PHP form validation not working, allowing invalid submissions to be sent










0















I have written a script mail.php to handle the validation of form data and to send the form data via email. I have been testing this script by entering known invalid data however the script does not echo the error messages and just sends the data anyway.



Here is the form html:



<form method="post" action="mail.php" class="col-12" id="form-book">
<div class="row">
<div class=" form-group col-12">
<p>Fill out the form below to tell me about your problem. <strong>Any problems to do with technology, all the solutions.</strong> Just tell me what you can, however the more info you give the better.</p>
</div>
<div class="form-group col-6">
<label></label>
<input id="name" name="name" placeholder="Name" type="text" required="required" class="form-control here bottom"> <span class="error"> <?php echo $nameErr; echo $nameErrEmpty;?></span>
</div>
<div class="form-group col-6">
<label></label>
<input id="phone" name="phone" placeholder="Phone#" type="text" required="required" class="form-control here bottom"> <span class="error"> <?php echo $phoneErr; echo$phoneErrEmpty;?></span>
</div>
<div class="form-group col-12">
<label></label>
<input id="email" name="email" placeholder="Email (Optional)" type="text" class="form-control here bottom"> <span class="error"> <?php echo $emailErr; echo $emailErrEmpty;?></span>
</div>
<div class="form-group col-6">
<input data-provide="datepicker" id="date" name="date" placeholder="Pick a date" required="required" class="form-control here bottom"> <span class="error"> <?php echo $dateErr; echo $dateErrEmpty;?></span>
</div>
<div class="form-group col-6">
<input type="text" id="time" name="time" placeholder="Choose the best time" required="required" class="form-control here bottom timepicker"> <span class="error"> <?php echo $timeErr; echo $timeErrEmpty;?></span>
</div>
<div class="form-group col-12">
<label></label>
<textarea id="message" name="message" cols="40" rows="5" class="form-control" required="required" aria-describedby="messageHelpBlock"></textarea> <span class="error"> <?php echo $messageErr; echo $messageErrEmpty;?></span>
<span id="messageHelpBlock" class="form-text text-muted">Tell me a little about whats going on or what you need help with.</span>
</div>
<div class="form-group col-12">
<button name="submit" type="submit" class="btn btn-primary">Send your message</button>
</div>
</div>
<!--row-->
</form>


Here is mail.php:



 <?php
error_reporting(-1);
ini_set('display_errors', 'On');
set_error_handler("var_dump");

date_default_timezone_set("Pacific/Honolulu");

if (isset($_POST['submit']))
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$date = $_POST['date'];
$time = $_POST['time'];
$message = $_POST['message'];
$subject = "Appointment Booked";

$mailTo = "itguy@johnpuaoi.com";

$email = filter_var($email, FILTER_SANITIZE_EMAIL);

function test_input($data)
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;



if (empty($name))
$nameErrEmpty = "Your name is required";
elseif (is_int($name))
$nameErr = "That is not a valid name";
else
$nameTested = test_input($name);


if (empty($phone))
$phoneErrEmpty = "Your phone number is required";
elseif (is_int($name))
$phoneTested = test_input($phone);
else
$phoneErr = "Phone Number needs to be in this format e.x 1234567890";


if (empty($email))
$emailErrEmpty = "Your name is required";
elseif (filter_var($email, FILTER_VALIDATE_EMAIL))
$emailErr = "That is not a valid email";
else
$emailTested = test_input($name);


if (empty($message))
$messageErrEmpty ="You must tell me about your problem";
else
$messageTested = test_input($message);



$dateTested = test_input($date);
$timeTested = test_input($time);

$headers = "From: ".$emailTested;
$txt = "An appointment was booked by ".$nameTested.".nn".$dateTested." @".$timeTested.".nn".$messageTested;

mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");

?>


I have searched stack for similar issues but have found none. I am a total noob to php so any help would be appreciated. Thanks!










share|improve this question
























  • Maybe because you are not echoing anything ? Even if there is an error, you don't have anything that blocks the script.

    – Bryan Loresto
    Nov 13 '18 at 6:17











  • hmm well in mail.php I am not echoing anything but in my html I have put php code next to the <inputs>. So in mail.php if there is an invalid submission, an error variable is created. In the php thats embedded into the html it echos the error variable that was created when the script detected there was an invalid submission.

    – johncodes808
    Nov 13 '18 at 6:24







  • 2





    You will always hit the mail and then header lines of code. There is no part in the validation process that will stop that from happening. You probably need to check whether there's an error before mailing.

    – apokryfos
    Nov 13 '18 at 6:29
















0















I have written a script mail.php to handle the validation of form data and to send the form data via email. I have been testing this script by entering known invalid data however the script does not echo the error messages and just sends the data anyway.



Here is the form html:



<form method="post" action="mail.php" class="col-12" id="form-book">
<div class="row">
<div class=" form-group col-12">
<p>Fill out the form below to tell me about your problem. <strong>Any problems to do with technology, all the solutions.</strong> Just tell me what you can, however the more info you give the better.</p>
</div>
<div class="form-group col-6">
<label></label>
<input id="name" name="name" placeholder="Name" type="text" required="required" class="form-control here bottom"> <span class="error"> <?php echo $nameErr; echo $nameErrEmpty;?></span>
</div>
<div class="form-group col-6">
<label></label>
<input id="phone" name="phone" placeholder="Phone#" type="text" required="required" class="form-control here bottom"> <span class="error"> <?php echo $phoneErr; echo$phoneErrEmpty;?></span>
</div>
<div class="form-group col-12">
<label></label>
<input id="email" name="email" placeholder="Email (Optional)" type="text" class="form-control here bottom"> <span class="error"> <?php echo $emailErr; echo $emailErrEmpty;?></span>
</div>
<div class="form-group col-6">
<input data-provide="datepicker" id="date" name="date" placeholder="Pick a date" required="required" class="form-control here bottom"> <span class="error"> <?php echo $dateErr; echo $dateErrEmpty;?></span>
</div>
<div class="form-group col-6">
<input type="text" id="time" name="time" placeholder="Choose the best time" required="required" class="form-control here bottom timepicker"> <span class="error"> <?php echo $timeErr; echo $timeErrEmpty;?></span>
</div>
<div class="form-group col-12">
<label></label>
<textarea id="message" name="message" cols="40" rows="5" class="form-control" required="required" aria-describedby="messageHelpBlock"></textarea> <span class="error"> <?php echo $messageErr; echo $messageErrEmpty;?></span>
<span id="messageHelpBlock" class="form-text text-muted">Tell me a little about whats going on or what you need help with.</span>
</div>
<div class="form-group col-12">
<button name="submit" type="submit" class="btn btn-primary">Send your message</button>
</div>
</div>
<!--row-->
</form>


Here is mail.php:



 <?php
error_reporting(-1);
ini_set('display_errors', 'On');
set_error_handler("var_dump");

date_default_timezone_set("Pacific/Honolulu");

if (isset($_POST['submit']))
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$date = $_POST['date'];
$time = $_POST['time'];
$message = $_POST['message'];
$subject = "Appointment Booked";

$mailTo = "itguy@johnpuaoi.com";

$email = filter_var($email, FILTER_SANITIZE_EMAIL);

function test_input($data)
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;



if (empty($name))
$nameErrEmpty = "Your name is required";
elseif (is_int($name))
$nameErr = "That is not a valid name";
else
$nameTested = test_input($name);


if (empty($phone))
$phoneErrEmpty = "Your phone number is required";
elseif (is_int($name))
$phoneTested = test_input($phone);
else
$phoneErr = "Phone Number needs to be in this format e.x 1234567890";


if (empty($email))
$emailErrEmpty = "Your name is required";
elseif (filter_var($email, FILTER_VALIDATE_EMAIL))
$emailErr = "That is not a valid email";
else
$emailTested = test_input($name);


if (empty($message))
$messageErrEmpty ="You must tell me about your problem";
else
$messageTested = test_input($message);



$dateTested = test_input($date);
$timeTested = test_input($time);

$headers = "From: ".$emailTested;
$txt = "An appointment was booked by ".$nameTested.".nn".$dateTested." @".$timeTested.".nn".$messageTested;

mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");

?>


I have searched stack for similar issues but have found none. I am a total noob to php so any help would be appreciated. Thanks!










share|improve this question
























  • Maybe because you are not echoing anything ? Even if there is an error, you don't have anything that blocks the script.

    – Bryan Loresto
    Nov 13 '18 at 6:17











  • hmm well in mail.php I am not echoing anything but in my html I have put php code next to the <inputs>. So in mail.php if there is an invalid submission, an error variable is created. In the php thats embedded into the html it echos the error variable that was created when the script detected there was an invalid submission.

    – johncodes808
    Nov 13 '18 at 6:24







  • 2





    You will always hit the mail and then header lines of code. There is no part in the validation process that will stop that from happening. You probably need to check whether there's an error before mailing.

    – apokryfos
    Nov 13 '18 at 6:29














0












0








0








I have written a script mail.php to handle the validation of form data and to send the form data via email. I have been testing this script by entering known invalid data however the script does not echo the error messages and just sends the data anyway.



Here is the form html:



<form method="post" action="mail.php" class="col-12" id="form-book">
<div class="row">
<div class=" form-group col-12">
<p>Fill out the form below to tell me about your problem. <strong>Any problems to do with technology, all the solutions.</strong> Just tell me what you can, however the more info you give the better.</p>
</div>
<div class="form-group col-6">
<label></label>
<input id="name" name="name" placeholder="Name" type="text" required="required" class="form-control here bottom"> <span class="error"> <?php echo $nameErr; echo $nameErrEmpty;?></span>
</div>
<div class="form-group col-6">
<label></label>
<input id="phone" name="phone" placeholder="Phone#" type="text" required="required" class="form-control here bottom"> <span class="error"> <?php echo $phoneErr; echo$phoneErrEmpty;?></span>
</div>
<div class="form-group col-12">
<label></label>
<input id="email" name="email" placeholder="Email (Optional)" type="text" class="form-control here bottom"> <span class="error"> <?php echo $emailErr; echo $emailErrEmpty;?></span>
</div>
<div class="form-group col-6">
<input data-provide="datepicker" id="date" name="date" placeholder="Pick a date" required="required" class="form-control here bottom"> <span class="error"> <?php echo $dateErr; echo $dateErrEmpty;?></span>
</div>
<div class="form-group col-6">
<input type="text" id="time" name="time" placeholder="Choose the best time" required="required" class="form-control here bottom timepicker"> <span class="error"> <?php echo $timeErr; echo $timeErrEmpty;?></span>
</div>
<div class="form-group col-12">
<label></label>
<textarea id="message" name="message" cols="40" rows="5" class="form-control" required="required" aria-describedby="messageHelpBlock"></textarea> <span class="error"> <?php echo $messageErr; echo $messageErrEmpty;?></span>
<span id="messageHelpBlock" class="form-text text-muted">Tell me a little about whats going on or what you need help with.</span>
</div>
<div class="form-group col-12">
<button name="submit" type="submit" class="btn btn-primary">Send your message</button>
</div>
</div>
<!--row-->
</form>


Here is mail.php:



 <?php
error_reporting(-1);
ini_set('display_errors', 'On');
set_error_handler("var_dump");

date_default_timezone_set("Pacific/Honolulu");

if (isset($_POST['submit']))
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$date = $_POST['date'];
$time = $_POST['time'];
$message = $_POST['message'];
$subject = "Appointment Booked";

$mailTo = "itguy@johnpuaoi.com";

$email = filter_var($email, FILTER_SANITIZE_EMAIL);

function test_input($data)
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;



if (empty($name))
$nameErrEmpty = "Your name is required";
elseif (is_int($name))
$nameErr = "That is not a valid name";
else
$nameTested = test_input($name);


if (empty($phone))
$phoneErrEmpty = "Your phone number is required";
elseif (is_int($name))
$phoneTested = test_input($phone);
else
$phoneErr = "Phone Number needs to be in this format e.x 1234567890";


if (empty($email))
$emailErrEmpty = "Your name is required";
elseif (filter_var($email, FILTER_VALIDATE_EMAIL))
$emailErr = "That is not a valid email";
else
$emailTested = test_input($name);


if (empty($message))
$messageErrEmpty ="You must tell me about your problem";
else
$messageTested = test_input($message);



$dateTested = test_input($date);
$timeTested = test_input($time);

$headers = "From: ".$emailTested;
$txt = "An appointment was booked by ".$nameTested.".nn".$dateTested." @".$timeTested.".nn".$messageTested;

mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");

?>


I have searched stack for similar issues but have found none. I am a total noob to php so any help would be appreciated. Thanks!










share|improve this question
















I have written a script mail.php to handle the validation of form data and to send the form data via email. I have been testing this script by entering known invalid data however the script does not echo the error messages and just sends the data anyway.



Here is the form html:



<form method="post" action="mail.php" class="col-12" id="form-book">
<div class="row">
<div class=" form-group col-12">
<p>Fill out the form below to tell me about your problem. <strong>Any problems to do with technology, all the solutions.</strong> Just tell me what you can, however the more info you give the better.</p>
</div>
<div class="form-group col-6">
<label></label>
<input id="name" name="name" placeholder="Name" type="text" required="required" class="form-control here bottom"> <span class="error"> <?php echo $nameErr; echo $nameErrEmpty;?></span>
</div>
<div class="form-group col-6">
<label></label>
<input id="phone" name="phone" placeholder="Phone#" type="text" required="required" class="form-control here bottom"> <span class="error"> <?php echo $phoneErr; echo$phoneErrEmpty;?></span>
</div>
<div class="form-group col-12">
<label></label>
<input id="email" name="email" placeholder="Email (Optional)" type="text" class="form-control here bottom"> <span class="error"> <?php echo $emailErr; echo $emailErrEmpty;?></span>
</div>
<div class="form-group col-6">
<input data-provide="datepicker" id="date" name="date" placeholder="Pick a date" required="required" class="form-control here bottom"> <span class="error"> <?php echo $dateErr; echo $dateErrEmpty;?></span>
</div>
<div class="form-group col-6">
<input type="text" id="time" name="time" placeholder="Choose the best time" required="required" class="form-control here bottom timepicker"> <span class="error"> <?php echo $timeErr; echo $timeErrEmpty;?></span>
</div>
<div class="form-group col-12">
<label></label>
<textarea id="message" name="message" cols="40" rows="5" class="form-control" required="required" aria-describedby="messageHelpBlock"></textarea> <span class="error"> <?php echo $messageErr; echo $messageErrEmpty;?></span>
<span id="messageHelpBlock" class="form-text text-muted">Tell me a little about whats going on or what you need help with.</span>
</div>
<div class="form-group col-12">
<button name="submit" type="submit" class="btn btn-primary">Send your message</button>
</div>
</div>
<!--row-->
</form>


Here is mail.php:



 <?php
error_reporting(-1);
ini_set('display_errors', 'On');
set_error_handler("var_dump");

date_default_timezone_set("Pacific/Honolulu");

if (isset($_POST['submit']))
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$date = $_POST['date'];
$time = $_POST['time'];
$message = $_POST['message'];
$subject = "Appointment Booked";

$mailTo = "itguy@johnpuaoi.com";

$email = filter_var($email, FILTER_SANITIZE_EMAIL);

function test_input($data)
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;



if (empty($name))
$nameErrEmpty = "Your name is required";
elseif (is_int($name))
$nameErr = "That is not a valid name";
else
$nameTested = test_input($name);


if (empty($phone))
$phoneErrEmpty = "Your phone number is required";
elseif (is_int($name))
$phoneTested = test_input($phone);
else
$phoneErr = "Phone Number needs to be in this format e.x 1234567890";


if (empty($email))
$emailErrEmpty = "Your name is required";
elseif (filter_var($email, FILTER_VALIDATE_EMAIL))
$emailErr = "That is not a valid email";
else
$emailTested = test_input($name);


if (empty($message))
$messageErrEmpty ="You must tell me about your problem";
else
$messageTested = test_input($message);



$dateTested = test_input($date);
$timeTested = test_input($time);

$headers = "From: ".$emailTested;
$txt = "An appointment was booked by ".$nameTested.".nn".$dateTested." @".$timeTested.".nn".$messageTested;

mail($mailTo, $subject, $txt, $headers);
header("Location: index.php?mailsend");

?>


I have searched stack for similar issues but have found none. I am a total noob to php so any help would be appreciated. Thanks!







php forms validation






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 13 '18 at 6:26







johncodes808

















asked Nov 13 '18 at 5:53









johncodes808johncodes808

62




62












  • Maybe because you are not echoing anything ? Even if there is an error, you don't have anything that blocks the script.

    – Bryan Loresto
    Nov 13 '18 at 6:17











  • hmm well in mail.php I am not echoing anything but in my html I have put php code next to the <inputs>. So in mail.php if there is an invalid submission, an error variable is created. In the php thats embedded into the html it echos the error variable that was created when the script detected there was an invalid submission.

    – johncodes808
    Nov 13 '18 at 6:24







  • 2





    You will always hit the mail and then header lines of code. There is no part in the validation process that will stop that from happening. You probably need to check whether there's an error before mailing.

    – apokryfos
    Nov 13 '18 at 6:29


















  • Maybe because you are not echoing anything ? Even if there is an error, you don't have anything that blocks the script.

    – Bryan Loresto
    Nov 13 '18 at 6:17











  • hmm well in mail.php I am not echoing anything but in my html I have put php code next to the <inputs>. So in mail.php if there is an invalid submission, an error variable is created. In the php thats embedded into the html it echos the error variable that was created when the script detected there was an invalid submission.

    – johncodes808
    Nov 13 '18 at 6:24







  • 2





    You will always hit the mail and then header lines of code. There is no part in the validation process that will stop that from happening. You probably need to check whether there's an error before mailing.

    – apokryfos
    Nov 13 '18 at 6:29

















Maybe because you are not echoing anything ? Even if there is an error, you don't have anything that blocks the script.

– Bryan Loresto
Nov 13 '18 at 6:17





Maybe because you are not echoing anything ? Even if there is an error, you don't have anything that blocks the script.

– Bryan Loresto
Nov 13 '18 at 6:17













hmm well in mail.php I am not echoing anything but in my html I have put php code next to the <inputs>. So in mail.php if there is an invalid submission, an error variable is created. In the php thats embedded into the html it echos the error variable that was created when the script detected there was an invalid submission.

– johncodes808
Nov 13 '18 at 6:24






hmm well in mail.php I am not echoing anything but in my html I have put php code next to the <inputs>. So in mail.php if there is an invalid submission, an error variable is created. In the php thats embedded into the html it echos the error variable that was created when the script detected there was an invalid submission.

– johncodes808
Nov 13 '18 at 6:24





2




2





You will always hit the mail and then header lines of code. There is no part in the validation process that will stop that from happening. You probably need to check whether there's an error before mailing.

– apokryfos
Nov 13 '18 at 6:29






You will always hit the mail and then header lines of code. There is no part in the validation process that will stop that from happening. You probably need to check whether there's an error before mailing.

– apokryfos
Nov 13 '18 at 6:29













0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53274641%2fphp-form-validation-not-working-allowing-invalid-submissions-to-be-sent%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53274641%2fphp-form-validation-not-working-allowing-invalid-submissions-to-be-sent%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







這個網誌中的熱門文章

How to read a connectionString WITH PROVIDER in .NET Core?

Node.js Script on GitHub Pages or Amazon S3

Museum of Modern and Contemporary Art of Trento and Rovereto