Honesty Rocks! truth rules.

Restrictions On Php & Forms? _GET/POST/REQUEST?

HOME      >>       Programming

anachro

alright, so heres me again (theres probably a contact page on the website but I figure somebody has/will have this question and they'll want to know it so why not ask and share the love & knowladge (minus the love))

so I've been working on a two part contact page.

contact.php

<p><img src="images/sig.gif" align="left" width="37" height="69" style="margin-right: 5px;" alt="B/S Signature"/> <font >Contact!</font><br/><form action="?page=mailer" method="post"> <strong>*Name:</strong><br><input type="text" name="name" size="20"><br> <strong>*E-mail Address:</strong><br><input type="text" name="email" size="45"><br><strong>E-mail Subject:</strong><br><select type="subject" name="subject" value="subject" width="350"><br /> <option value=""></option><option value="Information Request">Information Request</option><option value="Quote Request">Quote Request</option></select><br><br /><input name="human" type="checkbox" value="yes"> Check if you are Human.*<br /> (This is for your security)<br /><br /> <strong>*Message/Comments:</strong><br><textarea rows="9" name="message" cols="30"></textarea><br><br><input type="submit" value="Submit" name="submit"></form><br /><br />fields denoted with * are required.<br /><br />Your information will not be sold/given/other means of forwarding to anyone!</font>

Mailer.php
<?php// where the mail will be sent$to = "EMAILADDRESSREMOVED";//whos recieving this message$subject = $_REQUEST["subject"];//Subject of the message$name_field = $_REQUEST["name"];//senders name (if provided)$email_field = $_REQUEST["email"];//senders email$message = $_REQUEST["message"];//senders message$human = $_REQUEST["human"];//Sets what the answer to the first filter will be (kind-of)=//this is for the check box, makes it required, and echos a reminder if forgottenif($human =="") { echo "You forgot to check the human box or are a spambot! <br /><a class='bodylink' href='java script:history.go(-1)'>click here to return to the previous page</a>.<br /><br />"; die;};//makes sure that the senders name isn't blankif($name_field=="") { echo "You forgot to fill out your name in the proper field!<br /><br /><a class='bodylink' href='java script:history.go(-1)'>click here to return to the previous page</a>.<br /><br />"; die;};//makes sure that the senders name isn't blankif($email_field=="") { echo "You forgot to fill out your Email Address in the proper field!<br /><br /><a class='bodylink' href='java script:history.go(-1)'>click here to return to the previous page</a>.<br /><br />"; die;};//makes sure that the senders name isn't blankif($message=="") { echo "You forgot to fill out any message/question(s)/or comment(s) in the proper field!<br /><br /><a class='bodylink' href='java script:history.go(-1)'>click here to return to the previous page</a>.<br /><br />"; die;};//Once they click submit and it passes the required checks it gets sentif(isset($_POST['submit'])) {//subject and body fields$headers = "From: $email_field\n";$body = " From: $name_field\n E-Mail: $email_field\n Subject: $subject\n Message:\n $message";//sent message //A little thanks, echo'd afterecho "<br />Thank you for your interest, you information has been sent,<br /><a class='bodylink' href='java script:history.go(-1)'>click here to return to the previous page</a>.<br />";mail($to, $subject, $body, $headers);//sends the email} else {echo "<br />Something was missing, please try again.<br /><a class='bodylink' href='java script:history.go(-1)'>click here to return to the previous page</a>.<br />";// If something was wrong it tells them so, and then lets them go back and fix it}?>

and with the both of them primitive version have worked on other hosts, and I;ve been trying to outfit my codes to be more precise, or efficient (hopefully both) so I can FINALLY post my website in the review w/ pride. so, if you see anything that needs to be fixed in my scripts go ahead and tell me, and PLEASE tell me what I need to do to get this to work!!!

shadowx

Have you tried changing $_REQUEST to $_POST as you are using post variables. It may or may not work but its worth a go i guess. Do you get any error messages? If so what are they?


galexcd

Have you tried changing $_REQUEST to $_POST as you are using post variables. It may or may not work but its worth a go i guess.
Do you get any error messages? If so what are they?


It might be best to do this so people couldn't just fill that information in the url, but request cant get everything that post can. It just matters if you want to restrict the get variable as well.