Server-side Starter Tutorial:The Contact Form - Part 3 of 6

Dealing with the user input

As you will know (or recall from the Tell-a-Friend tutorial), php gets the values of form inputs from a 'posted' form by setting variables equal to $_POST['form_variable_name']. Getting some of the inputs from our HTML form is straightforward enough. The code will be:

$sender= $_POST['visitor_name'];
$sender_mail = $_POST['visitor_email'];
$mail_subject = $_POST['subject'];

Finding out the 'recipient' they chose from the form drop-down is almost as simple:

$recipient = $_POST['whofor'];

But there's a problem here. The form we used had values of 1,2, or 3 for selections made in the recipient drop-down (the actual e-mail addresses were not exposed), so $_POST['whofor'] will just give us the number 1,2, or 3. So we need to 'convert' the selected numerical value to a text string equivalent. And that introduces the subject of simple php arrays. Essentially similar to javascript arrays, the code below would take care of the 'conversion'.

// recipient array
$recipient[1] = "webmaster@yourdomain.tld";
$recipient[2] = "sales@yourdomain.tld";
$recipient[3] = "service@yourdomain.tld";

// determine e-mail address of whomever was chosen in the form
$mail_to = $recipient[$_POST['whofor']];

And still more input

The most important part of the contact form was the actual message your visitor sent. Again it's determined in the script by using the $some_var = $_POST['comments'] syntax. But there are a few things we'll need to do with that information before we're ready to actually construct the entire contact form response.

• Ensure there was some content, otherwise advise the visitor nicely to try again
• Remove any strange html or script tags they might have included (inadvertently or maliciously)
• Get rid of the slashes.

'Get rid of the slashes'??? When php handles strings it does NOT enjoy single and double quotes embedded in the string. php solves that problem by 'escaping' the quotes, so that I'm OK gets changed to I\'m OK. That would look pretty ugly in the e-mail we're planning on having the script send, so add it to the list of things our script needs to accomplish. First we get the comments, then we use the strip_tags function to remove any tags that might be present, and then we use the stripslashes function to remove any of those \ characters added to escape quotes.

$stuff = $_POST['comments'];
// clean up user comments
$stuff = strip_tags($stuff);
$stuff = stripslashes($stuff);

And finally ... the actual contact.php script is coming soon.

«  previous  |  next  »  

Site Links

• Home
• Contact Us
• Terms of Use

Starter Tutorials

• Tell-a-Friend
• Tell-a-Friend +
• The 'Contact Form'
• php Includes
• Simple Themes
• MySQL database 101
• Comments System
• Text file use

Content © 2005-2024 DigitalMidget - all rights reserved