#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    64
    Rep Power
    2

    Error Checking Being Bypassed


    I'm not sure why, but my email validation error checking isn't working and I don't understand why. The email is sent and none of the errors are set.

    I'm pretty much just checking for certain special characters, number characters depending on the field, and whether or not the input was empty.

    PHP Code:
    /* Gathering data variables*/

        
    $email $_POST['email'];
        
    $name $_POST['name'];
        
    $comments $_POST['comments'];
        
        
    //error checking email
        
    if(!empty($email)){
        if (!
    preg_match("~^[-a-z0-9 @.,']+$~i"$email)|| strlen($email)>7) {
            
    $_SESSION['errors'] = "<li>Your email address contains invalid special characters or is too short.<br> Valid special characters( ,  .  @ ')</li>";
        }
            
        }else{
            
    //sends error if empty
            
    $_SESSION['errors'] = "<li>Please enter your email address</li>";
        }
        
        
    //error checking name
        
    if(!empty($name)){
        if (!
    preg_match("~^[-a-z ]+$~i"$name) || strlen($name)>3) {
            
    $_SESSION['errors'] += "<li>Your name contains special characters or is less than 3 letters long. Letters only</li>";
        }
            
        }else{
            
    //sends error if empty
            
    $_SESSION['errors'] += "<li>Please enter your name.</li>";
        }
        
        
    //error checking user message
        
    if(!empty($comments)){
        if (!
    preg_match("~^[-a-z0-9 @.,':/=?]+$~i"$comments)) {
            
    $_SESSION['errors'] += "<li>Your message contains invalid special characters.<br> Valid special characters( ,  .  @ ' : / = ?)</li>";
        }
            
        }else{
            
    //sends error if empty
            
    $_SESSION['errors'] += "<li>Please enter your message below</li>";
        }
        
        
    //if no errors send email
        
    if(empty($_SESSION['errors'])){
        
    $body = <<<EOD
    Email: $email<br>
    Name: 
    $name<br>
    Comments: 
    $comments
    EOD;

        
        
        
    $headers "From: $email\n";
        
    $headers .= "Content-type:text/html;charset=iso-8859-1" "\r\n";
        
        
        
    $success mail($webMaster$emailSubject$body$headers);
        
        
    $_SESSION['sent'] = 'success';
        }
        
    header'Location: contact-us.php' ); 
    I've tried to submit the form empty and while using invalid characters, but it fires out an email regardless.

    I'm not sure what I missed, but I'd appreciate the help if someone could glance over this quick.
    Last edited by nbasso713; January 31st, 2013 at 01:04 PM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,333
    Rep Power
    594
    Where is your session_start()? However, I don't really understand why you are using session in this case in the first place.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1045
    Hi,

    the concatenation operator in PHP is ".", not "+".

    Comments on this post

    • nbasso713 agrees
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    64
    Rep Power
    2
    Originally Posted by gw1500se
    Where is your session_start()? However, I don't really understand why you are using session in this case in the first place.
    I just gave the necessary partial of the script, and I want to kick the errors back to the user on the contact page if there are any to display.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    64
    Rep Power
    2
    Originally Posted by Jacques1
    Hi,

    the concatenation operator in PHP is ".", not "+".
    I did fix the concatenation typo, and my session file was also misspelled. Thanks.
    Last edited by nbasso713; January 31st, 2013 at 01:32 PM.
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1045
    Have you fixed all four of them? Because I've checked the script, and it did the exact validations you programmed it to do.
  12. #7
  13. Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2004
    Location
    New Springfield, OH
    Posts
    1,214
    Rep Power
    1469
    I agree that there is no need to use a session variable. Also, you shouldn't call the empty() function so many times. Just wrap your entire set of checks inside a single if block.
    Don't like me? Click it.

    Scripting problems? Windows questions? Ask the Windows Guru!

    Stay up to date with all of my latest content. Follow me on Twitter!

    Help us help you! Post your exact error message with these easy tips!
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    64
    Rep Power
    2
    Originally Posted by Nilpo
    I agree that there is no need to use a session variable. Also, you shouldn't call the empty() function so many times. Just wrap your entire set of checks inside a single if block.
    My form is on the contact.php, the action fires and takes care of everything on contact-form.php. What's an alternative method to sessions that would allow me to send the error variables back to contact.php?
  16. #9
  17. Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2004
    Location
    New Springfield, OH
    Posts
    1,214
    Rep Power
    1469
    Originally Posted by nbasso713
    My form is on the contact.php, the action fires and takes care of everything on contact-form.php. What's an alternative method to sessions that would allow me to send the error variables back to contact.php?
    Can you show the part of your code that loads contact.php? Sessions will work for this, but that's a lot of unnecessary overhead if you're just sending a little data to another script. It might be better to POST or GET it but I can't say without seeing how the rest of this is set up.
    Don't like me? Click it.

    Scripting problems? Windows questions? Ask the Windows Guru!

    Stay up to date with all of my latest content. Follow me on Twitter!

    Help us help you! Post your exact error message with these easy tips!

IMN logo majestic logo threadwatch logo seochat tools logo