PHP Contact form{+4 rep}

Excellent2 · 13-01-2009, 04:11 PM

Here is function.php:

PHP Code:


function secure($string) {
$string = mysql_real_escape($string);
$string = stripslashes($string);
return $string;
}

PHP Code:


<?php

include 'function.php';

$host = "dbhost";
$dbuser = "dbuser";
$dbpass = "dbpass";
$dbname = "dbname";

$con = mysql_connect("$host","$dbuser","$dbpass")
or die(mysql_error());

mysql_select_db("$dbname",$con)
or die(mysql_error());

if ( isset($_POST['contact'] )) {
    if ( empty($full) || empty($adr1) || empty($adr2) || empty($town) || empty($county) || empty($postcode) || empty($email) || empty($sprod) || empty($squant) ) {
        die('A mandatory field has been left empty.');
    } else {
        $full = secure($_POST['full']);
        $adr1 = secure($_POST['adr2']);
        $adr2 = secure($_POST['adr2']);
        $town = secure($_POST['town']);
        $county = secure($_POST['county']);
        $postcode = secure($_POST['postcode']);
        $telnum = secure($_POST['telnum']);
        $email = secure($_POST['email']);
        $por = secure($_POST['por']);
        $sprod = secure($_POST['sprod']);
        $squant = secure($_POST['squant']);
        $extras = secure($_POST['extras']);
        $remarks = secure($_POST['remarks']);
        
        $insert = mysql_query("INSERT INTO `dbname` (`full`,`adr1`,`adr2`,`town`,`county`,`postcode`,`postcode`,`telnum`,`email`,`por`,`sprod`,`squant`,`extras`,`remarks`) VALUES ('$full','$adr1','$adr2','$town','$county','$postcode','$telnum','$email','$por','$sprod','$squant','$extras','$remarks')")
        or die(mysql_error());
        
        echo "Form sent";
    }
} else {
    echo "PUT FORM HERE";
}

?>

~~Jackboy~~ · 13-01-2009, 05:20 PM

Originally Posted by Excellent2

Here is function.php:

PHP Code:


function secure($string) {
$string = mysql_real_escape($string);
$string = stripslashes($string);
return $string;
}

PHP Code:


<?php

include 'function.php';

$host = "dbhost";
$dbuser = "dbuser";
$dbpass = "dbpass";
$dbname = "dbname";

$con = mysql_connect("$host","$dbuser","$dbpass")
or die(mysql_error());

mysql_select_db("$dbname",$con)
or die(mysql_error());

if ( isset($_POST['contact'] )) {
    if ( empty($full) || empty($adr1) || empty($adr2) || empty($town) || empty($county) || empty($postcode) || empty($email) || empty($sprod) || empty($squant) ) {
        die('A mandatory field has been left empty.');
    } else {
        $full = secure($_POST['full']);
        $adr1 = secure($_POST['adr2']);
        $adr2 = secure($_POST['adr2']);
        $town = secure($_POST['town']);
        $county = secure($_POST['county']);
        $postcode = secure($_POST['postcode']);
        $telnum = secure($_POST['telnum']);
        $email = secure($_POST['email']);
        $por = secure($_POST['por']);
        $sprod = secure($_POST['sprod']);
        $squant = secure($_POST['squant']);
        $extras = secure($_POST['extras']);
        $remarks = secure($_POST['remarks']);
        
        $insert = mysql_query("INSERT INTO `dbname` (`full`,`adr1`,`adr2`,`town`,`county`,`postcode`,`postcode`,`telnum`,`email`,`por`,`sprod`,`squant`,`extras`,`remarks`) VALUES ('$full','$adr1','$adr2','$town','$county','$postcode','$telnum','$email','$por','$sprod','$squant','$extras','$remarks')")
        or die(mysql_error());
        
        echo "Form sent";
    }
} else {
    echo "PUT FORM HERE";
}

?>

How come u stripped slashes after mysql escape string?

Excellent2 · 13-01-2009, 05:26 PM

Originally Posted by Jackboy

How come u stripped slashes after mysql escape string?

Habit

Thai-Man-Land · 13-01-2009, 08:34 PM

TY - but,

I don't get what you've done with the MySQL, it says sprod and squant, but im unsureif this is correct or not...

Excellent2 · 14-01-2009, 12:33 AM

Originally Posted by Thai-Man-Land

TY - but,

I don't get what you've done with the MySQL, it says sprod and squant, but im unsureif this is correct or not...

Sprod and squant are short for Select Product & Select Quantity.

Thai-Man-Land · 14-01-2009, 08:15 PM

I can't get it to work still.

I'm sure I saw somewhere that a form action could be 'self'

Excellent2 · 14-01-2009, 08:21 PM

Originally Posted by Thai-Man-Land

I can't get it to work still.

I'm sure I saw somewhere that a form action could be 'self'

$_SERVER[PHP_SELF]

Thai-Man-Land · 14-01-2009, 08:34 PM

And I just use that in my code somewhere?

~~Jackboy~~ · 14-01-2009, 08:55 PM

Originally Posted by Thai-Man-Land

And I just use that in my code somewhere?

Yeh you wanna use it after <?php really.

Thread: PHP Contact form{+4 rep}

Thread Tools

Posting Permissions