PHP Build a Basic PHP Website (2018) Enhancing a Form Setting an Error Message Variable

jinhwa yoo
jinhwa yoo
10,042 Points

explain specifically. plz

from this section, I don't get what this means.... plz explain specifically... It will be great...

if ($_SERVER["REQUEST_METHOD"] == "POST") { $name = trim(filter_input(INPUT_POST,"name",FILTER_SANITIZE_STRING)); -----> why put "trim" and "filter_input"? $email = trim(filter_input(INPUT_POST,"email",FILTER_SANITIZE_EMAIL)); $category = trim(filter_input(INPUT_POST,"category",FILTER_SANITIZE_STRING)); $title = trim(filter_input(INPUT_POST,"title",FILTER_SANITIZE_STRING)); $format = trim(filter_input(INPUT_POST,"format",FILTER_SANITIZE_STRING)); $genre = trim(filter_input(INPUT_POST,"genre",FILTER_SANITIZE_STRING)); $year = trim(filter_input(INPUT_POST,"year",FILTER_SANITIZE_STRING)); $details = trim(filter_input(INPUT_POST,"details",FILTER_SANITIZE_SPECIAL_CHARS));

if ($name == "" || $email == "" || $category == "" || $title = "") {
  $error_message ="Please fill in the required fields: Name, Email and category, title";   ------> how this part related to above???
    exit;
}
if ($_POST["address"] != "") {    ---------> where this "address" is from????
    $error_message = "Bad form input";
    exit;
}

require("inc/phpmailer/class.phpmailer.php");

$mail = new PHPMailer; 

if (!$mail->ValidateAddress($email)) {   
    echo "Invalid Email Address";
    exit;
}
Simon Coates
Simon Coates
28,663 Points

you're mixing your techniques for dealing with errors.

$error_message = "Bad form input";
    exit;

Here (above), you store a message and exit without using it. Storing errors is done when you use the errors later (display them, or store them, or use them as a test, for example if(isset($error_message)) { /* do something /} else { / do something else*/}).

echo "Invalid Email Address";
 exit;

This (above) displays the error and exits immediately.

1 Answer

Simon Coates
Simon Coates
28,663 Points

If Method is Post - using post means that the request came from the form

if ($SERVER["REQUEST_METHOD"] == "POST") { 

Get sanitised variables and then trim any trailing or leading white space (eg " My Name " would become "My Name")

$name = trim(filter_input(INPUT_POST,"name",FILTER_SANITIZE_STRING)); -----> why put "trim" and "filter_input"? $email = trim(filter_input(INPUT_POST,"email",FILTER_SANITIZE_EMAIL)); 
$category = trim(filter_input(INPUT_POST,"category",FILTER_SANITIZE_STRING)); 
$title = trim(filter_input(INPUT_POST,"title",FILTERSANITIZE_STRING)); 
$format = trim(filter_input(INPUT_POST,"format",FILTER_SANITIZE_STRING)); 
$genre = trim(filter_input(INPUT_POST,"genre",FILTER_SANITIZE_STRING)); 
$year = trim(filter_input(INPUT_POST,"year",FILTER_SANITIZE_STRING)); 
$details = trim(filter_input(INPUT_POST,"details",FILTER_SANITIZE_SPECIAL_CHARS));

This bit is probably wrong. It's meant to test that you have all required fields. Problem is that the error message never displays.

if ($name == "" || $email == "" || $category == "" || $title = "") {
  $error_message ="Please fill in the required fields: Name, Email and category, title";   ------> how this part related to above???
    exit;
}

This is testing for the address field. It's an field included to trick bots (should be in the HTML form but does not display to the user due to CSS). A machine would assume you need an address field. The requirement is that you dont submit an address field.

if ($_POST["address"] != "") {    ---------> where this "address" is from????
    $error_message = "Bad form input";
    exit;
}

Get access to PHPMailer, create a mail object, if address is invalid, stop.

require("inc/phpmailer/class.phpmailer.php");

$mail = new PHPMailer; 

if (!$mail->ValidateAddress($email)) {   
    echo "Invalid Email Address";
    exit;
}
jinhwa yoo
jinhwa yoo
10,042 Points

Now I got it.. thanks alot...