I would prefer the POST & GET method as I believe that is the best way (if it isn't, correct me if I'm wrong).
Could someone give me a full example code and if possible provide what each variable, function, etc. means?
Full Version: What's the best way to create a form in PHP?
You heard me, what's the best way?
I would prefer the POST & GET method as I believe that is the best way (if it isn't, correct me if I'm wrong).
Could someone give me a full example code and if possible provide what each variable, function, etc. means?
I would prefer the POST & GET method as I believe that is the best way (if it isn't, correct me if I'm wrong).
Could someone give me a full example code and if possible provide what each variable, function, etc. means?
I've just finished coding this form, which is viewable at http://bmc2010.com/contact.php.
Let me know what changes I should make on my code.
Let me know what changes I should make on my code.
CODE
<?php
if ( $_POST['submit'] ) {
$valid = 1;
$firstname = $_POST['firstname'];
if ( empty($firstname) ) {
$valid = 0;
$firstname_error = 'You did not enter your first name';
}
$lastname = $_POST['lastname'];
if ( empty($lastname) ) {
$valid = 0;
$lastname_error = 'You did not enter your last name';
}
$company = $_POST['company'];
if ( empty($company) ) {
$valid = 0;
$company_error = 'You did not enter your company';
}
$address1 = $_POST['address1'];
if ( empty($address1) ) {
$valid = 0;
$address1_error = 'You did not enter your address';
}
$name = $_POST[ 'address2'];
$city = $_POST['city'];
if ( empty($city) ) {
$valid = 0;
$city_error = 'You did not enter your city';
}
$state = $_POST['state'];
if ( empty($state) ) {
$valid = 0;
$state_error = 'You did not enter your state';
}
$email = $_POST['email'];
if ( empty($email) ) {
$valid = 0;
$email_error = 'You did not enter your e-mail address';
}
if ( $valid == 1 ) {
$message = 'Someone has filled out the contact form on your website' . "\n\n";
$message .= 'Name: ' . $name . "\n";
$message .= 'Company: ' . $company . "\n";
$message .= 'Email: ' . $email . "\n";
$message .= 'Tel: ' . $tel . "\n";
$message .= 'Fax: ' . $fax . "\n\n";
$message .= 'Comments: ' . "\n";
$message .= $comments;
$sendTo = '-----edited out-----@yahoo.com';
$Bcc = '-----edited out-----@yahoo.com';
$headers = 'From: Contact Form <' . $email . '>' . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'Bcc: ' . $Bcc . "\r\n";
mail($sendTo, $subject, $message, $headers);
header ("Location: contact_done.html");
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Contact Us by Brandon Collins</title>
</head>
<body>
<form action="./" method="post">
<label for="firstname">First Name</label><br />
<input type="text" name="firstname" value="<?php echo $firstname; ?>" size="20" /><br />
<?php echo $firstname_error; ?><br />
<label for="lastname">Last Name</label><br />
<input type="text" name="lastname" value="<?php echo $lastname; ?>" size="20" /><br />
<?php echo $lastname_error; ?><br />
<label for="company">Company</label><br />
<input type="text" name="company" value="<?php echo $company; ?>" size="20" /><br />
<?php echo $company_error; ?><br />
<label for="address1">Address 1</label><br />
<input type="text" name="address1" value="<?php echo $address1; ?>" size="20" /><br />
<?php echo $address1_error; ?><br />
<label for="address2">Address 2</label><br />
<input type="text" name="address2" value="<?php echo $address2; ?>" size="20" /><br />
<label for="city">City</label><br />
<input type="text" name="city" value="<?php echo $city; ?>" size="20" /><br />
<?php echo $city_error; ?><br />
<label for="state">State</label><br />
<input type="text" name="state" value="<?php echo $state; ?>" size="20" /><br />
<?php echo $state_error; ?><br />
<label for="email">E-mail</label><br />
<input type="text" name="email" value="<?php echo $email; ?>" size="20" /><br />
<?php echo $email_error; ?><br />
<input type="submit" name="submit" value="Send" />
</form>
</body>
</html>
if ( $_POST['submit'] ) {
$valid = 1;
$firstname = $_POST['firstname'];
if ( empty($firstname) ) {
$valid = 0;
$firstname_error = 'You did not enter your first name';
}
$lastname = $_POST['lastname'];
if ( empty($lastname) ) {
$valid = 0;
$lastname_error = 'You did not enter your last name';
}
$company = $_POST['company'];
if ( empty($company) ) {
$valid = 0;
$company_error = 'You did not enter your company';
}
$address1 = $_POST['address1'];
if ( empty($address1) ) {
$valid = 0;
$address1_error = 'You did not enter your address';
}
$name = $_POST[ 'address2'];
$city = $_POST['city'];
if ( empty($city) ) {
$valid = 0;
$city_error = 'You did not enter your city';
}
$state = $_POST['state'];
if ( empty($state) ) {
$valid = 0;
$state_error = 'You did not enter your state';
}
$email = $_POST['email'];
if ( empty($email) ) {
$valid = 0;
$email_error = 'You did not enter your e-mail address';
}
if ( $valid == 1 ) {
$message = 'Someone has filled out the contact form on your website' . "\n\n";
$message .= 'Name: ' . $name . "\n";
$message .= 'Company: ' . $company . "\n";
$message .= 'Email: ' . $email . "\n";
$message .= 'Tel: ' . $tel . "\n";
$message .= 'Fax: ' . $fax . "\n\n";
$message .= 'Comments: ' . "\n";
$message .= $comments;
$sendTo = '-----edited out-----@yahoo.com';
$Bcc = '-----edited out-----@yahoo.com';
$headers = 'From: Contact Form <' . $email . '>' . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'Bcc: ' . $Bcc . "\r\n";
mail($sendTo, $subject, $message, $headers);
header ("Location: contact_done.html");
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Contact Us by Brandon Collins</title>
</head>
<body>
<form action="./" method="post">
<label for="firstname">First Name</label><br />
<input type="text" name="firstname" value="<?php echo $firstname; ?>" size="20" /><br />
<?php echo $firstname_error; ?><br />
<label for="lastname">Last Name</label><br />
<input type="text" name="lastname" value="<?php echo $lastname; ?>" size="20" /><br />
<?php echo $lastname_error; ?><br />
<label for="company">Company</label><br />
<input type="text" name="company" value="<?php echo $company; ?>" size="20" /><br />
<?php echo $company_error; ?><br />
<label for="address1">Address 1</label><br />
<input type="text" name="address1" value="<?php echo $address1; ?>" size="20" /><br />
<?php echo $address1_error; ?><br />
<label for="address2">Address 2</label><br />
<input type="text" name="address2" value="<?php echo $address2; ?>" size="20" /><br />
<label for="city">City</label><br />
<input type="text" name="city" value="<?php echo $city; ?>" size="20" /><br />
<?php echo $city_error; ?><br />
<label for="state">State</label><br />
<input type="text" name="state" value="<?php echo $state; ?>" size="20" /><br />
<?php echo $state_error; ?><br />
<label for="email">E-mail</label><br />
<input type="text" name="email" value="<?php echo $email; ?>" size="20" /><br />
<?php echo $email_error; ?><br />
<input type="submit" name="submit" value="Send" />
</form>
</body>
</html>
Man that's just calling for a function 
Now you know why I made my framework. I use POST so I would say you are on the right tracks.
PS. When using labels you have have to do
Now you know why I made my framework. I use POST so I would say you are on the right tracks.PS. When using labels you have have to do
CODE
<label for="part">Hello</label>
<input type="text" name="part" id="part" value="" />
<input type="text" name="part" id="part" value="" />
It's alright, but you're not protecting your headers. I would explode the email address and use checkdnsrr to make sure that the domain name is valid, otherwise a bot would have his way with your form.
OK well the first section would be much cleaner as
See, alot less code (you'll have to remember to change the variables in the form at the bottom); but even that is a little messy.
However empty() isn't a fantastic check as there is nothing stopping me from simply entering loads of white space.
So what you'll need is something like
but take a look at array_walk as that would be better.
Also for fields like "state" you want want to ensure that it is from a valid list of states and you might want to use regex to check that the format of the email address is at least valid
CODE
if ($_POST['submit']) {
$valid = false;
if (empty($_POST['firstname']) ) {
$firstname_error = 'You did not enter your first name';
}
else if (empty($_POST['lastname'])) {
$lastname_error = 'You did not enter your last name';
}
else if (empty($_POST['company'])) {
$company_error = 'You did not enter your company';
}
else if (empty($_POST['address1'])) {
$address1_error = 'You did not enter your address';
}
else if (empty($_POST['city'])) {
$city_error = 'You did not enter your city';
}
else if (empty($_POST['state'])) {
$state_error = 'You did not enter your state';
}
else if (empty($_POST['email'])) {
$email_error = 'You did not enter your e-mail address';
}
else {
$valid = true;
}
$valid = false;
if (empty($_POST['firstname']) ) {
$firstname_error = 'You did not enter your first name';
}
else if (empty($_POST['lastname'])) {
$lastname_error = 'You did not enter your last name';
}
else if (empty($_POST['company'])) {
$company_error = 'You did not enter your company';
}
else if (empty($_POST['address1'])) {
$address1_error = 'You did not enter your address';
}
else if (empty($_POST['city'])) {
$city_error = 'You did not enter your city';
}
else if (empty($_POST['state'])) {
$state_error = 'You did not enter your state';
}
else if (empty($_POST['email'])) {
$email_error = 'You did not enter your e-mail address';
}
else {
$valid = true;
}
See, alot less code (you'll have to remember to change the variables in the form at the bottom); but even that is a little messy.
However empty() isn't a fantastic check as there is nothing stopping me from simply entering loads of white space.
So what you'll need is something like
CODE
foreach ($_POST as $key => $var) {
$_POST[$key] = trim($var);
}
$_POST[$key] = trim($var);
}
but take a look at array_walk as that would be better.
Also for fields like "state" you want want to ensure that it is from a valid list of states and you might want to use regex to check that the format of the email address is at least valid
QUOTE(Stephen @ Apr 22 2006, 11:38 AM) 
OK well the first section would be much cleaner as
See, alot less code (you'll have to remember to change the variables in the form at the bottom); but even that is a little messy.
CODE
if ($_POST['submit']) {
$valid = false;
if (empty($_POST['firstname']) ) {
$firstname_error = 'You did not enter your first name';
}
else if (empty($_POST['lastname'])) {
$lastname_error = 'You did not enter your last name';
}
else if (empty($_POST['company'])) {
$company_error = 'You did not enter your company';
}
else if (empty($_POST['address1'])) {
$address1_error = 'You did not enter your address';
}
else if (empty($_POST['city'])) {
$city_error = 'You did not enter your city';
}
else if (empty($_POST['state'])) {
$state_error = 'You did not enter your state';
}
else if (empty($_POST['email'])) {
$email_error = 'You did not enter your e-mail address';
}
else {
$valid = true;
}
$valid = false;
if (empty($_POST['firstname']) ) {
$firstname_error = 'You did not enter your first name';
}
else if (empty($_POST['lastname'])) {
$lastname_error = 'You did not enter your last name';
}
else if (empty($_POST['company'])) {
$company_error = 'You did not enter your company';
}
else if (empty($_POST['address1'])) {
$address1_error = 'You did not enter your address';
}
else if (empty($_POST['city'])) {
$city_error = 'You did not enter your city';
}
else if (empty($_POST['state'])) {
$state_error = 'You did not enter your state';
}
else if (empty($_POST['email'])) {
$email_error = 'You did not enter your e-mail address';
}
else {
$valid = true;
}
See, alot less code (you'll have to remember to change the variables in the form at the bottom); but even that is a little messy.
That will only catch one error at a time. Not good
Yeah, use booleans (true, false) rather than integers. Then just do if($valid), rather than if($valid == 1) or if($valid == true).
empty by itself doesn't do much, which is why you can use trim(empty($variable))...of course if you're expecting a certain type of data, you can run regular expressions (or some form of string check) on the data (such as the checkdnsrr() that IAIHMB suggested for emails).
QUOTE(Dagur @ Apr 24 2006, 11:04 AM)
That will only catch one error at a time. Not good
Maybe you should read what I said, i.e. "but even that is a little messy", implying that a lot can be done to improve it. But forcing information about slimlining code is just going to confuse someone when they haven't done much coding before.
QUOTE(malikyte @ Apr 24 2006, 05:22 PM)
empty by itself doesn't do much, which is why you can use trim(empty($variable))...of course if you're expecting a certain type of data, you can run regular expressions
I also said that
QUOTE(Stephen @ Apr 24 2006, 10:30 PM)
Maybe you should read what I said, i.e. "but even that is a little messy", implying that a lot can be done to improve it. But forcing information about slimlining code is just going to confuse someone when they haven't done much coding before.
So rewriting the code to do something different is less confusing? If he can't figure out what a bunch of if statements do then he's in trouble
QUOTE(Stephen @ Apr 24 2006, 03:30 PM)
I also said that
I didn't realize your foreach loop was placed before all the other code as it wasn't explicitly placed (and I only glanced over everything, I didn't put it all together). So, you did and you didn't.
QUOTE(Dagur @ Apr 25 2006, 09:52 AM)
So rewriting the code to do something different is less confusing? If he can't figure out what a bunch of if statements do then he's in trouble
You're right, was on my way home from uni and I suddenly realised what I had done (don't know why that came into my head)
I like to perform some basic validation like this (you can add more fields easily.):
notice the use of trim() to prevent people from adding in spaces.
CODE
$fields = array('firstname' => 'first name', 'lastname' => 'last name', 'city' => 'city');
foreach (array_keys($fields)) as $k => $v)
{
if (empty(trim($_POST[$k])))
{
print("You have not entered your $v");
}
}
foreach (array_keys($fields)) as $k => $v)
{
if (empty(trim($_POST[$k])))
{
print("You have not entered your $v");
}
}
notice the use of trim() to prevent people from adding in spaces.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.