeft"><input type="text" name="Website" size="45" maxlength="50" value="<?php echo $Website; ?>" /></span></fieldset> <fieldset><span class="floatLeftFormWidth">Comments:</span> <span class="floatFormLeft"><textarea name="Comments" cols="40" rows="10"><?php echo $Comments; ?></textarea></span></fieldset> </div> <input type="submit" name="submit" value="Submit" class="submitButton" /><br /> </form> </div> Can someone please help me with this... Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 31, 2011 Share Posted January 31, 2011 first, include()'s outside of <?php ?> tags will not be included but will be displayed as plain text in the browser include('include/myConn.php'); include('include/myCodeLib.php'); <?php Quote Link to comment Share on other sites More sharing options...
spacepoet Posted January 31, 2011 Author Share Posted January 31, 2011 Oh yes, I know that - they are in the correct tags in my code: <?php include('include/myConn.php'); include('include/myCodeLib.php'); ?> I stripped-out some of the formatting code and forgot to added them, but I know that's not what is causing the issue. That's the main issue I want to resolve - the other two aren't that important. But, I can't get the "slash" thing figured out ... Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 31, 2011 Share Posted January 31, 2011 The "myCodeLib.php" file has a function to remove the slashes. I don't see a function definition in that bit of code. Are we missing it, or do you not actually mean "a function"? Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted January 31, 2011 Share Posted January 31, 2011 In response to wanting to put the error into a <span>, you cannot directly mix HTML and PHP. You have two (and a half) options. HTML in PHP <?php echo '<span class="textError">' . $error . '</span>'; // Single Quotes do not read for variables in the text. echo "<span class=\"textError\">$error</span>"; // Double quotes do look for variables in a string, but once they start getting really long, it is quicker to use single quotes ?> PHP in HTML <span class="textError"><?= $error; ?></span> Quote Link to comment Share on other sites More sharing options...
spacepoet Posted February 1, 2011 Author Share Posted February 1, 2011 I don't see a function definition in that bit of code. Are we missing it, or do you not actually mean "a function"? Well, I thought it was a function. I was having the same issue with "slashes" in the admin side, and someone on this board showed me that little chunk of code, which fixed the issue... ?? Yes, I am confused .. This is the admin code: <?php include('../include/myConn.php'); //contains your mysql connection and table selection include('../include/myCodeLib.php'); include('include/myCheckLogin.php'); include('include/myAdminNav.php'); include('ckfinder/ckfinder.php'); include('ckeditor/ckeditor.php'); //if statement deals with posted form: will be ignored if form has not been posted. //mysql_real_escape_string sanitizes in case of injection //ideally I would use a line like //$myTitle=mysql_real_escape_string($_REQUEST['mytitle']; outside of the query //and in the query have //myTitle=$myTitle, if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string($_POST['myTitle']); $myDesc = mysql_real_escape_string($_POST['myDesc']); $myHeader = mysql_real_escape_string($_POST['myHeader']); $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']); $myPageData = mysql_real_escape_string($_POST['myPageData']); $sql = " UPDATE myAccommodations SET myTitle = '$myTitle', myDesc = '$myDesc', myHeader = '$myHeader', mySubHeader = '$mySubHeader', myPageData = '$myPageData' "; mysql_query($sql) && mysql_affected_rows() ?> <script language="JavaScript"> alert("This page was updated!"); location.href = "a_Accommodations.php"; </script> <?php }//end if statement //now we want to pull all data from the table myAccommodations to populate form $query=mysql_query("SELECT * FROM myAccommodations") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myTitle=$result['myTitle']; $myDesc=$result['myDesc']; $myHeader=$result['myHeader']; $mySubHeader=$result['mySubHeader']; $myPageData=$result['myPageData']; }//end while ?> <!DOCTYPE HTML> <html> <head> <meta charset="ISO-8859-1" /> <title>Admin Area</title> <?php echo spAdminLinks(); ?> </head> <body> <div id="siteContainer"> <div id="topContainer"> <?php echo spAdminTopMenu(); ?> </div> <div id="topMenuContainer"> <div id="topMenu"> <?php echo spAdminMenu(); ?> </div> </div> <div id="contentContainer"> <div id="mainContent"> <h1>Editing: Accommodations</h1> <p> <form method="post" action="<?php echo $PHP_SELF;?>"> <input type="hidden" name="POSTBACK" value="EDIT"> <div style="float: left; width: 120px; margin-right: 30px;"> Page Title: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myTitle"><?php echo $myTitle; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Description: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myDesc"><?php echo $myDesc; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Header: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myHeader"><?php echo $myHeader; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page SubHeader: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="mySubHeader"><?php echo $mySubHeader; ?></textarea> </div> <div style="clear: both;"><br /></div> Page Content:<br /> <textarea cols="80" id="myPageData" name="myPageData"><?php echo $myPageData; ?></textarea> <script type="text/javascript"> CKEDITOR.replace( 'myPageData', { filebrowserBrowseUrl : 'ckfinder/ckfinder.html', filebrowserImageBrowseUrl : 'ckfinder/ckfinder.html?Type=Images', filebrowserFlashBrowseUrl : 'ckfinder/ckfinder.html?Type=Flash', filebrowserUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Files', filebrowserImageUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Images', filebrowserFlashUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Flash' } ); </script> <br /> <input type="submit" value="Submit" /> </form> </p> </div> <div style="clear: both;"></div> </div> <div id="footerContainer"> <?php echo spAdminFooter(); ?> </div> </div> </body> </html> Is it possibly because this uses UPDATE, and the form is using INSERT ?? The SPAN issue - thanks! I'm still trying to get the syntax for PHP down. I will make a note of this. Quote Link to comment Share on other sites More sharing options...
spacepoet Posted February 1, 2011 Author Share Posted February 1, 2011 One issue I just noticed also - Where should I have the send "mail" code ... If I click "Submit" as the form currently is, the validation prevents the data from getting submitted into the database (as it should) but it is sending a blank email. Am I using the "mail" feature correctly? I can't figure out if I need all the $myDate = $_REQUEST['myDate'] ; $FullName = $_REQUEST['FullName'] ; etc ... or is this duplicating the emails, or completely unneeded .. Thanks for all the help! Quote Link to comment Share on other sites More sharing options...
spacepoet Posted February 2, 2011 Author Share Posted February 2, 2011 Hi: I have fixed all the small issues I was having on my Contact form, except for the "quotes" being turned into "slashes" in the INPUT fields of my form. Can anyone tell me what I'm missing? Quote Link to comment Share on other sites More sharing options...
spacepoet Posted February 2, 2011 Author Share Posted February 2, 2011 Cancel that - it seems to be working now .. perhaps I've been staring at code too long .. lol .. Thanks for all the replies in this! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.