I’m a total newb at PHP, but I’m an OK coder in general and thought an HTML email form that uses a PHP script (in a separate file), would be a good way for me to learn. My hosting company’s mailform soultion is crumby anyway, so I figured this way I’ll end up with my own mailform in the process. π Well thankfully there are a lot of free tutorials around, and with them I was able to do a fair initial job. My site, upon clicking the contact form, will launch a smaller separate HTML window (the site is at [url]www.elfintechnologies.com
But thats fine if all goes well! I’m a little stuck now understanding, philosophically, what to do ifs a validation failure happens. The example I was working from basically just created an error message which ultimately was displayed with a simple ‘echo’. That works, but of course that error text then replaces the form completely. So the best i could do then is apologize that the visitor now has to close the window and start over by clicking the menu CONTACT option back on the main page. NOT user friendly!
Now if this mail form were a pure javascript process, I probably know enough to find a way to display the error message, telling the user what he/she needs to do, by updating “textarea” field somewhere. That would mean I wouldn’t have to leave the original page, and hence the user could correct the form without leaving it. But maybe that’s not so easy now?! To do anything like that, I guess I first better understand what happens when the user clicks my SUBMIT button, and I guess i don’t. Since the php script is accessed by a form “action”, I’m not sure whether I could get the PHP script to return an error message to me.
You’ll all probably have to put yourselves back in the PHP 101 frame of mind to even understand my confusion. But the bottom line is that after the user SUBMITS, I’d like some way of telling them what they did wrong so they can correct it, without obliterating the form. Maybe I didn’t choose such a simple task for a rainy Holiday afternoon!
>> If not, send a blank form and exit.
>> If not, bomb out with a 'hacking attempt or cookies disabled' error.
>> If so, re-send the form with a timeout error and exit.
>> if count($errors) > 0, re-send the form with error messages inserted next to the appropriate fields and exit.
$contactForm = [
'heading' => 'Contact Form',
'action' => 'contact.php',
'sessionId' => 'contactForm',
'fieldsets' => [
'contactInfo' => [
'legend' => 'Contact Information',
'fields' => [
'name' => [
'label' => 'Contact Name',
'type' => 'text',
'required' => true,
'maxLength' => 48
],
'eMail' => [
'label' => 'E-Mail Address:',
'type' => 'email',
'required' => true
],
'phone' => [
'label' => 'Contact Phone',
'type' => 'phone'
],
],
'message' => [
'legend' => 'Contact Message',
'fields' => [
'subject' => [
'label' => 'Subject:',
'type' => 'text',
'maxLength' => 64
],
'message' => [
'label' => 'Message:',
'type' => 'textarea',
'required' => true
]
]
]
]
],
'submitValue' => 'Send Message',
'hiddens' => [
'name' => 'value'
]
];
2 - things placed (stored) in the web-accessible tree are visible to anyone with the right tools that search the web. Things NOT placed in the web tree are not. I store all my sensitive php scripts in a folder above the root web folder so they will not be accessible to those http tools.[/QUOTE]
But based on this discussion it seems that all these tutorials are wrong, because the PHP files are just as visible to spammers as anything lease.[/QUOTE]
So whats a newbie to do? Sure I'd like to master everything, but this "form mail" has been my first occasion to even see a PHP script as a necessary tool.[/quote]
There are TWO modes of thought on that -- the first is what you are doing, the second is to use functions and classes ONLY in your library PHP files, so if you call them directly via HTTP, they don't output anything.
Since the OTHER risk -- readfile and/or include during a code elevation -- will work regardless of where you put the files.
That's actually interpreted language security 101 -- files the user shouldn't be calling directly shouldn't output anything or run any code.[/QUOTE]
0.1.9 β BETA 5.15