php email form. Only want to post filled fields and not post empty ones

Question

I have a contact form that looks like this

Different form fields will appear based on what the user picks on the "I would like to" select box.

I want to implement a solution that I found on this site. Basically the php only posts fields that are filled out and does not post fields that are empty. It utilses the following code to achieve it

foreach ($_POST as $Field=>$Value) { 
if($Value != ''){
$body .= "$Field: $Value\n";
}
}

I am not fluent in PHP and wasn't able to apply the solution proposed. Would appreciate if someone could help implement the solution into my code to make it post non empty form elements which includes text fields, select boxes and radio groups.

The code for my PHP form processor looks like the following

<?php

$name = $_POST['name'];  
$email_address = $_POST['email'];  
$phone = $_POST['phone'];  
$message = $_POST['message'];  
$p_prefered_day = $_POST['p_prefered_day'];  (radio button)
$session_time = $_POST['session_time'];  (select box)
$p_message = $_POST['p_message'];  
$treatment = $_POST['treatment'];  (select box)
$therapist = $_POST['therapist'];  (select box)
$b_pref_day = $_POST['b_pref_day'];  (radio button)
$b_pref_time = $_POST['b_pref_time'];  (radio button)
$b_message = $_POST['b_message'];  

$to = 'info@zenwebcreative.com.au'; 
$email_subject = "Website Contact Form:  $name";
$email_body = "You have received a new message from your website contact form.\n\n"."Here are the details:\n\nName: $name\n\nCompany: $company\n\nEmail: $email_address\n\nPhone: $phone\n\nMessage:\n$message";
$headers = "From: noreply@yourdomain.com\n";
$headers .= "Reply-To: $email_address"; 

mail($to,$email_subject,$email_body,$headers);
return true;            
?>

The HTML code of my form looks like the following

  <form name="sentMessage" id="contactForm" novalidate>                
    <div class="form-group">
      <label>Full Name *</label>
      <input type="text" class="form-control" id="name" required>
    <p class="help-block text-danger"></p>
    </div><!--  end form-group -->

    <div class="form-group">
      <label>Email Address*</label>
      <input type="email" class="form-control" id="email" required>
    <p class="help-block text-danger"></p>
    </div><!--  end form-group -->

    <div class="form-group">
      <label>Contact Number</label>
      <input type="text" class="form-control" id="phone">
    </div> <!-- end form group -->

    <div class="form-group">
    <label>I would like to *</label>
      <select id="select_question" class="form-control">            
        <option selected="selected">Please select</option>
        <option value="question">Ask a question</option>
        <option value="pilates">Attend a pilates class</option>
        <option value="booking">Schedule a booking</option>
      </select>
    </div><!--  end form-group --> 

    <div class="form-group box question">
    <label>Message</label>
      <div class="input-group">                  
        <textarea id="message" class="form-control" rows="7" required></textarea>
        <span class="input-group-addon"><span class="glyphicon glyphicon-asterisk"></span></span>
      </div><!--  end input group -->
    <p class="help-block text-danger"></p>
    </div><!--  end form-group --> 

    <div class="box pilates">

      <div class="form-group">
        <label>Prefered day of the week *</label><br>
        <label class="radio-inline">
          <input type="radio" name="p_prefered_day" id="Tue" value="Tuesday">Tuesday
        </label>
        <label class="radio-inline">
          <input type="radio" name="p_prefered_day" id="Thu" value="Thursday">Thursday
        </label>
      </div> <!-- end form group -->

      <div class="form-group">
      <label>Prefered Session you would like to attend? *</label>
        <select class="form-control" id="session_time">
          <option value="4:30 pm">4:30 pm</option>
          <option value="5:30 pm">5:30 pm</option>
          <option value="6:30 pm">6:30 pm</option>
        </select>
      </div><!--  end form-group --> 

      <div class="form-group">
      <label>Additional Comments</label>
        <div class="input-group">                  
          <textarea id="p_message" class="form-control" rows="7" required></textarea>
          <span class="input-group-addon"><span class="glyphicon glyphicon-asterisk"></span></span>
        </div><!--  end input group -->
      <p class="help-block text-danger"></p>
      </div><!--  end form-group --> 

    </div><!--  end box pilates -->

    <div class="box booking">

      <div class="form-group">
      <label>What Service Are You Interested In? *</label>
        <select class="form-control" id="services">
          <option value="Manual Therapy">Manual Therapy</option>
          <option value="Sports Physiotherapy">Sports Physiotherapy</option>
          <option value="Dry Needling">Dry Needling</option>
          <option value="Post and Pre operative care">Post and Pre operative care</option>
          <option value="Real Time Ultrasound Imaging">Real Time Ultrasound Imaging</option>
          <option value="Balance and Vestibular treatment">Balance and Vestibular treatment</option>
          <option value="Sports Specific Rehabilitation">Sports Specific Rehabilitation</option>
          <option value="Motor Vehicle Accident">Motor Vehicle Accident</option>
          <option value="Workers Compensation">Workers Compensation</option>            
        </select>
      </div><!--  end form-group --> 

      <div class="form-group">
      <label>Which therapist would you like to see*</label>
        <select class="form-control" id="therapist">
          <option selected="selected">No Preference</option>
          <option value="Kristen">Kristen</option>
          <option value="Tara">Tara</option>        
        </select>
      </div><!--  end form-group --> 

      <div class="form-group">
        <label>Prefered day of the week *</label><br>
        <label class="radio-inline">
          <input type="radio" name="b_pref_day" id="b_Mon" value="Mon-">Mon
        </label>
        <label class="radio-inline">
          <input type="radio" name="b_pref_day" id="b_Tue" value="Tue">Tue
        </label>
        <label class="radio-inline">
          <input type="radio" name="b_pref_day" id="b_Wed" value="Wed">Wed
        </label>
        <label class="radio-inline">
          <input type="radio" name="b_pref_day" id="b_Thu" value="Thu">Thu
        </label>
        <label class="radio-inline">
          <input type="radio" name="b_pref_day" id="b_Fri" value="Fri">Fri
        </label>
      </div> <!-- end form group --> 

      <div class="form-group">
        <label>Prefered time of the day</label><br>
        <label class="radio-inline">
          <input type="radio" name="b_pref_time" id="morning" value="Morning">Morning
        </label>
        <label class="radio-inline">
          <input type="radio" name="b_pref_time" id="afternoon" value="Afternoon">Afternoon
        </label>
      </div> <!-- end form group --> 

      <div class="form-group">
      <label>Addtional Comments</label>
        <div class="input-group">                  
          <textarea id="b_message" class="form-control" rows="7" required></textarea>
          <span class="input-group-addon"><span class="glyphicon glyphicon-asterisk"></span></span>
        </div><!--  end input group -->
      <p class="help-block text-danger"></p>
      </div><!--  end form-group --> 

   </div> <!-- end box booking -->

  <div class="clearfix"></div>

    <div id="success"></div>
    <button id="send_btn" type="submit" class="btn cpcbutton">Send Message</button>
    <p class="help-block"> <span class="glyphicon glyphicon-asterisk green"></span> Required Fields </p>
  </form>

Thanks in advance.

Answer 1

You should create a whitelist array of your accepted keys:

$whitelist = array('name', 'email', 'phone');

And then loop through the array as follows:

foreach($whitelist as $key){
  if(isset($_POST[$key]) && $_POST[$key] != ''){
    $body .= ucfirst($key) . ": " . htmlspecialchars($_POST[$key], ENT_QUOTES) . "\n";
  }
}

foreach loops through the array, isset checks that the field is set, ucfirst makes the key look presentable in the email by capitalizing the first character, and htmlspecialchars with the ENT_QUOTES flag ensures the characters are properly converted for the email.

You should always create a whitelist for this type of loop, not only for security purposes but also because you'll be looping through unnecessary or irrelevant keys, such as:

<button type="submit" name="submit" value="1">Submit</button>

Your email will then see:

Submit: 1

Which makes no sense to the recipient.

Answer 2

Try this:

$body = "";
foreach ($_POST as $Field=>$Value) { 
    if($Value != ''){
        $body .= "$Field: $Value\n\n";
    }
}

$to = 'info@zenwebcreative.com.au'; 
$email_subject = "Website Contact Form:  $name";
$email_body = "You have received a new message from your website contact form.\n\n"."Here are the details: $body";
$headers = "From: noreply@yourdomain.com\n";
$headers .= "Reply-To: $email_address"; 

mail($to,$email_subject,$email_body,$headers);
return true;            

I replaced all the code that assigns variables from the $_POST array to the snippet you provided. That basically do the same thing that your previous code was doing.

Answer 3

Your foreach-loop is working as is, but the code looks a bit cleaner when using empty() instead, like this (but the one you have already does the same job!):

foreach ($_POST as $field=>$value) { 
    if (!empty($value)) {
        $body .= "$field: $value\n\n";
    }
}

This assigns all the variables in the global $_POST-array that is not empty into the $body-variable. Using this, you don't need the other $_POST statements (for example $message = $_POST['message'];). The only problem with this is that ALL your content from the $_POST-array is printed (even the submit-buttons value!).

Then you just put that in your mail-function like this:

$email_body = "You have received a new message from your website contact form.\n\n";
$email_body .= "Here are the details:\n\n";
$email_body .= "$body";
mail($to, $email_subject, $email_body, $headers);

Another alternative is to check every field explicitly, although this will generate a lot more code.

if (!empty($_POST['name']))
    $body .= "Name: ".$_POST['name']."\n\n";
if (!empty($_POST['email']))
    $body .= "Email: ".$_POST['email']."\n\n";
if (!empty($_POST['phone']))
    $body .= "Phone: ".$_POST['phone']."\n\n";

Same deal here with how you can add it to your mail-function.

There are of course other ways of doing things, and out of the two, I'd recommend the foreach-loop, as it's much less and cleaner code, that should do the same job. If it prints the "submit" values too, you can just add a piece of code that skips that element of the global $_POST array.

---

You should have a statement that prevents the script to be run every time someone visits this page directly, like having a if ($_POST['submit'] == 'submit') (where submit are the name and value of your submit-button in the HTML form) statement that wraps all your mail-relevant code. This way, mails are only sent after the form is submitted.