php contact form validation (invalid email still sending)

Question

So I am putting together a form and was recommended that I validate the form. I found a tutorial but seem to still be having problems getting the php to function.

The html for the form:

<div id="FGSform"> 
<form action="/working/wp-content/themes/NEW/mail.php" method="post" name="contactFGS"          id="contactFGS">
<ul>
<li>
    <label for="first-name">First Name</label>
<br>
    <input type="text" id="firstname" name="firstname" required aria-required="true">
</li>
<br>
<li>
    <label for="last-name">Last Name</label><br>
    <input type="text" id="lastname" name="lastname" required aria-required="true">
</li>
<br>
<li>
    <label for="email">Email</label>
<br>
    <input type="email" id="email" name="email" required aria-required="true">
</li>
<br>
<li>
  <label for="contact-reason" id="reason" name="reason">Reason for Contact</label>
      <select id="reason" name="reason" required>
      <option value="."></option>
      <option value="Print Services">Print Services</option>
      <option value="Design Services">Design Services</option>
      <option value="Employment">Employment</option>
      <option value="Questions">Questions</option>
      <option value="Other">Other</option>     
      </select> 
</li>
<br>
<li>
  <label for="comments">Comments</label>
<br>
    <textarea name="contactcomments" id="contactcomments" cols="40" rows="10" required></textarea>
</li> 
<br>
<li>
    <input type="radio" id="newsletter" name="newsletter">
    <label for="signmeup">Sign me up for newsletter, updates and other information about FGS</label>  
</li>
<br>
<li>
<input type="submit" value="Send" name="submit">
</li>

Here is the php:

<?php
/*Validate and Sanitaize */

    if (isset($_POST['submit'])){

}

if ($_POST['firstname'] != "") {
    $_POST['firstname'] = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
    if ($_POST['firstname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your name.</br>';
}   

if ($_POST['lastname'] != "") {
    $_POST['lastname'] = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
    if ($_POST['lastname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your last name.</br>';
}

if ($_POST['emial'] != "") {
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALITDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
} else {
    $errors .= 'Please enter your email address.<br/>';
}

if (isset($_REQUEST['reason']) && $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';
}

if ($_POST['contactcomments'] != "") {  
    $_POST['contactcomments'] = filter_var($_POST['contactcomments'], FILTER_SANITIZE_STRING);
    if ($_POST['contactcomments'] == "") {
        $errors .='Please enter a message to send.<br/>';
    }
} else {
    $errors .='Please enter a message to send.<br/>';
}





 /* Email Variables */
 $emailSubject = 'Website Mail!'; 
$webMaster = 'email@here.com';



 /* Data Variables */
 $firstname = $_POST['firstname'];
 $lastname = $_POST['lastname'];
$email = $_POST['email'];
$reason = $_POST['reason'];
$contactcomments = $_POST['contactcomments'];
$newsletter = $_POST['newsletter'];





$body = <<<EOD
<br><hr><br>
Name: $firstname <br>
Last Name: $lastname <br>
Email: $email <br>
Reason: $reason <br>
Comments: $contactcomments <br>
Newsletter = $newsletter <br>
EOD;
$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body,
$headers);


/* Results rendered as HTML */
$theResults = <<<EOD
<html>
<head>
<title>sent message</title>
 <meta http-equiv="refresh" content="3;URL=http://mywebsite.com/working/?       page_id=8">
<style type="text/css">
<!--
body {
background-color: #fff; 
font-family: Arial, Helvetica, sans-serif;
font-size: 20px;
font-style: normal;
line-height: normal;
font-weight: normal;
color: #555555;
text-decoration: none;
padding-top: 200px;
margin-left: 150px;
width: 800px;
}
-->
</style>
</head>
<div align="center">Thank you! We will contact you back as soon as posible.</div>
</div>
</body>
</html>
EOD;
echo "$theResults";
?>

The problem that I am having is a person can submit and invalid e-mail as well they can choose the invalid selection item.

I have the action of the form connected to the php file but I wasn't sure if I need to have each form element call the the specific if/then statement of the php file.

I am new to php so this has proven to be a real challenge.

Thank you to anyone who helps.

I see nothing in your code that would prevent sending mail when there is an error. It always sends. It seems that sending mail should depend on `$errors`. — showdev, Aug 21 '13 at 18:33
@showdev The OP has (as posted code) `if ($_POST['emial'] != "") {` it should read as `if ($_POST['email'] != "") {` notice **"emial"** is mispelled in the OP's code. — Funk Forty Niner, Aug 21 '13 at 18:34
@Fred-ii- Yes, I see your answer. My comment is not related to that typo. — showdev, Aug 21 '13 at 18:35
In your form take out `value="."` in `` then change this `if (isset($_REQUEST['reason']) && $_REQUEST['reason'] =='.') {` to `if (!isset($_REQUEST['reason'])) {` and that option will work (tested) — Funk Forty Niner, Aug 21 '13 at 18:51
@user2701059 Have a look at my answer below. I tested it, works fine now. — Funk Forty Niner, Aug 21 '13 at 19:25

score 1 · Answer 1 · answered Aug 21 '13 at 18:49

1

It should be FILTER_VALIDATE_EMAIL instead of FILTER_VALITDATE_EMAIL

answered Aug 21 '13 at 18:49

Dimitri Mostrey

2,302
1
12
11

Good catch there Dimitri. – Funk Forty Niner Aug 21 '13 at 18:55
(+1) on my part ;-) Cheers – Funk Forty Niner Aug 21 '13 at 19:58

score 0 · Answer 2 · answered Aug 21 '13 at 18:46

Among other misspellings and logic errors (see the answer and comments by Fred -ii-), it looks like you find errors, but don't do anything about it.

Currently, in pseudo code:

Check for errors.
If there are any errors, add them to a message.

Regardless of the possible errors, send the email.

And it should be like:

Check for errors.
If there are any errors, add them to a message.

Check to see if there is any error message(s)
If yes, complain loudly and exit
Otherwise, send the email.

Finding errors is only half the battle! Then you need to correct them if you can, or deal with them other ways if you cant!

Funk Forty Niner · Accepted Answer · 2013-08-21T19:23:15.700

You have a few options.

In your form take out value="." in <option value="."></option>

then change this if (isset($_REQUEST['reason']) && $_REQUEST['reason'] =='.') {

to

if (!isset($_REQUEST['reason'])) { and that option will work (tested)

Be sure to make the change for if ($_POST['emial'] != "") {

to if ($_POST['email'] != "") {

Along with Dimitri Mostrey's answer.

You could also try what you already have, but include exit; at the end like this and add ! in your if isset:

Notice the added `!` which wasn't in your handler and needs it.

Otherwise, using if (isset, you're telling "if it is set" which it isn't.

if (!isset($_REQUEST['reason']) || $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';

exit;

Email validation

Underneath if (isset($_POST['submit'])){

add $email = $_POST['email'];

Then change:

if ($_POST['email'] != "") {


    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
}

to

if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
  echo "E-mail is not valid";

exit;

  }

Here's a total rewrite:

NOTE: It is better to put your variables at the top, instead of further down below.

I added $email = $_POST['email']; underneath if (isset($_POST['submit'])){

<?php
/*Validate and Sanitize */

    if (isset($_POST['submit'])){

    $email = $_POST['email'];

}

$error = ""; // added by me

if ($_POST['firstname'] != "") {
    $_POST['firstname'] = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
    if ($_POST['firstname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your name.</br>';
}   

if ($_POST['lastname'] != "") {
    $_POST['lastname'] = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
    if ($_POST['lastname'] == "") {
        $errors .= 'Please enter a valid name.<br/><br/>';
    }       
} else {
    $errors .= 'Please enter your last name.</br>';
}


/*
if ($_POST['email'] != "") {


    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors .="$email is <strong>NOT</strong> a valid email address.<br/<br/>";
    }
}
*/

if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  {
  echo "E-mail is not valid";

exit;

  }

else {
    $errors .= 'Please enter your email address.<br/>';
}

if (!isset($_REQUEST['reason']) || $_REQUEST['reason'] =='.') {
    echo 'Please select a reason for contacting.<br/>';

exit;
}

if ($_POST['contactcomments'] != "") {  
    $_POST['contactcomments'] = filter_var($_POST['contactcomments'], FILTER_SANITIZE_STRING);
    if ($_POST['contactcomments'] == "") {
        $errors .='Please enter a message to send.<br/>';
    }
} else {
    $errors .='Please enter a message to send.<br/>';
}


 /* Email Variables */
 $emailSubject = 'Website Mail!'; 
$webMaster = 'kmurray@frgraphicsolutions.com';


 /* Data Variables */
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$reason = $_POST['reason'];
$contactcomments = $_POST['contactcomments'];
$newsletter = $_POST['newsletter'];


$body = <<<EOD
<br><hr><br>
Name: $firstname <br>
Last Name: $lastname <br>
Email: $email <br>
Reason: $reason <br>
Comments: $contactcomments <br>
Newsletter = $newsletter <br>
EOD;
$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($webMaster, $emailSubject, $body, $headers);

/* Results rendered as HTML */
$theResults = <<<EOD
<html>
<head>
<title>sent message</title>
<meta http-equiv="refresh" content="3;URL=http://frgraphicsolutions.com/working/?page_id=8">

<style type="text/css">
<!--
body {
background-color: #fff; 
font-family: Arial, Helvetica, sans-serif;
font-size: 20px;
font-style: normal;
line-height: normal;
font-weight: normal;
color: #555555;
text-decoration: none;
padding-top: 200px;
margin-left: 150px;
width: 800px;
}
-->
</style>
</head>
<div align="center">Thank you! We will contact you back as soon as possible.</div>
</div>
</body>
</html>
EOD;
echo "$theResults";
?>

Thank you very much! Terrible typing plus lack of knowledge made for a terrible mess but this fixed it. — Kasandra, Aug 21 '13 at 19:46
@user2701059 You're welcome, glad it worked out. I take it is is an acceptable answer then. Cheers :) — Funk Forty Niner, Aug 21 '13 at 19:49
@user2701059 That my friend, is what we call "experience". That's how everyone learns, including myself. Keep going ;-) — Funk Forty Niner, Aug 21 '13 at 19:50
@user2701059 You do owe me an explanation as to why you unaccepted my answer. I helped you after all. I don't mind helping, and the time I spent on this and you turn around. That's not right at all. — Funk Forty Niner, Oct 22 '13 at 16:37
I am sorry, I was trying to get this page off of google search when you put in the website off of search, it is correct I just need the website like removed. It is not some sort of personal attack at you. — Kasandra, Oct 22 '13 at 17:20