CODEWITHSUNDEEP
phpformsvalidation
Ben Green
Ben Green

Reputation: 51

Stopping empty form submission PHP

I have been trying to implement server validation to prevent blank emails in my contact us page, but I am not sure on how to do it in PHP, here is my code:

<?php
$field_name = $_POST['cf_name'];
$field_email = $_POST['cf_email'];
$field_tel = $_POST['cf_tel'];
$field_message = $_POST['cf_message'];


$mail_to = '[email protected], [email protected], [email protected]';
$subject = 'Just iStuff Mobile Contact Us: '.$field_name;

$body_message = 'From: '.$field_name."\n";
$body_message .= 'E-mail: '.$field_email."\n";
$body_message .= 'Telephone Number: '.$field_tel."\n";
$body_message .= 'Message: '.$field_message;

$headers = 'From: '.$field_email."\r\n";
$headers .= 'Reply-To: '.$field_email."\r\n";

$mail_status = mail($mail_to, $subject, $body_message, $headers);

if ($mail_status) { ?>
    <script language="javascript" type="text/javascript">
        alert('Thank you for your email, we have received your message and will reply within the next few days.');
        window.location = 'contactus.html';
    </script>
<?php
}
else { ?>
    <script language="javascript" type="text/javascript">
        alert('Message failed, please try again or email [email protected]');
        window.location = 'contactus.html';
    </script>
<?php
}
?>

Can anyone help me to do this, the tutorials online do not cover this way of doing it...

Thanks

Upvotes: 0

Views: 19946

Answers (4)

Pascal Tovohery
Pascal Tovohery

Reputation: 986

Try to put a submit input <input type="submit" name="sub" value="Submited"> inside your form when it's clicked.

<?php

if (isset($_POST['sub']) {
  $field_name = $_POST['cf_name'];
  $field_email = $_POST['cf_email'];
  $field_tel = $_POST['cf_tel'];
  $field_message = $_POST['cf_message'];
  if (empty($field_name) && ....)
  {
     exit('Field name is empty');
  }
  .....

Upvotes: 0

Louie Miranda
Louie Miranda

Reputation: 1159

Before your $mail_to..

You can validate the _POST/_GET first on server side.

<?php
if (empty($field_name) && empty($field_email) && empty($field_tel) && empty($field_message)) {
    echo 'Please correct the fields';
    return false;
}
?>

Alternatively, you can validate first on the client-side. It will save you time and resources.

Upvotes: 4

Ja͢ck
Ja͢ck

Reputation: 173552

You can use filter for this; since you're using the passed email address as part of the mail() operation, it's best to also validate:

$fields = filter_input_array(INPUT_POST, array(
    'name' => FILTER_UNSAFE_RAW,
    'email' => FILTER_VALIDATE_EMAIL,
    'tel' => FILTER_UNSAFE_RAW,
    'message' => FILTER_UNSAFE_RAW,
));

// check for missing fields
if (null === $fields || in_array(null, $fields, true)) {
  // some or all fields missing
} elseif (in_array(false, $fields, true)) {
  // some or all fields failed validation
} else {
  // all fields passed validation
  // use $fields['email'] as the email address
}

I've used FILTER_UNSAFE_RAW for all fields except email, but perhaps there are better filters that apply.

Upvotes: 1

Evan Teran
Evan Teran

Reputation: 90422

just test the variable for "emptiness" and exit early. Something like this:

if(empty($field_email)) {
    // maybe show the user a reason why this was rejected...
    return;
}

You probably want to do this for just about all the input fields.

In addition, you can use JavaScript (jQuery has some nice plugins) to prevent the user from submitting invalid data in the first place. This won't remove the need to do it server side (since they can just disable JS, or someone malicious might intentionally bypass this measure), but it can make it a more user friendly experience.

Upvotes: 4

Related Questions