Simple PHP Form
The code below illustrates input handling of a post-driven comment form. These are the basic steps involved:
- Normalize the input (i.e. strips slashes if necessary)
- Sanitize the input to eliminate any security vulnerabilities
- Validate input to make sure it fulfills form's requirements (in this case, checking for a valid email address)
- Trigger contigent operations if the input is valid (here, an email gets send to the site contact)
- Provide appropriate feedback
The sanitize_string function wraps this class. See also the Drupal filter.module API for insight into filtering input.
For the full script frame, refer to the klenwell script frame template
// *** CONTROLLER (Handles requests and sets triggers)
/*____________________________________________________________________________*/
// ** Default
$_SHOW['form'] = 1;
// ** GET-triggered Requests
// ** POST-triggered Requests
if ( $_POST['submit_inquiry'] ) $_TRIGGER['validate_form'] = 1;
// ** COOKIE-triggered Requests
/*============================================================================*/
// *** EVENTS (Trigger-controlled events)
/*____________________________________________________________________________*/
// Validate Form
if ( $_TRIGGER['validate_form'] )
{
// normalize input
if ( get_magic_quotes_gpc() )
{
$_POST = strip_magic_quotes($_POST);
}
// sanitize Input
$_INPUT['name'] = sanitize_string($_POST['name']);
$_INPUT['email'] = sanitize_string($_POST['email']);
$_INPUT['company'] = sanitize_string($_POST['company']);
$_INPUT['phone'] = sanitize_string($_POST['phone']);
$_INPUT['comments'] = sanitize_string($_POST['comments']);
// email valid
$_REPORT['email'] = validate_email($_INPUT['email']);
if ( !$_REPORT['email']['is_valid'] )
{
$_HTML['form_feedback'] = "<p>{$_REPORT['EMAIL']['prompt']}</p>";
}
else
{
$_FLAG['valid_email'] = 1;
}
// is valid
if ( $_FLAG['valid_email'] )
{
// Simple anti-spam measure
if ( substr_count($_INPUT['comments'], 'http://') < 3 )
{
$_TRIGGER['mail_inquiry'] = 1;
}
else
{
$_TRIGGER['mail_inquiry'] = 0;
$_HTML['form_feedback'] = "<p>to avoid spam, we don't accepts messages with <b>more than two links</b> in them. please resubmit your message without the links.</p>";
}
}
// not valid
else
{
$_TRIGGER['mail_inquiry'] = 0;
}
}
// Email Form
if ( $_TRIGGER['mail_inquiry'] )
{
$_TEXT['email'] = <<<TEXT
Name: {$_INPUT['name']}
Email: {$_INPUT['email']}
Company: {$_INPUT['company']}
Phone: {$_INPUT['phone']}
Comments:
{$_INPUT['comments']}
TEXT;
// message data
$stamp = date('Y m d \a\t g:ia');
$subject = "inquiry submitted on $stamp";
// mail sent
if ( send_mail($PROJECT['contact_email'], $PROJECT['contact_email'], $subject, $_TEXT['email']) )
{
$_HTML['form_feedback'] = "<p>Your message was delivered. We will respond shortly. Thank you.</p>";
}
// mail failed
else
{
$_HTML['form_feedback'] = "<p>Sorry, we were unable to send your message. You can email us directly at <a href=\"mailto:{$PROJECT['contact_email']}\">{$PROJECT['contact_email']}</a></p>";
}
}
/*============================================================================*/
// *** OUTPUT (Set page head, dynamic HTML, blocks, and stacks for template)
/*____________________________________________________________________________*/
// ** Dynamic HTML
// Form
if ( $_SHOW['form'] )
{
$_HTML['contact_form'] = <<<HTML
<div id="contact_form_parent">
<div id="contact_form">
<h4>submit an inquiry</h4>
<div id="form_feedback">{$_HTML['form_feedback']}</div>
<form method="post" action="{$_SERVER['PHP_SELF']}">
<p><label><b>name*</b></label><input type="text" name="name" value="" maxlength="32" size="12" /></p>
<p><label><b>email*</b></label><input type="text" name="email" value="" maxlength="64" size="16" /></p>
<p><label>company</label><input type="text" name="company" value="" maxlength="32" size="12" /></p>
<p><label>phone</label><input type="text" name="phone" value="" maxlength="32" size="12" /></p>
<textarea name="comments" onfocus="this.value='';" rows="4" cols="30" >comments or questions</textarea><br />
<input type="submit" name="submit_inquiry" value="submit inquiry" />
</form>
</div>
</div>
HTML;
}
/*____________________________________________________________________________*/
// ** Default
$_SHOW['form'] = 1;
// ** GET-triggered Requests
// ** POST-triggered Requests
if ( $_POST['submit_inquiry'] ) $_TRIGGER['validate_form'] = 1;
// ** COOKIE-triggered Requests
/*============================================================================*/
// *** EVENTS (Trigger-controlled events)
/*____________________________________________________________________________*/
// Validate Form
if ( $_TRIGGER['validate_form'] )
{
// normalize input
if ( get_magic_quotes_gpc() )
{
$_POST = strip_magic_quotes($_POST);
}
// sanitize Input
$_INPUT['name'] = sanitize_string($_POST['name']);
$_INPUT['email'] = sanitize_string($_POST['email']);
$_INPUT['company'] = sanitize_string($_POST['company']);
$_INPUT['phone'] = sanitize_string($_POST['phone']);
$_INPUT['comments'] = sanitize_string($_POST['comments']);
// email valid
$_REPORT['email'] = validate_email($_INPUT['email']);
if ( !$_REPORT['email']['is_valid'] )
{
$_HTML['form_feedback'] = "<p>{$_REPORT['EMAIL']['prompt']}</p>";
}
else
{
$_FLAG['valid_email'] = 1;
}
// is valid
if ( $_FLAG['valid_email'] )
{
// Simple anti-spam measure
if ( substr_count($_INPUT['comments'], 'http://') < 3 )
{
$_TRIGGER['mail_inquiry'] = 1;
}
else
{
$_TRIGGER['mail_inquiry'] = 0;
$_HTML['form_feedback'] = "<p>to avoid spam, we don't accepts messages with <b>more than two links</b> in them. please resubmit your message without the links.</p>";
}
}
// not valid
else
{
$_TRIGGER['mail_inquiry'] = 0;
}
}
// Email Form
if ( $_TRIGGER['mail_inquiry'] )
{
$_TEXT['email'] = <<<TEXT
Name: {$_INPUT['name']}
Email: {$_INPUT['email']}
Company: {$_INPUT['company']}
Phone: {$_INPUT['phone']}
Comments:
{$_INPUT['comments']}
TEXT;
// message data
$stamp = date('Y m d \a\t g:ia');
$subject = "inquiry submitted on $stamp";
// mail sent
if ( send_mail($PROJECT['contact_email'], $PROJECT['contact_email'], $subject, $_TEXT['email']) )
{
$_HTML['form_feedback'] = "<p>Your message was delivered. We will respond shortly. Thank you.</p>";
}
// mail failed
else
{
$_HTML['form_feedback'] = "<p>Sorry, we were unable to send your message. You can email us directly at <a href=\"mailto:{$PROJECT['contact_email']}\">{$PROJECT['contact_email']}</a></p>";
}
}
/*============================================================================*/
// *** OUTPUT (Set page head, dynamic HTML, blocks, and stacks for template)
/*____________________________________________________________________________*/
// ** Dynamic HTML
// Form
if ( $_SHOW['form'] )
{
$_HTML['contact_form'] = <<<HTML
<div id="contact_form_parent">
<div id="contact_form">
<h4>submit an inquiry</h4>
<div id="form_feedback">{$_HTML['form_feedback']}</div>
<form method="post" action="{$_SERVER['PHP_SELF']}">
<p><label><b>name*</b></label><input type="text" name="name" value="" maxlength="32" size="12" /></p>
<p><label><b>email*</b></label><input type="text" name="email" value="" maxlength="64" size="16" /></p>
<p><label>company</label><input type="text" name="company" value="" maxlength="32" size="12" /></p>
<p><label>phone</label><input type="text" name="phone" value="" maxlength="32" size="12" /></p>
<textarea name="comments" onfocus="this.value='';" rows="4" cols="30" >comments or questions</textarea><br />
<input type="submit" name="submit_inquiry" value="submit inquiry" />
</form>
</div>
</div>
HTML;
}
There are no comments on this page. [Add comment]