Omitting certain $key / $Val from being sent thru form

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Spycat
    New Member
    • Nov 2006
    • 4
    #1

    Omitting certain $key / $Val from being sent thru form

    Hi all and happy holidays!
    I should start off by stating I am NOT a PHP programmer.
    I say that so that in any response to me, you will speak very s-l-o-w-l-y or I won't know what you're talking about ;-)
    I have this form processor script that I basically pieced together from 3 different scripts.
    The script includes a CAPTCHA image verification, which works fine.
    The problem I am having is that when the form is processed, the results e-mailed to me also include the $key and $val for both the verification number ('secure') and the 'Submit' function.
    Here is that section of the HTML:
    [HTML]
    <tr>

    <td>Security Code</td>
    <td><input type="text" name="secure"/>
    </td>
    </tr>
    <tr>
    <td><img src="captcha_im age.php" alt="security image" border="0"/></td>
    <td>
    <input type="submit" name="submit" value="Send"/></td>
    </tr>

    [/HTML]

    Now, is there any way to have all the data entered into the form sent to me except for the "secure" and "submit"?
    Also, it would be nice to have form results sent to me read like:
    Event Description:
    instead of:
    event_descripti on
    but that is not my main concern.

    Anyway, below is the code in question.
    Thanks :)


    [php]
    <?php
    session_start() ;

    //PAGE VARS
    $err = '';
    $Message = '';

    //FORM PROCESSING
    if (isset($_POST['submit'])) {
    // clean and check form inputs including the secure image code
    $name = trim(strip_tags ($_POST['name']));
    $email = trim(strip_tags ($_POST['email']));
    $phone = trim(strip_tags ($_POST['phone']));
    $event_title = trim(strip_tags ($_POST['event_title']));
    $event_date_and _time = trim(strip_tags ($_POST['event_date_and _time']));
    $event_location = trim(strip_tags ($_POST['event_location ']));
    $event_phone_nu mber = trim(strip_tags ($_POST['event_phone_nu mber']));
    $event_price = trim(strip_tags ($_POST['event_price']));
    $event_descript ion = trim(strip_tags ($_POST['event_descript ion']));

    $secure = strtoupper(trim (strip_tags($_P OST['secure'])));
    $match = $_SESSION['captcha']; // the code on the image

    // input error checking
    if ($name=="") {
    $err.= "Please provide your name<br/>";
    }
    if (!$email) {
    $err.= "Please provide your email address<br>";
    }
    if ($email) {
    if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
    $err.= $email. " is not a valid email address.<br/>";
    }
    }
    if ($phone=="") {
    $err.= "Please provide your phone number<br/>";
    }

    if ($event_title== "") {
    $err.= "Please provide the title of the event<br/>";
    }

    if ($event_date_an d_time=="") {
    $err.= "Please provide the date and time of the event<br/>";
    }

    if ($event_locatio n=="") {
    $err.= "Please provide the location of the event<br/>";
    }

    if ($event_phone_n umber=="") {
    $err.= "Please provide a phone number for the venue<br/>";
    }

    if ($event_price== "") {
    $err.= "Please provide the price to attend the event<br/>";
    }

    if ($event_descrip tion=="") {
    $err.= "Please provide a description for the event<br/>";
    }



    if (!$secure) {
    $err.= "No security code entered<br/>";
    }
    if (($secure!=$mat ch) && ($secure!="")) {
    $err.= "Security code mismatch<br/>";
    }

    //if error free
    if ($err=="") {

    //Start Pieced in
    $MailToAddress = "rik408@yahoo.c om";
    $MailSubject = "Club Event Submission";
    $MailFromAddres s = ( isset($email) && $email != '') ? $email : 'noReply@myDoma in.com';
    //end pieced in

    //start pieced in: this may be a major trouble spot, since it is preceeded by another "if" statement
    if (!is_array($HTT P_POST_VARS))
    return;
    reset($HTTP_POS T_VARS);
    while(list($key , $val) = each($HTTP_POST _VARS)) {
    $GLOBALS[$key] = $val;
    $val=stripslash es($val);
    $Message .= "$key = $val\n";
    }


    mail( "$MailToAddress ", "$MailSubje ct", "$Message", "From: $MailFromAddres s");


    header("Locatio n: http://www.metroactive .com/contact/thanks.html");
    //end pieced in
    exit();
    }//end if error free

    }// end if submit

    //PAGE PROCESSING



    ?>
    [/php]


    [html]
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title>Trolls go away</title>
    <style type="text/css">
    body,td {
    font-family:arial, helvetica, sans-serif;
    background:#fff ;
    color:#000;
    font-size:12px;
    }
    input, textarea {
    background:#eee ;
    color:#000;
    font-size:12px;
    border:1px solid #000;
    }
    </style>
    </head>
    <body>
    <?php
    if ($err!="") {
    echo "<strong>Fo rm Error(s)</strong><br/>";
    echo "<font color='#cc3300' >". nl2br($err). "</font><br/>";
    }
    ?>

    <form name="captcha" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
    <table cellpadding="3" cellspacing="2" style="border:1 px dotted #667;">
    <tr>
    <td>Name:</td><td><input type="text" name="name" value="<?php if(isset($_POST['name']))echo $_POST['name'];?>"/></td>
    </tr>
    <tr>
    <td>Email:</td><td><input type="text" name="email" value="<?php if(isset($_POST['email']))echo $_POST['email'];?>"/></td>
    </tr>
    <tr>
    <td>Daytime Phone: </td>
    <td><input type="text" name="phone" value="<?php if(isset($_POST['phone']))echo $_POST['phone'];?>"/></td>
    </tr>
    <tr>
    <td>Club Event Title:</td><td><input type="text" name="event_tit le" value="<?php if(isset($_POST['event_title']))echo $_POST['event_title'];?>"/></td>
    </tr>
    <tr>
    <td>Date and Time:</td><td><input type="text" name="event_dat e_and_time" value="<?php if(isset($_POST['event_date_and _time']))echo $_POST['event_date_and _time'];?>"/></td>
    </tr>
    <tr>
    <td>Location: </td><td><input type="text" name="event_loc ation" value="<?php if(isset($_POST['event_location ']))echo $_POST['event_location '];?>"/></td>
    </tr>
    <tr>
    <td>Venue Phone Number:</td><td><input type="text" name="event_pho ne_number" value="<?php if(isset($_POST['event_phone_nu mber']))echo $_POST['event_phone_nu mber'];?>"/></td>
    </tr>
    <tr>
    <td>Price</td><td><input type="text" name="event_pri ce" value="<?php if(isset($_POST['event_price']))echo $_POST['event_price'];?>"/></td>
    </tr>
    <tr>
    <td valign="top">Ev ent Description:</td>
    <td><textarea rows="5" columns="30" name="event_des cription"><?php if(isset($_POST['event_descript ion']))echo $_POST['event_descript ion'];?></textarea></td>
    </tr>
    <tr>

    <td>Security Code</td>
    <td><input type="text" name="secure"/>
    </td>
    </tr>
    <tr>
    <td><img src="captcha_im age.php" alt="security image" border="0"/></td>
    <td>
    <input type="submit" name="submit" value="Send"/></td>
    </tr>
    </table>
    </form>
    </body>
    </html>
    [/html]
    Tags: None
    • ronverdonk
      Recognized Expert Specialist
      • Jul 2006
      • 4259
      #2
      You can replace the code after text "start pieced in: " with the following code. It (a) excludes entries in the $exclude array (now contains secure and submit) and (b) it replaces any keys you'd like to replace, as described in your post, with the values from array $replace. Have a look and see if it is what you were looking for:
      [php]
      //start pieced in: this may be a major trouble spot, since it is preceeded by another "if" statement

      // this array contains the keys to be replaced by better texts
      $replace = array("send_ema il_to" => "Send Email To",
      "event_descript ion" => "Event Description",
      "whatever else" => "Whatever You want"
      );
      // this array holds the key names to exclude from print/email
      $exclude = array ("secure", "submit");

      if (!is_array($_PO ST))
      return;
      foreach($_POST as $key => $val) {
      // exclude certain key names
      if (!in_array($key , $exclude)) {
      // if $key in translate table, replace
      if (array_key_exis ts($replace, $key))
      $Message .= $replace[$key];
      // key not in table, use $key
      else
      $Message .= $key;
      $val=stripslash es($val);
      $Message .= "= $val\n";

      } // end if (array_key

      } // end IF (!in_array

      } // end FOREACH[/php]
      Ronald :cool:

        Comment

        • Spycat
          New Member
          • Nov 2006
          • 4
          #3
          Hi Ronald,

          Thanks for your fast reply - I appreciate it :)
          I hope you have infinite patience, cuz I think I did something wrong.
          When I load the form I get 9 instances of this:
          Warning: array_key_exist s() [function.array-key-exists]: The second argument should be either an array or an object in /home/chocolat/public_html/test/clubs/test4.php on line 114
          (NOTE: Line 114= "if (array_key_exis ts($replace, $key))")

          And 1 instance of this:
          Warning: Cannot modify header information - headers already sent by (output started at /home/chocolat/public_html/test/clubs/test4.php:114) in /home/chocolat/public_html/test/clubs/test4.php on line 144
          (NOTE: Line 144=" header("Locatio n: http://www.metroactive .com/contact/thanks.html"); ")

          Here's what I put:
          [php]
          <?php
          session_start() ;

          //PAGE VARS
          $err = '';
          $Message = '';

          //FORM PROCESSING
          if (isset($_POST['submit'])) {
          // clean and check form inputs including the secure image code
          $name = trim(strip_tags ($_POST['name']));
          $email = trim(strip_tags ($_POST['email']));
          $phone = trim(strip_tags ($_POST['phone']));
          $event_title = trim(strip_tags ($_POST['event_title']));
          $event_date_and _time = trim(strip_tags ($_POST['event_date_and _time']));
          $event_location = trim(strip_tags ($_POST['event_location ']));
          $event_phone_nu mber = trim(strip_tags ($_POST['event_phone_nu mber']));
          $event_price = trim(strip_tags ($_POST['event_price']));
          $event_descript ion = trim(strip_tags ($_POST['event_descript ion']));

          $secure = strtoupper(trim (strip_tags($_P OST['secure'])));
          $match = $_SESSION['captcha']; // the code on the image

          // input error checking
          if ($name=="") {
          $err.= "Please provide your name<br/>";
          }
          if (!$email) {
          $err.= "Please provide your email address<br>";
          }
          if ($email) {
          if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
          $err.= $email. " is not a valid email address.<br/>";
          }
          }
          if ($phone=="") {
          $err.= "Please provide your phone number<br/>";
          }
          if ($event_title== "") {
          $err.= "Please provide the title of the event<br/>";
          }
          if ($event_date_an d_time=="") {
          $err.= "Please provide the date and time of the event<br/>";
          }
          if ($event_locatio n=="") {
          $err.= "Please provide the location of the event<br/>";
          }
          if ($event_phone_n umber=="") {
          $err.= "Please provide a phone number for the venue<br/>";
          }
          if ($event_price== "") {
          $err.= "Please provide the price to attend the event<br/>";
          }
          if ($event_descrip tion=="") {
          $err.= "Please provide a description for the event<br/>";
          }
          if (!$secure) {
          $err.= "No security code entered<br/>";
          }
          if (($secure!=$mat ch) && ($secure!="")) {
          $err.= "Security code mismatch<br/>";
          }
          //if error free
          if ($err=="") {
          //Start Pieced in

          $MailToAddress = "rik408@yahoo.c om";
          $MailSubject = "Club Event Submission";
          $MailFromAddres s = ( isset($email) && $email != '') ? $email : 'noReply@myDoma in.com';
          //end pieced in

          //start pieced in: this may be a major trouble spot, since it is preceeded by another "if" statement
          // this array contains the keys to be replaced by better texts

          $replace = array ("name" => "Name",
          "email" => "Sender's e-mail",
          "phone" => "Phone Number",
          "event_titl e" => "Event Title",
          "event_date_and _time" => "Event Date & Time",
          "event_location " => "Event Location",
          "event_phone_nu mber" => "Venue Phone Number",
          "event_pric e" => "Price to Attend",
          "event_descript ion" => "Event Description",
          );

          // this array holds the key names to exclude from print/email
          $exclude = array ("secure", "submit");

          if (!is_array($_PO ST))
          return;
          foreach($_POST as $key => $val) {
          // exclude certain key names
          if (!in_array($key , $exclude)) {
          // if $key in translate table, replace
          if (array_key_exis ts($replace, $key))
          $Message .= $replace[$key];
          // key not in table, use $key
          else
          $Message .= $key;
          $val=stripslash es($val);
          $Message .= "= $val\n";
          } // end if (array_key

          } // end IF (!in_array

          } // end FOREACH

          mail( "$MailToAddress ", "$MailSubje ct", "$Message", "From: $MailFromAddres s");

          header("Locatio n: http://www.metroactive .com/contact/thanks.html");
          //end pieced in
          exit();
          }//end if error free

          // end if submit

          //PAGE PROCESSING
          ?>
          [/php]

          See anything glaringly obvious I might have done?

            Comment

            • ronverdonk
              Recognized Expert Specialist
              • Jul 2006
              • 4259
              #4
              The first message is due to my fault, I switched the 2 parms. Statement must be:
              [php] // if $key in translate table, replace
              if (array_key_exis ts($key, $replace))[/php]

              The second one is because you have already outputted something to the screen. To start, take that header("Locatio n: http://www.metroactive .com/contact/thanks.html"); statement out and see first if the message parm replace and the email send works.
              If so, we can look at the header() statement.

              Ronald :cool:

                Comment

                • Spycat
                  New Member
                  • Nov 2006
                  • 4
                  #5
                  PS The form is no longer validating anything :(

                    Comment

                    • Spycat
                      New Member
                      • Nov 2006
                      • 4
                      #6
                      Hi Ron,

                      It sends the results perfectly now both with and without header("Locatio n: included..
                      The problem is, even if no data is entered (regular or verification number) the data is still processed and sent to me.

                        Comment

                        • ronverdonk
                          Recognized Expert Specialist
                          • Jul 2006
                          • 4259
                          #7
                          There are some problems in your code/form:
                          • when an error is found, the code should drop to the form, redisplaying everything that is already keyed in. In your lates code I cannot see that happening. Where is the code going when an error is encountered?
                          • the captcha verification statement yields 'valid' when the text not equal captcha text AND the text not equal empty, so: if I enter nothing the captcha yields VALID.
                          • your form is soon to be the target of (at least) spammers. You have no field cleansing, no content checking and no validity checking.


                          In short: as long as you fill in your form and make no real errors, it will pass fine (except for its vulnerabilty for spammers and hackers!!). But as soon as you deviate you'll run into problems.

                          Ronald :cool:

                            Comment

                            Previous template Next
                            Working...