-----Original Message----- From: php-objects@xxxxxxxxxxxxxxx [mailto:php-objects@xxxxxxxxxxxxxxx] On Behalf Of Chris Sent: 31 January 2006 05:09 To: php-objects@xxxxxxxxxxxxxxx Subject: RE: How do you make a form unusable by spammers please? Hi Patrick, Many thanks for the help - would you be able to show a complete page with that on at all please? I'm not exactly sure where it all goes ;-( Chris Simple form and script to process form. Uses sessions. Script directs user back to form page if input errors. If no errors, script stores data in MySQL table and sends a notification email and directs to a thank you page. *****************************Form************************************ <?php session_start(); $errors = array(); $formVars = array(); if(isset($_SESSION['formErrors'])) { $errors = $_SESSION['formErrors']; $formVars = $_SESSION['wFormVars']; } //function to display input errors function fieldError($fieldName, $errors) { if (isset($errors[$fieldName])) echo $errors[$fieldName]; }//end field error ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Simple form</title> </head> <body> <form action="path to contact_script.php" method="post" enctype="multipart/form-data" name="form_inform"> <table width="95%" border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="2"><?php if ($errors) { echo "<p class=\"errorText\">OOPS! You have errors</p>"; } else { echo "<p> </p>"; } ?> </td> </tr> <tr> <td class="tableText">name</td> <td><?php if ($errors) { echo "<span class=\"errorText\">"; fieldError("fName", $errors); echo "<br /></span>"; } ?><input name="fName" type="text" class="contactBox" value="<?php echo $formVars['fName']; ?>" /> </td> </tr> <tr> <td class="tableText">email</td> <td><?php if ($errors) { echo "<span class=\"errorText\">"; fieldError("email", $errors); echo "<br /></span>"; } ?><input name="email" type="text" class="contactBox" value="<?php echo $formVars['email']; ?>" maxlength="60" /> </td> </tr> <tr> <td class="tableText">tel</td> <td><?php if ($errors) { echo "<span class=\"errorText\">"; fieldError("tel", $errors); echo "<br /></span>"; } ?><input name="tel" type="text" class="contactBox" value="<?php echo $formVars['tel']; ?>" maxlength="10" /> </td> </tr> <tr> <td colspan="2"><div align="center"> <input type="hidden" name="page" value="contact" /> <input name="contactIn" type="submit" value="Submit" class="informBut" /> </div></td> </tr> </table> </form> <?php session_unregister('wFormVars'); session_unregister('formErrors'); ?> </body> </html> **************************************************contact_script to process form************************************ <?php session_start(); include_once ('connect_dr.inc'); //function to clean data function cleanUserInput($in, $len) { $in = substr(trim($in), 0, $len); $in = preg_replace("/[\r\n]+[\s\t]*[\r\n]+/", "", $in); $in = escapeshellcmd($in); return $in; } //db error function showError($con) { die("Error " . mysql_errno($con) . " : " . mysql_error($con)); } $errors = array(); foreach($_POST as $varname => $value) { $formVars[$varname] = cleanUserInput($value, 50); } //depending from which page the request comes - assign certain variables switch ($formVars['page']) { case 'home': $locator = "page to redirect if errors"; $sql = "insert statement"; $subject = "message"; $to = "email to"; break; case 'contact': $locator = "page to redirect if errors"; $sql = "2nd insert statement"; $subject = "2nd message"; $to = "to"; break; default: echo "error in switch"; exit; } //data validation if (array_key_exists("fName", $formVars) && empty($formVars['fName'])) $errors['fName'] = "Please fill in an name"; $validEmail = "^[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*@[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%& _-])*$"; if (array_key_exists("email", $formVars) && empty($formVars['email'])) $errors['email'] = "E-mail - mandatory"; elseif (array_key_exists("email", $formVars) && !eregi($validEmail, $formVars['email'])) $errors['email'] = "E-mail - incorrect format"; elseif (array_key_exists("email", $formVars) && strlen($formVars["email"] > 60)) $errors['email'] = "E-mail - longer than 60 characters"; if (array_key_exists('tel', $formVars) && empty($formVars['tel'])) { $errors['tel'] = "Please enter a telephone number"; } elseif(array_key_exists('tel', $formVars) && !ereg("^([0-9]{10})$", $formVars['tel'])) { $errors['tel'] = "Telephone number must be 10 digits and no spaces"; } //check for errors if (count($errors)) { $_SESSION['formErrors'] = $errors; $_SESSION['wFormVars'] = $formVars; header("Location: " . $locator); mysql_close(); exit; } //add to db user input if(!$result = mysql_query($sql, $con)) showError($con); //send mail $headers = "MIME-Version: 1.0\n"; //additional headers $headers .= "From: from email\n"; $headers .= "Cc: cc email\n"; $message = "Message\n"; $message .= "Name: " . $formVars['fName'] . "\n"; $message .= "Email: " . $formVars['email'] . "\n"; $message .= "Tel: " . $formVars['tel'] . "\n"; //and now mail it mail($to, $subject, $message, $headers); $_SESSION['thankYou'] = "Thank you " . $formVars['fName'] . " complete thank you message"; header ("Location: path to thank you page"); mysql_close(); exit; ?> Hope this helps Patrick PHP Data object relational mapping generator http://www.metastorage.net/ SPONSORED LINKS Programming languages Object oriented programming Php developer Computer security C programming language Computer programming languages YAHOO! GROUPS LINKS Visit your group "php-objects" on the web. To unsubscribe from this group, send an email to: php-objects-unsubscribe@xxxxxxxxxxxxxxx Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. PHP Data object relational mapping generator http://www.metastorage.net/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-objects/ <*> To unsubscribe from this group, send an email to: php-objects-unsubscribe@xxxxxxxxxxxxxxx <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
