PHP Leaking & Undefined Variables
Question
First time posting. I'm fairly new at this. I have experience with HTML/CSS, but not a lot with JS or PHP. I'm trying to create a contact form for my website, where users will get alerts when fields are left incomplete, and then have their information be sent to my email if everything is correct.
I used a tutorial to get most of the code, but I customized parts of it to fit my needs, and added a few repeatitive stuff.
However, it's not working. Or well I think it's called a PHP leak? I'm getting errors mentioning undefined variables. Anyway, here's the PHP codes, followed by the HTML.
<?php
if (isset($_POST["submit"])) {
$name = $_POST['name'];
$email = $_POST['email'];
$tel = $_POST['tel'];
$company = $_POST['companyl'];
$message = $_POST['message'];
$from = 'name';
$to = 'johndoe@domain.com';
$subject = 'company';
$body ="From: $name\n E-Mail: $email\n Message:\n $message";
// Check if name has been entered
if (!$_POST['name']) {
$errName = 'Please enter your name';
}
// Check if email has been entered and is valid
if (!$_POST['email'] || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errEmail = 'Please provide us with an email address.';
}
//Check if phone number has been entered
if (!$_POST['tel']) {
$errTel = 'Please enter a number we can reach you at.';
}
//Check if Company name has been entered
if (!$_POST['company']) {
$errCompany = 'What is the name of your company?';
}
//Check if message has been entered
if (!$_POST['message']) {
$errMessage = 'Please tell us more about your company and your needs.';
}
//Check if simple anti-bot test is correct
if ($human !== 4) {
$errHuman = 'Incorrect answer! Try again.';
}
// If there are no errors, send the email
if (!$errName && !$errEmail && !$errMessage && !$errTel && !$errCompany && !$errHuman) {
if (mail ($to, $subject, $body, $from)) {
$result='<div class="alert alert-success">We will get in touch with you shortly!</div>';
} else {
$result='<div class="alert alert-danger">Sorry there was an error sending your message. Please try again later.</div>';
}
}
}
?>
HTML:
<form role="form" method="post" action="index.php">
<div class="row">
<div class="col-lg-6 form-group">
<input type="text" class="formbox text-muted" id="name" name="name" placeholder="Name" required value="<?php echo htmlspecialchars($_POST['name']); ?>">
<?php echo "<p class='text-danger'>$errName</p>";?>
</div>
<div class="col-lg-6 form-group">
<input type="tel" class="formbox text-muted" id="tel" name="tel" placeholder="Phone number" required value="<?php echo htmlspecialchars($_POST['tel']); ?>">
<?php echo "<p class='text-danger'>$errTel</p>";?>
</div>
</div>
<div class="row">
<div class="col-lg-6 form-group">
<input type="email" class="formbox text-muted" id="email" name="email" placeholder="Email address" required value="<?php echo htmlspecialchars($_POST['email']); ?>">
<?php echo "<p class='text-danger'>$errEmail</p>";?>
</div>
<div class="col-lg-6 form-group">
<input type="text" class="formbox text-muted" id="company" name="company" placeholder="Name of your company" required value="<?php echo htmlspecialchars($_POST['company']); ?>">
<?php echo "<p class='text-danger'>$errCompany</p>";?>
</div>
</div>
<div class="row">
<div class="col-lg-12 form-group">
<textarea name="message" class="messagebox text-muted" id="message" name="message" placeholder="Tell us about the company you're trying to pitch" required></textarea>
</div>
</div>
<div class="row">
<div class="col-lg-6 pull-left">
<input type="text" class="formbox text-muted" id="human" placeholder="What is is 2+2?" required value="<?php echo htmlspecialchars($_POST['human']); ?>">
<?php echo "<p class='text-danger'>$errHuman</p>";?>
</div>
<div class="col-lg-4 pull-right">
<button id=" submit" type="submit" class="inputsubmit btn btn-block btn-default btn-xl sr-button" value="send">Send Message!</button>
</div>
<div class="col-lg-6 pull-right">
<?php echo $result; ?>
</div>
</div>
</form>
2 answers
solution1
0 2017-02-26 19:05:42
An easy fix: You can set all your $_POST['x'] variables to an empty string if they aren't set (don't exist), which will eliminate the undefined variable errors.
foreach( array( 'name', 'tel', 'email', 'company', 'human' ) as $key ){
if ( !isset( $_POST[ $key ] ) ) $_POST[ $key ] = '';
}
This should be done at the top of your PHP script.
What's happening is you're trying to use the previously entered value ( $_POST['name'] ) in your HTML ( value="<?php ... ?>" ). If the user is visiting the form for the first time, they haven't provided any name, haven't posted any form data, so $_POST['name'] does not exist.
A better fix: don't output the value if it doesn't exist. Change:
<input type="text" class="formbox text-muted" id="name" name="name" placeholder="Name" required value="<?php echo htmlspecialchars($_POST['name']); ?>">
to:
<input type="text" class="formbox text-muted" id="name" name="name" placeholder="Name" required value="<?php if( isset( $_POST['name'] ) ) { echo htmlspecialchars($_POST['name']); } ?>">
Also, it appears you have a typo early on where you use companyl instead of company :
$company = $_POST['companyl'];
UPDATE You replied in your comments you're still getting undefined variables regarding error messages. You should so some similar checks here, to make sure there's an err message to echo :
<?php echo "<p class='text-danger'>$errTel</p>";?>
becomes:
<?php if( isset( $errTel ) ) { echo "<p class='text-danger'>$errTel</p>"; } ?>
(and so on, for all occurrences)
solution2
0 2017-02-26 19:26:20
You should use a small inline php condition on your input value field-
<?php echo ($_POST['anything']) ? $_POST['anything'] : ''?>
The explanation is when you trying to load your page normally the $_POST is missing from the page. So just check inline if the variable exists or not. If exists then use the variable otherwise leave empty value.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.