0

Ok here is a shortened version of the php for my contact form, (the checkboxes are not being sent through correctly)

<?php
 //please fill this in at least!
$myemail = "";
$title = "Feedback Form"; 
if(isset($_POST['submit'])) { //form has been submitted
//set variables with filters
$cont_name = filter_var($_POST['cont_name'], FILTER_SANITIZE_STRING);
$email = filter_var($_POST['cont_email'], FILTER_SANITIZE_STRING);
$phone = filter_var($_POST['cont_phone'], FILTER_SANITIZE_STRING);
$first_time = filter_var($_POST['first_time'], FILTER_SANITIZE_STRING);
$hear_about = filter_var($_POST['hear_about'], FILTER_SANITIZE_STRING);

function valid_email($str){
    return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;} 

    $errors = 0; //by default there are no errors

    $trimcont_name = trim($cont_name);
    if(empty($trimcont_name)){
        //the name field is empty
        $errors = 1; //tips off the error messages below
        $errorcont_name = "The name field is empty"; //this error is displayed next to the label
    }
    if(!valid_email($email)) {
        //email is invalid or empty
        $errors = 1;
        $erroremail = "The email address was not valid";
    }
    $trimphone = trim($phone);
    if(empty($trimphone)){
        //the phone field is empty
        $errors = 1;
        $errorphone = "The phone field is empty";
    }
    $trimfirst_time = trim($first_time);
    if(empty($trimfirst_time)){
        //the first_time field is empty
        $errors = 1;
        $errorfirst_time = "This field is empty";
    }
    $trimhear_about = trim($hear_about);
    if(empty($trimhear_about)){
        //the hear_about field is empty
        $errors = 1;
        $errorhear_about = "This field is empty";
    }
    if($spam != "") {
        //spam was filled in
        $errors = 1;
        $errorspam = "The Spam box was filled in";
    }

    if($errors == 0) {
        $sendto = $myemail;
        $message = <<<DATA
DETAILS

Name: $cont_name 
Email: $email
Phone: $phone

Was this the first time you have been to us?
$first_time
How did you hear about us?
$hear_about

DATA;
        $headers = 'From: ' . $name . '<' . $email . '>';
           if(mail($sendto, $title, $message, $headers)) {
                //this is where it sends, using the php mail function
                $success = true;
                //set all the variables to blank to prevent re-submitting.
                $cont_name = "";
                $email = "";
                $phone = "";
                $hear_about = "";
                $first_time = "";
 } else {
                $success = false;
            }

    } else {
        $success = false;
    }
}

?>

And the area not functioning correctly is

<fieldset>
    <legend>How did you hear about us? <span class="phpformerror"><?php echo $errorhear_about; ?></span></legend>
    <div><input type="checkbox" name="hear_about[]" value="Web" /> Web</div>
    <div><input type="checkbox" name="hear_about[]" value="Newspaper" /> Newspaper</div>
    <div><input type="checkbox" name="hear_about[]" value="Radio" /> Radio</div>
    <div><input type="checkbox" name="hear_about[]" value="Driving" /> Driving Past</div>
    <div><input type="checkbox" name="hear_about[]" value="Referal" /> Referal</div>
    <div><input type="checkbox" name="hear_about[]" value="Other" /> Other</div>
</fieldset>

At the moment it will only come through displaying one of the variables if multiple variables are selected.

Improve this question

2 Answers 2

Reset to default
2

hear_about is an array and filter_var() does not handle arrays correctly. Instead use filter_var_array():

$hear_about = filter_var_array($_POST['hear_about'], FILTER_SANITIZE_STRING);

Remember that $hear_about is an array, and must be treated like one throughout your code (e.g. just using $hear_about won't work, it needs to be $hear_about[0], $hear_about[1], etc).

So for example in your trim line you would need something like:

foreach($hear_about as $key => $value) {
$trimhear_about[$key] = trim($value);
    if(empty($trimhear_about[$key])){
        //the hear_about field is empty
        $errors = 1;
        $errorhear_about[$key] = "This field is empty";
    }
}

This will preserve the benefits of dealing with an array.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You are right, this works for sanitizing the strings contained in the array. But not solve the user's problem because in the rest of the script he use $hear_about as if it's a string.
hey thankyou for the feedback, this works perfectly until say you were to fill in the form and miss the checkboxes completely. At which point i would get 2 errors: Warning: filter_var_array() expects parameter 1 to be array, null given in… , & Warning: Invalid argument supplied for foreach() relating to the code thats been included as you've advised.
you could use is_array to determine if it is an array and react accordingly
0

$_POST['hear_about'] is an array of values. You are handling it as a simple string!

I think you can solve simply replacing the line:

$hear_about = filter_var($_POST['hear_about'], FILTER_SANITIZE_STRING);

With:

$hear_about = filter_var(implode(', ', $_POST['hear_about']), FILTER_SANITIZE_STRING);

The implode function (doc) "transform" an array to a string by concatenating the array values with the given glue. So you can just concatenate selected "How did you hear about us?" options with a comma and then use the resulting string as the other data.

Improve this answer

1 Comment

easier to use 'filter_var_array' which is designed for this exact scenario

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.