Hey guys, I have created an email form with about 20 fields. I need to make sure that ..

1. they are filled in

2. they have correct info, (phone=int, email has a @)

3. they are free fron sql injection.

I did it the long way for the first two but I know that there is a way to run a loop to check them, I think I can set a variable to " " nad then just check all the fields to that, I cannot get it to work though. Also, I ran across some predefined functions on the W3C website for sanitizing email but they dont want to cooperate.

Any advice would be appreciated

I forgot to add this, I need to be able to attach images to this. Any ideas?

I would create a function to do all of the validations, then pass each variable to the function in turn passing a paramter to indicate the type of validatin to occure (emptuy, email, phone, etc). You also need to plan out in what order the validatins will take place. For example, if the email address is a required field then you wouldn't want to give the user an erro message such as

"Email addres is required. Email address is not valid"

Do you want to show ALL errors that occur or stop on the first? You state this is an email form. But, if you are going to store the information in a DB then you need to do different things for the different outputs. When "writing" the text to the email I'd probably use htmlentities(). When writing to a MySQL database youwill want to use mysql_real_escape_strings().

In another post you also stated that some of this info would be used to save images to a custom folder. IIn that case you would need to replace characters that aren't supported for the file system. I'm sure there's a command for that, but I don't know of it.

But, to be honest, for me to give any real constructive advice I would need to know a little more about how you are using the data. For example a statement such as

"The data will first be used to construct an email. The images will be saved to the server and links to those images will be included in the email. Once the email is sent, the text of the email will be saved to the DB for logging purposes"

Michael J

Ok this is what I am doing,

There are 26 fields, there is no DB.

A user will fill out this form to become a member of the sight. 19 fields are general fields, name, email, location,ect.., there are also seven image fields for images, these images will be used by the owner of the website to construct the users profile page. It is not required to send 7 images, just 2. The other 5 are optional.

When the user submits the form, the first thing that happens is all the fields are checked to make sure they are completed.

After that I want to create a directory which will be named a combo of probably the users email and phonenumber to make it original.

Then, all the info except the images (obviously) will be written to a file and stored in that directory. The the images will have the users email added to the name and they will also be stored in the directory.

I have a lot to check after I actually get this thing to work, like making sure there are no duplicate directories or the pics inside the directory will be different.

Thats where I am starting. I need to make sure that the script sets the chmod to 777 to make sure it is accesible. This is where it gets hairy, people talk about security and using ftp to do the file uploading part.

Does this clear it up any.

Michael I created the form, maybe this will help a little, I will start the script, I am more concerned with a way to create a directory, I can figure the rest out. If you have any ideas on the best route to go that would help.

www.iwebexp.com

I don't know why you wouldn't want to use a database when you are going to be creating user accounts.

To create a folder you would use mkdir(). I didn't know this offhand - I just did a Google search. Take a look at the manual for that command and read through the User Contributed Notes at the bottom. There is a lot of good information there.

For email validation, take a look at my last post in this thread:
http://www.phpfreaks.com/forums/ind...

Michael J

The site is in beta right and there is only a landing page, we want to get a few people signed up the nwe will start the database, right now its just too early, thats what they are saying anyways, the file thing is temporary

Hey Michael, I did the javascript and html, I have not tested it yet but will tommorow. I am working on the php.I am going to post the code below. Basically I took all the text info and wrote it to a file. Then I want to create a directory using phpftp and move that file and the pictures into the directory. I can use the move_file function, but first I will use the isset() function to make sure it is not empty then I will move it. I have got a head of myself. Can you take a look and help me figure out the uploading files part.

here is the php code

<?php
$contactname = trim($_POST['ContactName']);
$businessname = trim($_POST['BusinessName']);
$address = trim($_POST['Address']);
$city = trim($_POST['City']);
$state = trim($_POST['State']);
$zip = trim($_POST['ZipCode']);
$phone = trim($_POST['Phone']);
$fax = trim($_POST['Fax']);
$bus_serv_desc = trim($_POST['Description']);
$serv_categories = trim($_POST['ServiceCategory']);
$serv_specialties = trim($_POST['ServiceSpecialties']);
$state_ad = trim($_POST['StateAdvertising']);
$state_ad2 = trim($_POST['StateAdvertising2']);
$state_ad3 = trim($_POST['StateAdvertising3']);
$business_logo = trim($_POST['File']);
$files1 = trim($_POST['File1']);
$files2 = trim($_POST['File2']);
$files3 = trim($_POST['File3']);
$files4 = trim($_POST['File4']);
$files5 = trim($_POST['File5']);
$files6 = trim($_POST['File6']);
$web_url = trim($_POST['URL']);
$email = trim($_POST['Email']);
$password = trim($_POST['Password']);
$c_password = trim($_POST['ConfirmPassword']);
$autocode= trim($_POST['AutoCode']);
$check= trim($_POST['ChkBox']);

// create directory name
$dir1 = str_replace(,_,$contactname)
$dir2 = str_replace(@,_,$email)
$dir = $dir1._.$dir2;

$profile_info = "profile.txt";
$fh = fopen($profile_info, 'w') or die("can't open file");
$stringData = $contactname"\n";
fwrite($fh, $stringData);
$stringData = $businessname"\n";
fwrite($fh, $stringData);
$stringData = $address"\n";
fwrite($fh, $stringData);
$stringData = $city"\n";
fwrite($fh, $stringData);
$stringData = $state"\n";
fwrite($fh, $stringData);
$stringData = $zip"\n";
fwrite($fh, $stringData);
$stringData = $phone"\n";
fwrite($fh, $stringData);
$stringData = $fax"\n";
fwrite($fh, $stringData);
$stringData = $bus_serv_desc"\n";
fwrite($fh, $stringData);
$stringData = $serv_categories"\n";
fwrite($fh, $stringData);
$stringData = $serv_specialties"\n";
fwrite($fh, $stringData);
$stringData = $state_ad"\n";
fwrite($fh, $stringData);
$stringData = $state_ad2"\n";
fwrite($fh, $stringData);
$stringData = $state_ad3"\n";
fwrite($fh, $stringData);
$stringData = $web_url"\n";
fwrite($fh, $stringData);
$stringData = $email"\n";
fwrite($fh, $stringData);
$stringData = $password"\n";
fwrite($fh, $stringData);
$stringData = $businessname"\n";
fwrite($fh, $stringData);
$stringData = $c_password"\n";
fwrite($fh, $stringData);
$stringData = $autocode"\n";
fwrite($fh, $stringData);
$stringData = $check"\n";
fwrite($fh, $stringData);
fclose($fh);

// set up basic connection
$conn_id = ftp_connect($ftp_server);

// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);

// try to create the directory $dir
if (ftp_mkdir($conn_id, $dir)) {
// make sure the image file is set then move it
if (isset($business_logo)) {
move_uploaded_file ($_FILES[$business_logo] ['tmp_name'],
"../uploads/{$_FILES['uploadFile'] ['name']}")
} else {
echo "There was a problem while creating $dir\n";
}

// close the connection
ftp_close($conn_id);

?>

you can go to iwebexp.com and look at the source, that is the html and javascript i used.

Thanks

I don't understand why you are wanting to use FTP? Are you saving the files to a different server from the server your site is running on? If not, then there are more efficient methods. Just look for a file upload tutorial.

As for your code. I thik all those fwrites is a bit overkill. Just add all the data to a single variable and write to the file once:

$profile_info = "profile.txt";
$fh = fopen($profile_info, 'w') or die("can't open file");
$stringData  = "$contactname\n";
$stringData .= "$businessname\n";
$stringData .= "$address\n";
$stringData .= "$city\n";
//...
$stringData .= "$check\n";
fwrite($fh, $stringData);
fclose($fh);

Also, all of your "$stringData" lines have a typo. Either you need to put a period between the variable and the string with the newline character, or you need to include the varialbe inside the string as I did above.

Michael J

Thats why I was asking your input. I wasnt sure whether to use ftp or not. I dont really understand the other way completely. I will look it up.

good idea with appending the strings together.

IThis site always has good tutorials/explanations on how to do things in PHP that are easily understandable.

Take a look at this:
http://www.tizag.com/phpT/fileuploa...

Michael J

Hi Michael, I have used Tizag before, I use it for all my references, I agree its a good site.

I have this working but I have a couple bugs, one which is a sticking point.

Here is the code then I will explain.

$target_path = "profiles/$dir1/";
if (isset($business_logo)) {
$target_path = $target_path . basename( $_FILES['File']['name']);
$_FILES['File']['tmp_name'];
move_uploaded_file($_FILES['File1']['tmp_name'], $target_path);
}
if (isset($files1)) {
$target_path = $target_path . basename( $_FILES['File1']['name']);
$_FILES['File1']['tmp_name'];
move_uploaded_file($_FILES['File1']['tmp_name'], $target_path);
}
if (isset($files2)) {
$target_path = $target_path . basename( $_FILES['File2']['name']);
$_FILES['File2']['tmp_name'];
move_uploaded_file($_FILES['File2']['tmp_name'], $target_path);
}
if (isset($files3)) {
$target_path = $target_path . basename( $_FILES['File3']['name']);
$_FILES['File3']['tmp_name'];
move_uploaded_file($_FILES['File3']['tmp_name'], $target_path);
}
if (isset($files4)) {
$target_path = $target_path . basename( $_FILES['File4']['name']);
$_FILES['File4']['tmp_name'];
move_uploaded_file($_FILES['File4']['tmp_name'], $target_path);
}
if (isset($files5)) {
$target_path = $target_path . basename( $_FILES['File5']['name']);
$_FILES['File5']['tmp_name'];
move_uploaded_file($_FILES['File5']['tmp_name'], $target_path);
}
if (isset($files6)) {
$target_path = $target_path . basename( $_FILES['File6']['name']);
$_FILES['File6']['tmp_name'];
move_uploaded_file($_FILES['File6']['tmp_name'], $target_path);
}
$fh = fopen("profiles/$dir1/profile.txt", 'w') or die("can't open file");
fwrite($fh, $stringData);
fclose($fh);

What I am running into is the first image is fine but then when it stores the second image it adds it on to the first and adds it, for example if the first image was $first_img.gif nad the second was $second_img.gif and the third was $third_img.gif then in my profile file it would look like

$first_img.gif
$first_img.gif$second_img.gif
$first_img.gif$second_img.gif$third_img.gif

I need to find another way to make sure the variabls are set and then move all them at once, keep in mind it is only required to submit 2 images, not all 7.

Any ideas

Hey Michael, I figured it out, I was adding the new target to each line, sometimes walking away and coming back later helps.

I have the form processing without any problems, but i need to fix two bugs tha are not stopping the form but I no are there.

One, when my txt file gets creates the "\n" is not breaking the lines. so it is coming out in a straight line.

In the html i have a select filed with multiple select turned on, you can choose two selections. The validation works fine and I pass it to the php for to process but I cannot get it to show the values and in the txt file it writes it as aray. How do i use php to break down the array and assign seperate values.

Thanks

For issue #1 try creating your string like this:

$stringData = "$contactname
$businessname
$address
$city
//...
$check";

For issue #2, it is an array so you access the values like any other array.
$_POST['field_name'][0] = the 1st value
$_POST['field_name'][1] = the 2nd value

Michael J