Log in

View Full Version : Form issues



kristiec
02-27-2011, 01:26 AM
I have created a form using the below php. I have a couple of issues...

1.The form seems to be working except it is not showing the sender's name/email in the 'from' section... how can I get it to show the sender's email?

2.Is there some sort of coding I can add to help prevent spam from coming through? I saw once on a form where it asked a question and below it said 'so we know you are not a machine'. What is the code to add this extra security to the form?

Any assistance is greatly appreciated.

Here is the php the form is using....




<?php

$EmailFrom = "";
$EmailTo = "nina@make-upbynina.com";
$Subject = "Make-up Inquiry";
$Name = Trim(stripslashes($_POST['Name']));
$Email = Trim(stripslashes($_POST['Email']));
$Message = Trim(stripslashes($_POST['Message']));

// validation
$validationOK=true;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
exit;
}

// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";

// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$Email>");

// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.make-upbynina.com/form-reply.php\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>

[Nicolas]
02-27-2011, 01:52 AM
Simple for showing user's email. Here, in the PHP: $_REQUEST['from']
And in your form from the other page, simply add this: <input type="text" name="from" id="from">
(You don't absolutely need the ID in the HTML)
I'm not sure if it will work, but it's a guess. As for your other question, I'm not sure. How about Captcha? You could use PHP to write some Captcha.
EDIT: Added single quotes, forgot it's in some code with " 's......

traq
02-27-2011, 02:52 AM
Can you show your html markup? It may be something as simple as a typo.

I would not recommend the use of $_REQUEST in this case. If you're not getting your desired value from the $_POST array, that means something is wrong - you're not getting the info from the form as you intended. $_REQUEST opens up your script to the query string and cookies, which may produce errors or unintended results (best case) or create a security hole (worst case).

kristiec
03-02-2011, 01:12 AM
Here is the html for the form:




<div id="form">
<form class="feedbackform" method="post" action="http://make-upbynina.com/scgi-bin/contactengine.php">

<div class="fieldwrapper">
<label for="username" class="styled">Your Name:</label>
<div class="thefield">
<input type="text" id="username" value="" size="40" />
</div>
</div>

<div class="fieldwrapper">

<label for="email" class="styled">Email address:</label>
<div class="thefield">
<input type="text" id="email" value="" size="40" /><br />
</div>
</div>

<div class="fieldwrapper">
<label for="about" class="styled">Message:</label>
<div class="thefield">

<textarea id="about"></textarea>
</div>
</div>

<div class="buttonsdiv">
<input type="submit" value="Submit" style="margin-left: 150px;" /> <input type="reset" value="Reset" />
</div>

</form>

</div>

fastsol1
03-02-2011, 01:26 AM
I am surprised you are getting any of the POST info considering you have all the fields labeled different than what you call the POST[].
Like you call $_POST['Name'] but you call the field username, so that shouldn't even work.
Also I am not totally sure but you call $_POST['Email'] but it's labeled email in lowercase, so that may be the issue too.

traq
03-02-2011, 01:29 AM
The POST variables your script is using don't match the form's field names.

For example, your script is looking for $_POST['Email'], whereas the field it actually needs is named email (yes, capitalization matters).

It gets worse - $_POST['Name'], as far as I can tell, should actually be $_POST['username'], and $_POST['message'] should be $_POST['about'].

You should also change all of your input id's to names (POST uses name, not id).

for example:


<!-- in your html form -->
<input type="text" id="username" name="username" value="" size="40" />
<input type="text" id="email" name="email" value="" size="40" />
<textarea id="about" name="about"></textarea>


// in your php script
$Name = trim(stripslashes($_POST['username']));
$Email = trim(stripslashes($_POST['email']));
$Message = trim(stripslashes($_POST['about']));




fastsol by 2-1/2 minutes! :p :D

kristiec
03-02-2011, 01:45 AM
Thank you... I will try this. But I got a question... in the HTML do I still need the

id="username" -as well as- name="username"?

You said Post doesn't use id so do I need to keep this in there? And if yes, why? (I'm new to php so I'm trying to figure out the logic)

Thank you again for your help.

traq
03-02-2011, 02:45 AM
For this particular purpose, no, you don't need to keep the id.

I don't know if there's anything else on your page that might be using it (css, jQuery, etc.), so I won't automatically tell you to throw it out. and leaving it as-is shouldn't cause any problems, either.