开发者

HTML / PHP form

开发者 https://www.devze.com 2022-12-27 12:40 出处:网络
I am trying to code an all in one HTML/PHP contact from with error checking. When I load this file in my browser there is not HTML. I am a newb php programmer so most likely forgot something pretty ob
相关专题:formsphp

I am trying to code an all in one HTML/PHP contact from with error checking. When I load this file in my browser there is not HTML. I am a newb php programmer so most likely forgot something pretty obvious.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transition开发者_Go百科al//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>All In One Feedback Form</title>
</head>

<body>


<?
$form_block = "
<input type=\"hidden\" name=\"op\" value=\"ds\">
<form method=\"post\" action=\"$server[PHP_SELF]\">
<p>Your name<br />
<input name=\"sender_name\" type=\"text\" size=30 value=\"$_POST[sender_name]\" /></p>
<p>Email<br  />
<input name=\"sender_email\" type=\"text\" size=30 value=\"$_POST[sender_email]\"/></p>
<p>Message<br />
<textarea name=\"message\" cols=30 rows=5 value=\"$_POST[message]\"></textarea></p>
<input name=\"submit\" type=\"submit\" value=\"Send This Form\" />

</form>";

if ($_POST[op] != "ds") {
 //they see this form
 echo "$form_block";

} else if ($_POST[op] == "ds") {


 if ($_POST[sender_name] == "") {
  $name_err = "Please enter your name<br>";
  $send = "no";
}

 if ($_POST[sender_email] == "ds") {
  $email_err = "Please enter your email<br>";
  $send = "no";
}

 if ($_POST[message] == "ds") {
  $message_err = "please enter message<br>";
  $send = "no";
}

 if ($send != "no") {
  //its ok to send
  $to = "jack@xxxxxxx.com.au";
  $subject = "All in one web site feed back";
  $mailheaders = "From: website <some email address@hhhh.com> \n";
  $mailheaders .= "Reply-To: $_POST[sender_email]\n";
  $msg = "Email sent from this site www.ccccc.com\n";
  $msg .= "Senders name: $_POST[senders_name]\n";
  $msg .= "Sender's E-Mail: $_POST[sender_email]\n";
  $msg .= "Message: $_POST[message]\n\n";
  mail($to, $subject, $msg, $mailheaders);

  echo "<p>Mail has been sent</p>";
}

else if ($send == "no") {
 echo "$name_err";
 echo "$email_err";
 echo "$message_err";
 echo "$form_block";
}

}

?>

</body>
</html>

FYI I am trying the example from a book named PHP 6 Fast and Easy Wed Development

UPDATE!!!

The code I see via view source is this.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>All In One Feedback Form</title>
</head>

<body>



<input type="hidden" name="op" value="ds">
<form method="post" action="">
<p>Your name<br />
<input name="sender_name" type="text" size=30 value="" /></p>

<p>Email<br  />
<input name="sender_email" type="text" size=30 value=""/></p>
<p>Message<br />
<textarea name="message" cols=30 rows=5 value=""></textarea></p>
<input name="submit" type="submit" value="Send This Form" />

</form></body>
</html>

Try switching the tags 

'<?' to: '<?php'

Your development environnement may not recognize short tags, thus producting an empty page.

When you access the source code of the page, do you see the doctype/html/body tags ?

You can use html with php as follows

<?php if ($_POST[op] != "ds") {  ?>

<input type="hidden" name="op" value="ds">
<form method="post\" action=\"$server[PHP_SELF]\">

/* your html code here */

</form>";

<php } else if ($_POST[op] == "ds") {  ?>...............

Your left out some dashes when trying to access some of the $_POST and $_SERVER varibles.

Example: It's $_POST['op'] and not $_POST[op]

also $_SERVER[PHP_SELF] and not $server[PHP_SELF]

( ! ) Notice: Undefined variable: server in /home/vidves/public_html/www01/test.php on line 14
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: sender_name in /home/vidves/public_html/www01/test.php on line 16
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: sender_email in /home/vidves/public_html/www01/test.php on line 18
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: message in /home/vidves/public_html/www01/test.php on line 20
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Use of undefined constant op - assumed 'op' in /home/vidves/public_html/www01/test.php on line 25
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: op in /home/vidves/public_html/www01/test.php on line 25
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

Found it. Your hidden input field is not inside the form tags and does not get sent when the form is submitted which does not trigger the rest of the PHP code.

So, instead of:

...
<input type=\"hidden\" name=\"op\" value=\"ds\">
<form method=\"post\" action=\"$server[PHP_SELF]\">
...

Swap them round like::

...
<form method=\"post\" action=\"$server[PHP_SELF]\">
<input type=\"hidden\" name=\"op\" value=\"ds\">
...

Very naughty.

As a stylistic tip, you may want to read up on the HEREDOC syntax. You could do your form building and variable assignment without all the escaping:

$form_block = <<<EOL
<input type="hidden" name="op" value="ds">
<form method="post" action="$_SERVER[PHP_SELF]">
<p>Your name<br />
<input name="sender_name" type="text" size=30 value="$_POST[sender_name]" /></p>
<p>Email<br  />
<input name="sender_email" type="text" size=30 value="$_POST[sender_email]"/></p>
<p>Message<br />
<textarea name="message" cols=30 rows=5 value="$_POST[message]"></textarea></p>
<input name="submit" type="submit" value="Send This Form" />
</form>
EOF;

Also be aware that blindly inserting user-provided data into the form as you are (sender_name and sender_email) can lead to trivial cross-site-scripting attacks. Consider what would happen if the user filled out the form and included a double-quote in either field, but caused a form error some other way (e.g: double quote in sender_name, but left sender_email blank). The double-quote gets inserted into the form and prematurely terminates the "value" attribute of the input field.

To mitigate this, pass all values that will be inserted into the form through htmlspecialchars() first, which will escape any special characters.

Some installations care about file-extensions, is your file called *.html or *.php?

It is not uncommon that *.html is just sent out to the client, while the *.php parsed by the php-engine and then to the client.

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

关注公众号

热门标签

图文推荐

Delphi - Custom drawing a message list

Delphi - Custom drawing a message list
C++ header-only include pattern

C++ header-only include pattern
IE7 Margin Collapses Into Padding

IE7 Margin Collapses Into Padding
in CoffeeScript, how can I use a variable as a key in a hash?

in CoffeeScript, how can I use a variable as a key in a hash?
Interactive visualization of a graph in python [closed]

Interactive visualization of a graph in python [closed]
How to customise PHP MYSQL tables?

How to customise PHP MYSQL tables?
High quality, simple random password generator

High quality, simple random password generator
Image Recognition ApI in android

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9