Contact/Email Form - $_GET Variant Required

[Terror187]

Hi everyone,

I've been trying to configure these two files to work with the program I've been developing, To no avail unfortunately. I just spent more than four hours trying to get it to work with the $_GET variable instead of the $_POST variable. Before you ask, I did change the form method to GET. Basically I only got as far as katebellami did in one of the recent topics and, Had the same problem. So what I'm looking for is the more experienced coder to convert this two file contact/email form into a working $_GET variant. Once, I used to be able to code my own forum an ajax enable chat rooms. But, Now I have less time to dedicate to these sort of problems as I have a five month old daughter to take care of. Anyways, If you can help, It would be greatly appreciated!

I don't really need anyone to point out the lack of sanitization/validation in the two files below, I'm already aware of the missing elements. I'll toss those in once I have something that works an that I can commit to. What I need, Is for the second page to accept URL generated submissions based on the labels of the input fields in the first file. If you need clarification, Just ask.

contactform.html

Code:

<form name="contactform" method="post" action="send_form_email.php">
 
<table width="450px">
 
<tr>
 
 <td valign="top">
 
  <label for="first_name">First Name *</label>
 
 </td>
 
 <td valign="top">
 
  <input  type="text" name="first_name" maxlength="50" size="30">
 
 </td>
 
</tr>
 
<tr>
 
 <td valign="top"">
 
  <label for="last_name">Last Name *</label>
 
 </td>
 
 <td valign="top">
 
  <input  type="text" name="last_name" maxlength="50" size="30">
 
 </td>
 
</tr>
 
<tr>
 
 <td valign="top">
 
  <label for="email">Email Address *</label>
 
 </td>
 
 <td valign="top">
 
  <input  type="text" name="email" maxlength="80" size="30">
 
 </td>
 
</tr>
 
<tr>
 
 <td valign="top">
 
  <label for="telephone">Telephone Number</label>
 
 </td>
 
 <td valign="top">
 
  <input  type="text" name="telephone" maxlength="30" size="30">
 
 </td>
 
</tr>
 
<tr>
 
 <td valign="top">
 
  <label for="comments">Comments *</label>
 
 </td>
 
 <td valign="top">
 
  <textarea  name="comments" maxlength="1000" cols="25" rows="6"></textarea>
 
 </td>
 
</tr>
 
<tr>
 
 <td colspan="2" style="text-align:center">
 
  <input type="submit" value="Submit">   <a href="http://www.freecontactform.com/email_form.php">Email Form</a>
 
 </td>
 
</tr>
 
</table>
 
</form>

send_form_email.php

PHP Code:

<?php
 
if(isset($_POST['email'])) {
 
     
 
    // EDIT THE 2 LINES BELOW AS REQUIRED
 
    $email_to = "you@yourdomain.com";
 
    $email_subject = "Your email subject line";
 
     
 
     
 
    function died($error) {
 
        // your error code can go here
 
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
 
        echo "These errors appear below.<br /><br />";
 
        echo $error."<br /><br />";
 
        echo "Please go back and fix these errors.<br /><br />";
 
        die();
 
    }
 
     
 
    // validation expected data exists
 
    if(!isset($_POST['first_name']) ||
 
        !isset($_POST['last_name']) ||
 
        !isset($_POST['email']) ||
 
        !isset($_POST['telephone']) ||
 
        !isset($_POST['comments'])) {
 
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
 
    }
 
     
 
    $first_name = $_POST['first_name']; // required
 
    $last_name = $_POST['last_name']; // required
 
    $email_from = $_POST['email']; // required
 
    $telephone = $_POST['telephone']; // not required
 
    $comments = $_POST['comments']; // required
 
     
 
    $error_message = "";
 
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
 
  if(!preg_match($email_exp,$email_from)) {
 
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
 
  }
 
    $string_exp = "/^[A-Za-z .'-]+$/";
 
  if(!preg_match($string_exp,$first_name)) {
 
    $error_message .= 'The First Name you entered does not appear to be valid.<br />';
 
  }
 
  if(!preg_match($string_exp,$last_name)) {
 
    $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
 
  }
 
  if(strlen($comments) < 2) {
 
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
 
  }
 
  if(strlen($error_message) > 0) {
 
    died($error_message);
 
  }
 
    $email_message = "Form details below.\n\n";
 
     
 
    function clean_string($string) {
 
      $bad = array("content-type","bcc:","to:","cc:","href");
 
      return str_replace($bad,"",$string);
 
    }
 
     
 
    $email_message .= "First Name: ".clean_string($first_name)."\n";
 
    $email_message .= "Last Name: ".clean_string($last_name)."\n";
 
    $email_message .= "Email: ".clean_string($email_from)."\n";
 
    $email_message .= "Telephone: ".clean_string($telephone)."\n";
 
    $email_message .= "Comments: ".clean_string($comments)."\n";
 
     
 
     
 
// create email headers
 
$headers = 'From: '.$email_from."\r\n".
 
'Reply-To: '.$email_from."\r\n" .
 
'X-Mailer: PHP/' . phpversion();
 
@mail($email_to, $email_subject, $email_message, $headers);  
 
?>
 
 
 
<!-- include your own success html here -->
 
 
 
Thank you for contacting us. We will be in touch with you very soon.
 
 
 
<?php
 
}
 
?>

[traq]

As I mentioned in katebellami's thread, I've seen this tutorial around before, and it's really not very good.

To answer your question, if you've already changed the form method to GET, simply replace all instances of "$_POST" in the php script with "$_GET". If you're running into some other problem, please explain further.

As for adding sanitization/validation "later," I'll simply say that that is not the best approach. Generally speaking, you will either waste a lot of extra time rewriting your code to accommodate the changes, or you won't do it at all. Doing it from the start will result in more secure, more efficient code, and will take less time to write over all.

[Terror187]

As I mentioned in katebellami's thread, I've seen this tutorial around before, and it's really not very good.

To answer your question, if you've already changed the form method to GET, simply replace all instances of "$_POST" in the php script with "$_GET". If you're running into some other problem, please explain further.

As for adding sanitization/validation "later," I'll simply say that that is not the best approach. Generally speaking, you will either waste a lot of extra time rewriting your code to accommodate the changes, or you won't do it at all. Doing it from the start will result in more secure, more efficient code, and will take less time to write over all.

Thanks for taking the time to reply to my topic traq, But I was clear on what I needed.

To elaborate on what I've previously done. I replaced the $_POST values with $_GET values accordingly in both files, Which only lead me to a blank page after hitting submit. The $_GET values can be observed in the URL, But no email is sent or, Indication of such.

[traq]

I understood that you changed the form method, but I was not sure if you had changed all of the superglobals. Can you show us the actual code you are working with?

There are two reasons you might get a blank page.

First, you might have a fatal error. Many webhosts show a blank page in this case, for security reasons. During development, you want to make sure that php's error messages are displayed - you can change these settings in your php.ini file. If you have a runtime error (and not a parse error), you can change the settings temporarily at the top of the script:

PHP Code:

<?php
error_reporting(-1); ini_set('display_errors',1);

Again, the code you posted looks fine, but we would need to see the code you're using.

Second, you might have a typo in your if() condition. That's why I mentioned making sure all of the superglobals were replaced: if the if() condition still used $_POST['email'] after you switched the form method to GET, then the script wouldn't do anything.

[Terror187]

I understood that you changed the form method, but I was not sure if you had changed all of the superglobals. Can you show us the actual code you are working with?

There are two reasons you might get a blank page.

First, you might have a fatal error. Many webhosts show a blank page in this case, for security reasons. During development, you want to make sure that php's error messages are displayed - you can change these settings in your php.ini file. If you have a runtime error (and not a parse error), you can change the settings temporarily at the top of the script:

PHP Code:

<?php
error_reporting(-1); ini_set('display_errors',1);

Again, the code you posted looks fine, but we would need to see the code you're using.

Second, you might have a typo in your if() condition. That's why I mentioned making sure all of the superglobals were replaced: if the if() condition still used $_POST['email'] after you switched the form method to GET, then the script wouldn't do anything.

Thanks again for your reply traq, You brought something to my attention that I had been overlooking the entire time. Which was in the very first line on the second page, Being the $_POST['email']. I hadn't changed that to $_GET for some reason. Now everything is working fine, All I have to do is add security measures. Feel free to close/delete this topic now as my problem is resolved.

[traq]

in the very first line on the second page, Being the $_POST['email']. I hadn't changed that to $_GET for some reason. Now everything is working fine…

Glad to hear it.

Feel free to close/delete this topic now as my problem is resolved.

If your question has been answered, please mark your thread "resolved":

• On your original post (post #1), click [edit], then click [go advanced].
• In the "thread prefix" box, select "Resolved".
• Click [save changes].