Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Chris Smith
Chris Smith
19,737 Points
Posted by Chris Smith
Chris Smith
19,737 Points

PHP contact form - email validation

Im currently working through Randy's PHP course and trying to use his methods to code my websites contact form to send me an email once submitted.

Instead of having one php file which handles the html, php processes and 'thank you' message, I've got 3 linked files.

Each step worked until I included the email validation code. Now the email validation message won't pop-up if the user inputs an invalid email address and the 'thank you' message wont run if the user inputs all the required information.

If I remove the email validation codes the remaining code will run as normal.

Im pretty sure my mistake is either in the code below or in my method above.

Can anyone spot my error?

Thanks

<?php

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = trim($_POST["name"]);
    $email = trim($_POST["email"]);
    $message= trim($_POST["message"]);

    if ($name == "" OR $email == "" OR $message == "") {
        echo "Please make sure you complete each section of the form";
        exit;
    }

    //Email Header Injection Exploit

    foreach( $_POST as $value ){
        if( stripos($value,'Content-Type:') !== FALSE ){
            echo "There was a problem with the information you entered.";
            exit;
        }
    }

    //Honey-pot
    if ($_POST ["address"] !=""){
        echo "There is an error in your form.";
        exit;
        }

    //EMAIL VALIDATION//    
    require_once("inc/phpmailer/class.phpmailer.php");
    $mail = new PHPMailer();

    if (!$mail->ValidateAddress($email)) {
        echo "You must specify a valid email address.";
        exit;
    }
       //EMAIL VALIDATION END//

    $email_body = "";
    $email_body = $email_body . "NAME: " . $name . "\n";
    $email_body = $email_body . "EMAIL: " .$email . "\n";
    $email_body = $email_body . "MESSAGE: " . $message;

    // TODO: Send email

    header("Location: contact-thanks.php");
    exit;
}


?>

2 Answers

James Andrews
James Andrews
7,245 Points
James Andrews
James Andrews
7,245 Points

You need a lowercase V in validateAddress.

Also learn to use exceptions instead of echoing and exiting it's a better practice. requires and includes should go at the top of the php document almost always. It's easier to read.

<?php

require_once("inc/phpmailer/class.phpmailer.php");

if ($_SERVER["REQUEST_METHOD"] == "POST") {

    $name = trim($_POST["name"]);
    $email = trim($_POST["email"]);
    $message= trim($_POST["message"]);


    try {

      // Don't use the word OR the operator || is more accepted and more common.
      if(!$name || !$email || !$message)
      {
        throw new Exception("Please make sure you complete each section of the form");

      }

      //Email Header Injection Exploit
      // I don't understand this guess I'll have to look at the track.
      foreach($_POST as $value ){
          if( stripos($value,'Content-Type:') !== FALSE ){
            throw new Exception("There was a problem with the information you entered.");
          }
      }

      //Honey-pot
      // if "" or false this will be ignored don't need != "" for this.
      if ($_POST["address"]){
        throw new Exception("There is an error in your form.");
      }

      //
      $mail = new PHPMailer();
      // validateAddress is case sensitive and needs a lowercase "v" on the function name
      if (!$mail->validateAddress($email)) {
        throw new Exception("You must specify a valid email address.");
      }
      //EMAIL VALIDATION END//

      $email_body = "NAME: " . $name . "\n";
      $email_body = $email_body . "EMAIL: " .$email . "\n";
      $email_body = $email_body . "MESSAGE: " . $message;

      // TODO: Send email

      header("Location: contact-thanks.php");


    }
    catch (Exception $e)
    {
      echo $e->getMessage();
    }
}
Chris Smith
Chris Smith
19,737 Points
Chris Smith
Chris Smith
19,737 Points

Thanks for all the tips James, Im going to work on these.

Unfortunately the small 'v' didn't fix the problem.

James Andrews
James Andrews
7,245 Points

edit your php.ini file and set display_errors On it defaults to off. It should give you a better hint as to what your error is.