By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,729 Members | 1,363 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,729 IT Pros & Developers. It's quick & easy.

php form issue?

mikeinspain
P: 21
hi there..

I have a php form script that is pretty much there... I am however having a problem when I go to test the form. the mail comes through into my inbox displaying the information ok apart from the tel no.. field.. where it displays the entered email address.

the code is below.. any help appreciated... :-)

[PHP]<?php
if (isset($_POST["op"]) && ($_POST["op"]=="send")) {

/******** START OF CONFIG SECTION *******/
$sendto = "admin@cbweb.co.uk";
$subject = "Website Contact Enquiry | General Enquiry";
// Select if you want to check form for standard spam text
$SpamCheck = "Y"; // Y or N
$SpamReplaceText = "*content removed*";
// Error message prited if spam form attack found
$SpamErrorMessage = "<p align=\"center\"><font color=\"red\">Malicious code content detected.
</font><br><b>Your IP Number of <b>".getenv("REMOTE_ADDR")."</b> has been logged.</b></p>";
/******** END OF CONFIG SECTION *******/


$name = $HTTP_POST_VARS['name'];
$email = $HTTP_POST_VARS['email'];
$tel = $HTTP_POST_VARS['email'];
$message = $HTTP_POST_VARS['message'];
$headers = "From: $email\n";
$headers . "MIME-Version: 1.0\n"
. "Content-Transfer-Encoding: 7bit\n"
. "Content-type: text/html; charset = \"iso-8859-1\";\n\n";
if ($SpamCheck == "Y") {
// Check for Website URL's in the form input boxes as if we block website URLs from the form,
// then this will stop the spammers wastignt ime sending emails
if (preg_match("/http/i", "$name")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$email")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$tel")) {echo "$SpamErrorMessage"; exit();}
if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}

// Patterm match search to strip out the invalid charcaters, this prevents the mail injection spammer
$pattern = '/(;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i'; // build the pattern match string

$name = preg_replace($pattern, "", $name);
$email = preg_replace($pattern, "", $email);
$tel = preg_replace($pattern, "", $tel);
$message = preg_replace($pattern, "", $message);

// Check for the injected headers from the spammer attempt
// This will replace the injection attempt text with the string you have set in the above config section
$find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
$tel = preg_replace($find, "$SpamReplaceText", $tel);
$email = preg_replace($find, "$SpamReplaceText", $email);
$name = preg_replace($find, "$SpamReplaceText", $name);
$message = preg_replace($find, "$SpamReplaceText", $message);

// Check to see if the fields contain any content we want to ban
if(stristr($name, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($message, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}

// Do a check on the send email and subject text
if(stristr($sendto, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
if(stristr($subject, $SpamReplaceText) !== FALSE) {echo "$SpamErrorMessage"; exit();}
}
// Build the email body text
$emailcontent = "
-----------------------------------------------------------------------------
WEBSITE CONTACT ENQUIRY | GENERAL ENQUIRY
-----------------------------------------------------------------------------

Name: $name

Email: $email

Tel No: $tel

Message: $message

_______________________________________
End of Email
";
// Check the email address enmtered matches the standard email address format
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$", $email)) {
echo "<p>It appears you entered an invalid email address</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}

elseif (!trim($name)) {
echo "<p>Please go back and enter a Name</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}

elseif (!trim($message)) {
echo "<p>Please go back and type a Message</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}

elseif (!trim($email)) {
echo "<p>Please go back and enter an Email</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}

elseif (!trim($tel)) {
echo "<p>Please go back and enter an Telephone Number</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}


// Sends out the email or will output the error message
elseif (mail($sendto, $subject, $emailcontent, $headers)) {
echo "<br><br><p><b>Thank You $name</b></p><p>We will be in touch as soon as possible.</p>";

}
}
else {
?> [/PHP]

Cheers

Mike
Jan 29 '07 #1
Share this Question
Share on Google+
3 Replies


Atli
Expert 5K+
P: 5,058
$tel = $HTTP_POST_VARS['email'];

Im betting this is your problem :)

Btw.

The $HTTP_POST_VARS['varname'] is kind of a overkill dont you think?

I mean you could use $_POST['varname'] or even just $varname
Jan 30 '07 #2

mikeinspain
P: 21
Will give that a go thanks..

Mike

:-)
Jan 30 '07 #3

mikeinspain
P: 21
That has done the trick.. Thanks again!!
Jan 30 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.