How to make competent validation on forms? Empty letters constantly come!?

S

Sizoider2016-08-16 17:15:53

PHP

Sizoider, 2016-08-16 17:15:53

Hi all!
Guys tell me how to make the correct validation on the forms.
no matter what I do, empty letters still come
here is the code that I use at the moment
thanks in advance

<form method="post" action="submit.php" data-abide id="cont-form">
  <div data-abide-error class="alert callout" style="display: none;">
    <p><i class="fi-alert"></i> There are some errors in your form.</p></div>
      <input form="cont-form" type="text" name="yourname" placeholder="Your Name" required>
      <input form="cont-form" type="email" name="email" placeholder="Your Email Address" required>
        <span class="form-error">Your Email Address Is Invalid</span>
        <input form="cont-form" type="text" name="phone" placeholder="Your Phone Number" required >
        <span class="form-error">Please Enter A Valid Phone Number</span>
        <input form="cont-form" type="text" name="hear" placeholder="How Did You Hear About Us?" required>
        <textarea form="cont-form" placeholder="Your Message" type="text" name="message" required></textarea>
                                           			        
<label>What's 13+14 = </label><input form="cont-form" name="answer" type="text" />
              
        <button  type="submit" name="submit" value="submit message" class="button" data-text="submit message"><span>submit message</span></button>
        <div class="clear"></div>
      </form>

$answer = 27;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     if ($answer != $_POST['answer'] ) {
    $hasError = true;
    }else{
     $content = '';
if($_POST["yourname"]){
$yourname = $_POST["yourname"];
}

if($_POST["email"]){
   $email=$_POST["email"];  
}

if($_POST["phone"]){
   $phone=$_POST["phone"];   
}

if(!empty($_POST["type"])){
    $type=$_POST["type"];
}
if($_POST["hear"]){
   $hear=$_POST["hear"];
}
if($_POST["message"]){
   $message=$_POST["message"];
    }
}
$content = "Name : " . $yourname . "<br>";
$content .= "Email : " . $email . "<br>";
$content .= "Phone : " . $phone . "<br>";
$content .= "Message : ". $message ."<br>";
$content .= "How Did You Hear? : ". $hear ."<br>";

if($hasError != true){
mail($sendToEmail,$subject,$content,$senderEmailId);
header("Location:thankyou.php");
  exit();
 }
else
 { 
 ?>
 <script language="javascript">
  alert("Sorry,An Error Occurred.Please Try After Some Time");
  window.history.back(); 
 </script>
 <?php
 }

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2016-08-16
@slo_nik

What does error_reporting(E_ALL); show?

I

Ilya, 2016-08-16
@glebovgin

1. "13+14" is an undercaptcha, bots easily enter 27 in the answer field and your script will skip the data without asking. That is, you will receive an email, but there will be no values in it. Use normal captcha.
2. I would recommend rewriting the data processing logic from the form: required on the client for inputs, of course, it’s good, but you also need to check the data from the server side, a la

$error = FALSE;
// ... какая-то логика
if(isset($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE) {
   $email = $_POST["email"];
} else 
   $error = 'emailError'; // или текст ошибки или просто TRUE, если нет нужды уточнять
// ... другая логика

if($error === FALSE)
{
   mail($sendToEmail, $subject, $content, $senderEmailId);
   header("Location: thankyou.php");
}
// ... снова логика

This is a very simplified version.