Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialChris Smith
19,737 PointsPHP contact form - email validation
Im currently working through Randy's PHP course and trying to use his methods to code my websites contact form to send me an email once submitted.
Instead of having one php file which handles the html, php processes and 'thank you' message, I've got 3 linked files.
Each step worked until I included the email validation code. Now the email validation message won't pop-up if the user inputs an invalid email address and the 'thank you' message wont run if the user inputs all the required information.
If I remove the email validation codes the remaining code will run as normal.
Im pretty sure my mistake is either in the code below or in my method above.
Can anyone spot my error?
Thanks
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = trim($_POST["name"]);
$email = trim($_POST["email"]);
$message= trim($_POST["message"]);
if ($name == "" OR $email == "" OR $message == "") {
echo "Please make sure you complete each section of the form";
exit;
}
//Email Header Injection Exploit
foreach( $_POST as $value ){
if( stripos($value,'Content-Type:') !== FALSE ){
echo "There was a problem with the information you entered.";
exit;
}
}
//Honey-pot
if ($_POST ["address"] !=""){
echo "There is an error in your form.";
exit;
}
//EMAIL VALIDATION//
require_once("inc/phpmailer/class.phpmailer.php");
$mail = new PHPMailer();
if (!$mail->ValidateAddress($email)) {
echo "You must specify a valid email address.";
exit;
}
//EMAIL VALIDATION END//
$email_body = "";
$email_body = $email_body . "NAME: " . $name . "\n";
$email_body = $email_body . "EMAIL: " .$email . "\n";
$email_body = $email_body . "MESSAGE: " . $message;
// TODO: Send email
header("Location: contact-thanks.php");
exit;
}
?>
2 Answers
James Andrews
7,245 PointsYou need a lowercase V in validateAddress.
Also learn to use exceptions instead of echoing and exiting it's a better practice. requires and includes should go at the top of the php document almost always. It's easier to read.
<?php
require_once("inc/phpmailer/class.phpmailer.php");
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = trim($_POST["name"]);
$email = trim($_POST["email"]);
$message= trim($_POST["message"]);
try {
// Don't use the word OR the operator || is more accepted and more common.
if(!$name || !$email || !$message)
{
throw new Exception("Please make sure you complete each section of the form");
}
//Email Header Injection Exploit
// I don't understand this guess I'll have to look at the track.
foreach($_POST as $value ){
if( stripos($value,'Content-Type:') !== FALSE ){
throw new Exception("There was a problem with the information you entered.");
}
}
//Honey-pot
// if "" or false this will be ignored don't need != "" for this.
if ($_POST["address"]){
throw new Exception("There is an error in your form.");
}
//
$mail = new PHPMailer();
// validateAddress is case sensitive and needs a lowercase "v" on the function name
if (!$mail->validateAddress($email)) {
throw new Exception("You must specify a valid email address.");
}
//EMAIL VALIDATION END//
$email_body = "NAME: " . $name . "\n";
$email_body = $email_body . "EMAIL: " .$email . "\n";
$email_body = $email_body . "MESSAGE: " . $message;
// TODO: Send email
header("Location: contact-thanks.php");
}
catch (Exception $e)
{
echo $e->getMessage();
}
}
Chris Smith
19,737 PointsThanks for all the tips James, Im going to work on these.
Unfortunately the small 'v' didn't fix the problem.
James Andrews
7,245 Pointsedit your php.ini file and set display_errors On
it defaults to off. It should give you a better hint as to what your error is.