The input fields you use within the <FORM> tags will not matter
with our form handler script, as you'll see when we get to that script.
For now though let's view the HTML code for the form above:
<form
method="POST"
action="/path/to/form_handler.php">
Name: <input type="text"
name="contact_name"
size="20"><br>
Email: <input type="text"
name="email_address"
size="27"><br>
Website URL: <input
type="text"
name="web_url"
size="34"><br>
Message: <textarea rows="3"
name="message"
cols="42"></textarea></p>
<p align="center"><input
type="submit"
value="Submit">
<input type="reset"
value="Reset">
</form>
The bolded color items above are the form components. Note especially
the names of the input forms. The form action is the path to the
form_handler.php script that we will be creating.
For our contact info we used the following form input names:
contact_name - the name entered into the text content input
box
email_address - email entered into the text input box
web_url - website URL entered into the text input box
message - the comments entered in the textarea input box.
These are the 4 items of user input that we want to receive.
Form Validation on the server side using PHP
JavaScript is typically used to validate form info and while we could
go through how to do this, there is still a need to check the
information entered at the server level. The reason being that a
malicious user could setup their own form without the JavaScript
validation and submit to the script. So for data that is being input
into a file system or passed to another program it is always a good idea
to validate the data. Every field, if possible. So let's create a php
script to accept the 4 fields above and provide some basic checking. We
will use regular expressions to check the input fields for valid
information. The first PHP course contains a detailed discussion of
regular expressions: http://www.adultnetsurprise.com/learningzone/php/php_week_7.html
so one part of your to-do assignments is to read this course lesson if
you haven't already.
Now let's analyze what each fields info should contain as far as
allowable characters, spaces and symbols:
contact_name - can contain only spaces and no other characters
allowed. No HTML code. Must not be empty (must contain input of some
sort in the field).
email_address - does it look like a valid email address? No HTML code.
Must not be empty.
web_url - contains a http:// and no HTML code. Must not be empty.
message - can enter in anything except for HTML code (strip HTML). Must
not be empty.
PHP will convert the name of form input into variables by default, so
now our variable names will be: $contact_name, $email_address, $web_url
and $message
Next, let's look at the code to validate the form input using PHP and
regular expressions. First field of which is contact name.
if($contact_name) {
$contact_name = strip_tags($contact_name);
// contains letters and numbers only?
if(!eregi("^[a-z ]+$", $contact_name))
{
errorMsg("Contact Name can only
contain alphabetical letters and spaces");
}
} else {
errorMsg("Contact Name was left
blank");
}
The contact_name is checked and any errors are passed to the custom
function (which we will create next) called errorMsg(). The errorMsg()
function will print the error message and exit the program without
further execution. Here is the code for the errorMsg() function:
function errorMsg($msg) {
print("<HTML><BODY>
$msg
</BODY></HTML>
");
exit;
}
Next comes time to validate the email address the user entered. This
was covered in detail during week #6 of the first PHP course: http://www.adultnetsurprise.com/learningzone/php/php_week_6.html
So refer to that when making the code to validate the email address.
Detecting whether the URL is valid or not could involve something
advanced like trying to open a socket and attempt to connect to the URL
or as simple as just seeing if it looks like a URL. Refer to the regular
expression lesson mentioned earlier in this course text and see if you
can come up with a basic regular expression.
The last input field is $message and we can use the built-in
strip_tags function to strip the HTML tags out of this. You can read
details on this function in the php manual at: http://www.php.net/manual/en/function.strip-tags.php
Putting the form_handler.php script together ..
With all that said about validation in the last section, we don't
need to do a whole lot of actual validation for our form handler script
since we are just going to email all the input fields and their values
to the webmaster (you) the information obtained from the form. The ideal
form handler will handle any form input so that we don't have to rewrite
the php code special for every different contact form. If all we want is
the results mailed to us, this is only a couple of lines of PHP code.
Let's review the form_handler.php code:
<?
/* form_handler.php
by TDavid @ http://www.tdscripts.com/
Supplement to Script School course #6, lesson #2
Not made for resale, redistribution or publishing elsewhere
*/
$YOUREMAIL = 'youremail@yourdomain.com';
if(is_array($HTTP_POST_VARS)) {
reset($HTTP_POST_VARS);
while (list($key, $val) =
each($HTTP_POST_VARS)) {
$val = strip_tags($val); //
strip HTML tags
$thebody .= "$key: $val
\n";
$display .=
"<b>$key:</b> <font color=\"blue\">$val</font><br>";
}
}
$thebody = stripslashes($thebody);
$display = stripslashes($display);
if(mail($YOUREMAIL,
"Form submit from: $HTTP_REFERER", $thebody, "From: $YOUREMAIL\n"))
{
echo($display);
} else {
print("Unable to submit email. Please notify site
administrator.");
}
?>
The script above will cycle through all the input fields using the
HTTP_POST_VARS array and send you an email with the fields in the form
with HTML tags stripped out. If you want to allow HTML tags to be sent
to you, then you need to adjust the line with the strip_tags. If you
don't understand what this is doing, please stop by the tech chat, ask a
question on the course BBS or visit the weekly radio show.
Ok, we are ready to assemble the form and set the path the
form_handler.php script above, and this will form our to-do assignment
for this lesson.
TO-DO Assignment #2:
Create a unique contact form (do not
use the example I've given in the course text) that submits to your
form_handler.php script and emails the result of the form to you.
WEEK
2 discussion and questions - this is where you ask questions about
this course material and post your weekly "to-do" assignment.
WEEK
2 Workshop Review Tuesday July 23, 2002 5:00 PM Eastern / 2pm Pacific -
we will review this course material in a LIVE IRC workshop. You can get
here by using the JAVA link above or by using your favorite IRC client
and pointing to: irc.webmasterlive.com #netsurprise
Script School Live WEEK 2 Audio Review Friday July 26, 2002 5:00 PM
Eastern / 2:00PM Pacific - This is the audio recap for the course
material where you can call in and ask Q & A LIVE on the radio
Script
School Live CHAT (Java) irc.webmasterlive.com #scriptschool (IRC)
In lesson
#3 We'll be work on creating/designing a basic polling script.
TDavid
is co-owner, programmer and webmaster for several sites devoted to programming including
his own http://www.tdscripts.com/
He has done custom programming in various programming languages for companies all over the
world. Every Friday at 2pm PST you can catch his weekly radio show dedicated to the
technical side of webmastering and programming at http://www.scriptschool.com/radio
