I’m working on a quote request from for our website, and I’m about half way through. I’ve never used php before, So i wanted to post what i have thus far to get feedback on design, usage and efficiency. Any input is appreciated. I only work 2 days a week on this project for a few hours. I have no tested it yet and am not even sure that it work work(as far as it pertains to pulling info out of arrays, and POST functions. Im using a form-to-email format i found crawling the web.
Thanks in advance for looking at it, and for any input, suggestions and/or feedback.
[CODE]
<?php
if(!isset($_POST[‘submit’]))
{
//This page should not be accessed directly. Need to submit the form.
echo “error; you need to submit the form!”;
}
//base customer input
$fname = $_POST[‘firstname’];
$lname = $_POST[‘lastname’];
$visitor_email = $_POST[’email’];
if(!empty($_POST[‘phonenumber’]))
{
$baseinfo[‘phone’] = $_POST[‘phonenumber’];
}else{$baseinfo[‘phone’] = “None Provided”;}
if(!empty($_POST[‘faxnumber’]))
{
$baseinfo[‘fax’] = $_POST[‘faxnumber’];
}else{$baseinfo[‘fax’] = “None Provided”;}
if(!empty($_POST[‘website’]))
{
$baseinfo[‘web’] = $_POST[‘website’];
}else{$baseinfo[‘web’] = “None Provided”;}
if(!empty($_POST[‘company’]))
{
$baseinfo[‘company’] = $_POST[‘company’];
}else{$baseinfo[‘company’] = “None Provided”;}
if(!empty($_POST[‘street’]))
{
$baseinfo[‘street’] = $_POST[‘street’];
}else{$baseinfo[‘street’] = “None Provided”;}
if(!empty($_POST[‘city’]))
{
$baseinfo[‘city’] = $_POST[‘city’];
}else{$baseinfo[‘city’] = “None Provided”;}
if(!empty($_POST[‘state’]))
{
$baseinfo[‘state’] = $_POST[‘state’];
}else{$baseinfo[‘state’] = “None Provided”;}
if(!empty($_POST[‘zipcode’]))
{
$baseinfo[‘zip’] = $_POST[‘zipcode’];
}else{$baseinfo[‘zip’] = “None Provided”;}
if(!empty($_POST[‘description’]))
{
$baseinfo[‘description’] = $_POST[‘description’];
}else{$baseinfo[‘description’] = “None Provided”;}
//Part numbers, if any
if(!empty($_POST[‘partnumber1’]))
{
$part[1] = $_POST[‘partnumber1’];
}else{$part[1] = “0”;}
if(!empty($_POST[‘partnumber2’]))
{
$part[2] = $_POST[‘partnumber2’];
}else{$part[2] = “0”;}
if(!empty($_POST[‘partnumber3’]))
{
$part[3] = $_POST[‘partnumber3’];
}else{$part[3] = “0”;}
if(!empty($_POST[‘partnumber4’]))
{
$part[4] = $_POST[‘partnumber4’];
}else{$part[4] = “0”;}
if(!empty($_POST[‘partnumber5’]))
{
$part[5] = $_POST[‘partnumber5’];
}else{$part[5] = “0”;}
if(!empty($_POST[‘partnumber6’]))
{
$part[6] = $_POST[‘partnumber6’];
}else{$part[6] = “0”;}
if(!empty($_POST[‘partnumber7’]))
{
$part[7] = $_POST[‘partnumber7’];
}else{$part[7] = “0”;}
if(!empty($_POST[‘partnumber8’]))
{
$part[8] = $_POST[‘partnumber8’];
}else{$part[8] = “0”;}
if(!empty($_POST[‘partnumber9’]))
{
$part[9] = $_POST[‘partnumber9’];
}else{$part[9] = “0”;}
if(!empty($_POST[‘partnumber10’]))
{
$part[10] = $_POST[‘partnumber10’];
}else{$part[10] = “0”;}
if(!empty($_POST[‘partnumber11’]))
{
$part[11] = $_POST[‘partnumber11’];
}else{$part[11] = “0”;}
if(!empty($_POST[‘partnumber12’]))
{
$part[12] = $_POST[‘partnumber12’];
}else{$part[12] = “0”;}
//fixture fields
if($_POST[‘machiinetype’] !=”0″)
{$fixturetooling[‘type’] = $_POST[‘machinetype’];
}else{$fixturetooling[‘type’] = “0”;}
if(!empty($_POST[‘othermachine’]))
{$fixturetooling[‘othertype’] = $_POST[‘othermachine’];
}else{$fixturetooling[‘othertype’] = “0”;}
if($_POST[‘nestmaterial’] !=”0″)
{$fixturetooling[‘nest’] = $_POST[‘nestmaterial’];
}else{$fixturetooling[‘nest’] = “0”;}
if($_POST[‘fixtureneeds’] !=”0″)
{$fixturetooling[‘special’] = $_POST[‘fixtureneeds’];
}else{$fixturetooling[‘special’] = “0”;}
if($_POST[‘fixturemovement’] !=”0″)
{$fixturetooling[‘movement’] = $_POST[‘fixturemovement’];
}else{$fixturetooling[‘movement’] = “0”;}
if(!empty($_POST[‘fotherneeds’]))
{$fixturetooling[‘other’] = $_POST[‘fotherneeds’];
}else{$fixturetooling[‘other’] = “0”;}
//Horn Fields
if($_POST[‘hornmaterial’] !=”0″)
{$horntooling[‘material’] = $_POST[‘hornmaterial’];
}else{$horntooling[‘material’] = “0”;}
if($_POST[‘hornfinish’] !=”0″)
{$horntooling[‘finish’] = $_POST[‘hornfinish’];
}else{$horntooling[‘finish’] = “0”;}
if($_POST[‘hornfrequency’] !=”0″)
{$horntooling[‘frequency’] = $_POST[‘hornfrequency’];
}else{$horntooling[‘frequency’] = “0”;}
if($_POST[‘hornshape’] !=”0″)
{$horntooling[‘shape’] = $_POST[‘hornshape’];
}else{$horntooling[”] = “0”;}
if($_POST[‘hornmaterial’] !=”0″)
{$horntooling[‘shape’] = $_POST[‘hornmaterial’];
}else{$horntooling[”] = “0”;}
if($_POST[‘specialneeds’] !=”0″)
{$horntooling[‘special’] = $_POST[‘specialneeds’];
}else{$horntooling[‘special’] = “0”;}
if(!empty($_POST[‘facedim’]))
{
$horntooling[‘facedim’] = $_POST[‘facedim’];
}else{$horntooling[‘facedim’] = “0”;}
if(!empty($_POST[‘basedim’]))
{
$horntooling[‘basedim’] = $_POST[‘basedim’];
}else{$horntooling[‘basedim’] = “0”;}
if(!empty($_POST[‘facediameter’]))
{
$horntooling[‘facediameter’] = $_POST[‘facediameter’];
}else{$horntooling[‘facediameter’] = “0”;}
if(!empty($_POST[‘basediameter’]))
{
$horntooling[‘basediameter’] = $_POST[‘basediameter’];
}else{$horntooling[‘basediameter’] = “0”;}
if(!empty($_POST[‘studsize’]))
{
$horntooling[‘studsize’] = $_POST[‘studsize’];
}else{$horntooling[‘studsize’] = “0”;}
if(!empty($_POST[‘votherneeds’]))
{
$horntooling[‘other’] = $_POST[‘votherneeds’];
}else{$horntooling[‘other’] = “0”;}
/*
single post
$ = $_POST[”];
check if option exists
if($_POST[”] !=””)
{
$ = $_POST[”];
}else{$ = “”;}
check if text exists
if(!empty($_POST[”]))
{
$ = $_POST[”];
}else{$ = “0”;}
*/
//Validate first
if(empty($fname)||empty($visitor_email)||empty($lname))
{
echo “Name and email are mandatory!”;
exit;
}
if(IsInjected($visitor_email))
{
echo “Bad email value!”;
exit;
}
$email_from = ‘[email protected]’;
$email_subject = “Quote Request from $fname $lname”;
//body of email
$email_body = “$fname $lname with $company has requested a quote.rn”;
$email_body .= “rn”;
//Check for description
if($baseinfo[‘description’] !=”None Provided”)
{
$email_body .= “Description of Needs: rnrn”;
$email_body .= “$baseinfo[‘description’]rnrn”;
}
else{
$email_body .= “No description was providedrnrn”;
}
//Check for part numbers
if($part[1] && $part[1] && $part[2] && $part[1] && $part[3] && $part[4] && $part[5] && $part[6] && $part[7] && $part[8] && $part[9] && $part[10] && $part[11] && $part[12] =”0″)
{
$email_body .= “No part numbers where listed.rnrn”;
}
else{
$email_body .= “Part numbers listed:rn”;
switch(!=”0″){
case $part[1]:
$email_body .= “$part[1]rn”;
case $part[2]:
$email_body .= “$part[2]rn”;
case $part[3]:
$email_body .= “$part[3]rn”;
case $part[4]:
$email_body .= “$part[4]rn”;
case $part[5]:
$email_body .= “$part[5]rn”;
case $part[6]:
$email_body .= “$part[6]rn”;
case $part[7]:
$email_body .= “$part[7]rn”;
case $part[8]:
$email_body .= “$part[8]rn”;
case $part[9]:
$email_body .= “$part[9]rn”;
case $part[10]:
$email_body .= “$part[10]rn”;
case $part[11]:
$email_body .= “$part[11]rn”;
case $part[12]:
$email_body .= “$part[12]rn”;
}
}
$email_body .= “rnrn”;
//Provide Fixture Info
$email_body .= “”;
$to = “[email protected]”;//<== update the email address
$headers = “From: $email_from rn”;
$headers .= “Reply-To: $visitor_email rn”;
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header(‘Location: thank-you.html’);
// Function to validate against any email injection attempts
function IsInjected($str)
{
$injections = array(‘(n+)’,
‘(r+)’,
‘(t+)’,
‘(%0A+)’,
‘(%0D+)’,
‘(%08+)’,
‘(%09+)’
);
$inject = join(‘|’, $injections);
$inject = “/$inject/i”;
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
?>
I feel there are way too many if statements, and there has to be a better way, but based on the limited amount of time i have to work on it, i haven’t had time to find a better alternative.