473,727 Members | 2,015 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Omitting certain $key / $Val from being sent thru form

4 New Member
Hi all and happy holidays!
I should start off by stating I am NOT a PHP programmer.
I say that so that in any response to me, you will speak very s-l-o-w-l-y or I won't know what you're talking about ;-)
I have this form processor script that I basically pieced together from 3 different scripts.
The script includes a CAPTCHA image verification, which works fine.
The problem I am having is that when the form is processed, the results e-mailed to me also include the $key and $val for both the verification number ('secure') and the 'Submit' function.
Here is that section of the HTML:
[HTML]
<tr>

<td>Security Code</td>
<td><input type="text" name="secure"/>
</td>
</tr>
<tr>
<td><img src="captcha_im age.php" alt="security image" border="0"/></td>
<td>
<input type="submit" name="submit" value="Send"/></td>
</tr>

[/HTML]

Now, is there any way to have all the data entered into the form sent to me except for the "secure" and "submit"?
Also, it would be nice to have form results sent to me read like:
Event Description:
instead of:
event_descripti on
but that is not my main concern.

Anyway, below is the code in question.
Thanks :)


[php]
<?php
session_start() ;

//PAGE VARS
$err = '';
$Message = '';

//FORM PROCESSING
if (isset($_POST['submit'])) {
// clean and check form inputs including the secure image code
$name = trim(strip_tags ($_POST['name']));
$email = trim(strip_tags ($_POST['email']));
$phone = trim(strip_tags ($_POST['phone']));
$event_title = trim(strip_tags ($_POST['event_title']));
$event_date_and _time = trim(strip_tags ($_POST['event_date_and _time']));
$event_location = trim(strip_tags ($_POST['event_location ']));
$event_phone_nu mber = trim(strip_tags ($_POST['event_phone_nu mber']));
$event_price = trim(strip_tags ($_POST['event_price']));
$event_descript ion = trim(strip_tags ($_POST['event_descript ion']));

$secure = strtoupper(trim (strip_tags($_P OST['secure'])));
$match = $_SESSION['captcha']; // the code on the image

// input error checking
if ($name=="") {
$err.= "Please provide your name<br/>";
}
if (!$email) {
$err.= "Please provide your email address<br>";
}
if ($email) {
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
$err.= $email. " is not a valid email address.<br/>";
}
}
if ($phone=="") {
$err.= "Please provide your phone number<br/>";
}

if ($event_title== "") {
$err.= "Please provide the title of the event<br/>";
}

if ($event_date_an d_time=="") {
$err.= "Please provide the date and time of the event<br/>";
}

if ($event_locatio n=="") {
$err.= "Please provide the location of the event<br/>";
}

if ($event_phone_n umber=="") {
$err.= "Please provide a phone number for the venue<br/>";
}

if ($event_price== "") {
$err.= "Please provide the price to attend the event<br/>";
}

if ($event_descrip tion=="") {
$err.= "Please provide a description for the event<br/>";
}



if (!$secure) {
$err.= "No security code entered<br/>";
}
if (($secure!=$mat ch) && ($secure!="")) {
$err.= "Security code mismatch<br/>";
}

//if error free
if ($err=="") {

//Start Pieced in
$MailToAddress = "rik408@yahoo.c om";
$MailSubject = "Club Event Submission";
$MailFromAddres s = ( isset($email) && $email != '') ? $email : 'noReply@myDoma in.com';
//end pieced in

//start pieced in: this may be a major trouble spot, since it is preceeded by another "if" statement
if (!is_array($HTT P_POST_VARS))
return;
reset($HTTP_POS T_VARS);
while(list($key , $val) = each($HTTP_POST _VARS)) {
$GLOBALS[$key] = $val;
$val=stripslash es($val);
$Message .= "$key = $val\n";
}


mail( "$MailToAddress ", "$MailSubje ct", "$Message", "From: $MailFromAddres s");


header("Locatio n: http://www.metroactive .com/contact/thanks.html");
//end pieced in
exit();
}//end if error free

}// end if submit

//PAGE PROCESSING



?>
[/php]


[html]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Trolls go away</title>
<style type="text/css">
body,td {
font-family:arial, helvetica, sans-serif;
background:#fff ;
color:#000;
font-size:12px;
}
input, textarea {
background:#eee ;
color:#000;
font-size:12px;
border:1px solid #000;
}
</style>
</head>
<body>
<?php
if ($err!="") {
echo "<strong>Fo rm Error(s)</strong><br/>";
echo "<font color='#cc3300' >". nl2br($err). "</font><br/>";
}
?>

<form name="captcha" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<table cellpadding="3" cellspacing="2" style="border:1 px dotted #667;">
<tr>
<td>Name:</td><td><input type="text" name="name" value="<?php if(isset($_POST['name']))echo $_POST['name'];?>"/></td>
</tr>
<tr>
<td>Email:</td><td><input type="text" name="email" value="<?php if(isset($_POST['email']))echo $_POST['email'];?>"/></td>
</tr>
<tr>
<td>Daytime Phone: </td>
<td><input type="text" name="phone" value="<?php if(isset($_POST['phone']))echo $_POST['phone'];?>"/></td>
</tr>
<tr>
<td>Club Event Title:</td><td><input type="text" name="event_tit le" value="<?php if(isset($_POST['event_title']))echo $_POST['event_title'];?>"/></td>
</tr>
<tr>
<td>Date and Time:</td><td><input type="text" name="event_dat e_and_time" value="<?php if(isset($_POST['event_date_and _time']))echo $_POST['event_date_and _time'];?>"/></td>
</tr>
<tr>
<td>Location: </td><td><input type="text" name="event_loc ation" value="<?php if(isset($_POST['event_location ']))echo $_POST['event_location '];?>"/></td>
</tr>
<tr>
<td>Venue Phone Number:</td><td><input type="text" name="event_pho ne_number" value="<?php if(isset($_POST['event_phone_nu mber']))echo $_POST['event_phone_nu mber'];?>"/></td>
</tr>
<tr>
<td>Price</td><td><input type="text" name="event_pri ce" value="<?php if(isset($_POST['event_price']))echo $_POST['event_price'];?>"/></td>
</tr>
<tr>
<td valign="top">Ev ent Description:</td>
<td><textarea rows="5" columns="30" name="event_des cription"><?php if(isset($_POST['event_descript ion']))echo $_POST['event_descript ion'];?></textarea></td>
</tr>
<tr>

<td>Security Code</td>
<td><input type="text" name="secure"/>
</td>
</tr>
<tr>
<td><img src="captcha_im age.php" alt="security image" border="0"/></td>
<td>
<input type="submit" name="submit" value="Send"/></td>
</tr>
</table>
</form>
</body>
</html>
[/html]
Nov 26 '06 #1
6 2654
ronverdonk
4,258 Recognized Expert Specialist
You can replace the code after text "start pieced in: " with the following code. It (a) excludes entries in the $exclude array (now contains secure and submit) and (b) it replaces any keys you'd like to replace, as described in your post, with the values from array $replace. Have a look and see if it is what you were looking for:
[php]
//start pieced in: this may be a major trouble spot, since it is preceeded by another "if" statement

// this array contains the keys to be replaced by better texts
$replace = array("send_ema il_to" => "Send Email To",
"event_descript ion" => "Event Description",
"whatever else" => "Whatever You want"
);
// this array holds the key names to exclude from print/email
$exclude = array ("secure", "submit");

if (!is_array($_PO ST))
return;
foreach($_POST as $key => $val) {
// exclude certain key names
if (!in_array($key , $exclude)) {
// if $key in translate table, replace
if (array_key_exis ts($replace, $key))
$Message .= $replace[$key];
// key not in table, use $key
else
$Message .= $key;
$val=stripslash es($val);
$Message .= "= $val\n";

} // end if (array_key

} // end IF (!in_array

} // end FOREACH[/php]
Ronald :cool:
Nov 26 '06 #2
Spycat
4 New Member
Hi Ronald,

Thanks for your fast reply - I appreciate it :)
I hope you have infinite patience, cuz I think I did something wrong.
When I load the form I get 9 instances of this:
Warning: array_key_exist s() [function.array-key-exists]: The second argument should be either an array or an object in /home/chocolat/public_html/test/clubs/test4.php on line 114
(NOTE: Line 114= "if (array_key_exis ts($replace, $key))")

And 1 instance of this:
Warning: Cannot modify header information - headers already sent by (output started at /home/chocolat/public_html/test/clubs/test4.php:114) in /home/chocolat/public_html/test/clubs/test4.php on line 144
(NOTE: Line 144=" header("Locatio n: http://www.metroactive .com/contact/thanks.html"); ")

Here's what I put:
[php]
<?php
session_start() ;

//PAGE VARS
$err = '';
$Message = '';

//FORM PROCESSING
if (isset($_POST['submit'])) {
// clean and check form inputs including the secure image code
$name = trim(strip_tags ($_POST['name']));
$email = trim(strip_tags ($_POST['email']));
$phone = trim(strip_tags ($_POST['phone']));
$event_title = trim(strip_tags ($_POST['event_title']));
$event_date_and _time = trim(strip_tags ($_POST['event_date_and _time']));
$event_location = trim(strip_tags ($_POST['event_location ']));
$event_phone_nu mber = trim(strip_tags ($_POST['event_phone_nu mber']));
$event_price = trim(strip_tags ($_POST['event_price']));
$event_descript ion = trim(strip_tags ($_POST['event_descript ion']));

$secure = strtoupper(trim (strip_tags($_P OST['secure'])));
$match = $_SESSION['captcha']; // the code on the image

// input error checking
if ($name=="") {
$err.= "Please provide your name<br/>";
}
if (!$email) {
$err.= "Please provide your email address<br>";
}
if ($email) {
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
$err.= $email. " is not a valid email address.<br/>";
}
}
if ($phone=="") {
$err.= "Please provide your phone number<br/>";
}
if ($event_title== "") {
$err.= "Please provide the title of the event<br/>";
}
if ($event_date_an d_time=="") {
$err.= "Please provide the date and time of the event<br/>";
}
if ($event_locatio n=="") {
$err.= "Please provide the location of the event<br/>";
}
if ($event_phone_n umber=="") {
$err.= "Please provide a phone number for the venue<br/>";
}
if ($event_price== "") {
$err.= "Please provide the price to attend the event<br/>";
}
if ($event_descrip tion=="") {
$err.= "Please provide a description for the event<br/>";
}
if (!$secure) {
$err.= "No security code entered<br/>";
}
if (($secure!=$mat ch) && ($secure!="")) {
$err.= "Security code mismatch<br/>";
}
//if error free
if ($err=="") {
//Start Pieced in

$MailToAddress = "rik408@yahoo.c om";
$MailSubject = "Club Event Submission";
$MailFromAddres s = ( isset($email) && $email != '') ? $email : 'noReply@myDoma in.com';
//end pieced in

//start pieced in: this may be a major trouble spot, since it is preceeded by another "if" statement
// this array contains the keys to be replaced by better texts

$replace = array ("name" => "Name",
"email" => "Sender's e-mail",
"phone" => "Phone Number",
"event_titl e" => "Event Title",
"event_date_and _time" => "Event Date & Time",
"event_location " => "Event Location",
"event_phone_nu mber" => "Venue Phone Number",
"event_pric e" => "Price to Attend",
"event_descript ion" => "Event Description",
);

// this array holds the key names to exclude from print/email
$exclude = array ("secure", "submit");

if (!is_array($_PO ST))
return;
foreach($_POST as $key => $val) {
// exclude certain key names
if (!in_array($key , $exclude)) {
// if $key in translate table, replace
if (array_key_exis ts($replace, $key))
$Message .= $replace[$key];
// key not in table, use $key
else
$Message .= $key;
$val=stripslash es($val);
$Message .= "= $val\n";
} // end if (array_key

} // end IF (!in_array

} // end FOREACH

mail( "$MailToAddress ", "$MailSubje ct", "$Message", "From: $MailFromAddres s");

header("Locatio n: http://www.metroactive .com/contact/thanks.html");
//end pieced in
exit();
}//end if error free

// end if submit

//PAGE PROCESSING
?>
[/php]

See anything glaringly obvious I might have done?
Nov 26 '06 #3
ronverdonk
4,258 Recognized Expert Specialist
The first message is due to my fault, I switched the 2 parms. Statement must be:
[php] // if $key in translate table, replace
if (array_key_exis ts($key, $replace))[/php]

The second one is because you have already outputted something to the screen. To start, take that header("Locatio n: http://www.metroactive .com/contact/thanks.html"); statement out and see first if the message parm replace and the email send works.
If so, we can look at the header() statement.

Ronald :cool:
Nov 26 '06 #4
Spycat
4 New Member
PS The form is no longer validating anything :(
Nov 26 '06 #5
Spycat
4 New Member
Hi Ron,

It sends the results perfectly now both with and without header("Locatio n: included..
The problem is, even if no data is entered (regular or verification number) the data is still processed and sent to me.
Nov 26 '06 #6
ronverdonk
4,258 Recognized Expert Specialist
There are some problems in your code/form:
  • when an error is found, the code should drop to the form, redisplaying everything that is already keyed in. In your lates code I cannot see that happening. Where is the code going when an error is encountered?
  • the captcha verification statement yields 'valid' when the text not equal captcha text AND the text not equal empty, so: if I enter nothing the captcha yields VALID.
  • your form is soon to be the target of (at least) spammers. You have no field cleansing, no content checking and no validity checking.

In short: as long as you fill in your form and make no real errors, it will pass fine (except for its vulnerabilty for spammers and hackers!!). But as soon as you deviate you'll run into problems.

Ronald :cool:
Nov 26 '06 #7

Sign in to post your reply or Sign up for a free account.

Similar topics

1
4039
by: JDJones | last post by:
I have a form I'm putting together. The processing will be on a PHP script that will take all the field names and print them out on the email it sends to me. No problem there. But what I'd like to do is have it exclude printing the field name and value when there are any blank values in the field. The processing part of the script is this: if (is_array($val)) { for ($z=0;$z<count($val);$z++) {
6
9865
by: Charlie | last post by:
Dear all, I am stuck on this problem, couldn't find an answer on any C++ book in the bookshop. Following is a cut of my program, and its error message: ============================================ 280 map<char,vector<int> > _dict; 281 char* op_addr = op.get_address(); 282 int op_time = op.get_time_stamp();
9
2358
by: Susan Bricker | last post by:
Greetings. I am having trouble populating text data that represents data in my table. Here's the setup: There is a People Table (name, address, phone, ...) peopleID = autonumber key There is a Judge Table (information about judges) judgeID = autonumber key
8
1670
by: CA | last post by:
Hi, I have a function where I would like to test whether an object is of a certain type. Here is my code so far. public bool HasValidType(Type t, object val) { try { if (t==typeof(double))
2
1774
by: Alan Foxmore | last post by:
Hi Everyone, I'm new to ASP.NET so maybe this is easy. I'm using ASP.NET 2.0. I'm finding that the Application object (the HttpApplicationState object) is allowing me to add the same key multiple times. The easiest way to describe the problem is to just show you. In my Page_Load() I have this code:
4
7625
by: nkoier | last post by:
Hi, I've been going crazy trying to figure out what's wrong with our Asp.Net 2.0 intranet site. At the very top of our main page I provide a TextBox and a Button for submitting Google searches. Recently somebody pointed out to me that you can't just press ENTER anymore after typing in the TextBox but that you HAVE to click on the submit Button WITH THE MOUSE for it to work. After some initial troubleshooting I discovered that it's only...
0
942
by: ashes | last post by:
Hi all, In Ms Access, I have a Customer table and a Credit Card table. The CustomerID field is a primary key in the Credit Card table. Both tables already have sample data in it. So, when a customer wants to purchase a product, they proceed to checkout and payment. They fill out the payment form where their credit card information is inputted. When the customer submits the form , the system checks to see if the information is...
5
3244
by: Gordon | last post by:
I'm working on a reset password script for my CMS, that will generate a random password and email it to a user when they request one. The problem I am having is that the mails being sent out are beign marked as spam by our internal mail system and never reaching users' inboxes. I've also discovered that Yahoo Mail considers these mails to be spam, but it moves them to the spam folder instead of just dropping them. I wrote a simple...
5
2894
by: PotatoChip | last post by:
I'm trying to work out how to format a custom primary key using the current year as part of the key. I've copied code which I use 'OnCurrent' for the form. The code I've copied is: Private Sub Form_Current() If Me.NewRecord Then Me!RDNo = Format(Nz(DMax("val()", "TblDocumentRequests"), 0) + 1, "000000") End If End Sub What this should do (based on what it does in my other table) is automatically update the primary key plus one of...
0
9406
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9260
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9185
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9120
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
8103
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
4521
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
3228
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2639
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2158
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.