views:

143

answers:

6

I am trying to code an all in one HTML/PHP contact from with error checking. When I load this file in my browser there is not HTML. I am a newb php programmer so most likely forgot something pretty obvious.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>All In One Feedback Form</title>
</head>

<body>


<?
$form_block = "
<input type=\"hidden\" name=\"op\" value=\"ds\">
<form method=\"post\" action=\"$server[PHP_SELF]\">
<p>Your name<br />
<input name=\"sender_name\" type=\"text\" size=30 value=\"$_POST[sender_name]\" /></p>
<p>Email<br  />
<input name=\"sender_email\" type=\"text\" size=30 value=\"$_POST[sender_email]\"/></p>
<p>Message<br />
<textarea name=\"message\" cols=30 rows=5 value=\"$_POST[message]\"></textarea></p>
<input name=\"submit\" type=\"submit\" value=\"Send This Form\" />

</form>";

if ($_POST[op] != "ds") {
 //they see this form
 echo "$form_block";

} else if ($_POST[op] == "ds") {


 if ($_POST[sender_name] == "") {
  $name_err = "Please enter your name<br>";
  $send = "no";
}

 if ($_POST[sender_email] == "ds") {
  $email_err = "Please enter your email<br>";
  $send = "no";
}

 if ($_POST[message] == "ds") {
  $message_err = "please enter message<br>";
  $send = "no";
}

 if ($send != "no") {
  //its ok to send
  $to = "[email protected]";
  $subject = "All in one web site feed back";
  $mailheaders = "From: website <some email [email protected]> \n";
  $mailheaders .= "Reply-To: $_POST[sender_email]\n";
  $msg = "Email sent from this site www.ccccc.com\n";
  $msg .= "Senders name: $_POST[senders_name]\n";
  $msg .= "Sender's E-Mail: $_POST[sender_email]\n";
  $msg .= "Message: $_POST[message]\n\n";
  mail($to, $subject, $msg, $mailheaders);

  echo "<p>Mail has been sent</p>";
}

else if ($send == "no") {
 echo "$name_err";
 echo "$email_err";
 echo "$message_err";
 echo "$form_block";
}

}

?>

</body>
</html>

FYI I am trying the example from a book named PHP 6 Fast and Easy Wed Development

UPDATE!!!

The code I see via view source is this.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>All In One Feedback Form</title>
</head>

<body>



<input type="hidden" name="op" value="ds">
<form method="post" action="">
<p>Your name<br />
<input name="sender_name" type="text" size=30 value="" /></p>

<p>Email<br  />
<input name="sender_email" type="text" size=30 value=""/></p>
<p>Message<br />
<textarea name="message" cols=30 rows=5 value=""></textarea></p>
<input name="submit" type="submit" value="Send This Form" />

</form></body>
</html>
+3  A: 

Try switching the tags

'<?' to: '<?php'

Your development environnement may not recognize short tags, thus producting an empty page.

When you access the source code of the page, do you see the doctype/html/body tags ?

Rodolphe
Note that this is considered good practice - while it's possible to change your PHP installation to allow the short tags, generally it's best to just use the long format.
El Yobo
Hey thanks for the hlp, I tired adding <?php it didnt change anything, yes I can see the html source code, thanks again!
Jacksta
I just ran your code on my computer : I have some notices about empty indexes, but the form is shown.Which php server do ou use ? Wamp ? easyphp ? 'hand-made' php server ?Try to run a file with just < ?php phpinfo(); ?> to see if your php server is working as intended...
Rodolphe
Hey Rodolphe I am runnign this os a hosts server, the phpinfo() works fine, it brings up all the php info. I can also see the form, the problem is that it wont process the form.
Jacksta
+1  A: 

You can use html with php as follows

<?php if ($_POST[op] != "ds") {  ?>

<input type="hidden" name="op" value="ds">
<form method="post\" action=\"$server[PHP_SELF]\">

/* your html code here */

</form>";

<php } else if ($_POST[op] == "ds") {  ?>...............
Salil
hum... im a little confused. The example in this book I am using only has one open php tag <?php at the beginning of the form and one ?> close at the end of the script.
Jacksta
your html does not need to be in between php tags, in this example the user will also only see the html if op = ds because there was a php if before it. Therefor the 2 php parts <?php if(){ ?>HTML do be displayed if condition is met<?php } else ... ?>
Pmarcoen
wow that is right over my head, its my first week coding! how do I change the code?
Jacksta
instead of : if ($_POST[op] != "ds") { //they see this form echo "$form_block";}else { ... }you can just do :if ($_POST[op] != "ds") {?><form method=\"post\" action=\"$server[PHP_SELF]\">....<?php}else {...}then you can forget about the $form_block which will make things much cleaner :)
Pmarcoen
and indeed, like zaf said, all of your input needs to be between the <form> tags
Pmarcoen
A: 

Your left out some dashes when trying to access some of the $_POST and $_SERVER varibles.

Example: It's $_POST['op'] and not $_POST[op]

also $_SERVER[PHP_SELF] and not $server[PHP_SELF]

( ! ) Notice: Undefined variable: server in /home/vidves/public_html/www01/test.php on line 14
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: sender_name in /home/vidves/public_html/www01/test.php on line 16
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: sender_email in /home/vidves/public_html/www01/test.php on line 18
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: message in /home/vidves/public_html/www01/test.php on line 20
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Use of undefined constant op - assumed 'op' in /home/vidves/public_html/www01/test.php on line 25
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0

( ! ) Notice: Undefined index: op in /home/vidves/public_html/www01/test.php on line 25
Call Stack
#   Time    Memory  Function    Location
1   0.0011  111512  {main}( )   ../test.php:0
PHP_Jedi
-1 Pls specify what are you trying to show up here?
OM The Eternity
Yepp, I Just did ;-)
PHP_Jedi
Thanks PHP_JediI checked my example in the book they have $_POST[op] and not $_POST['op'].I changed $server[PHP_SELF] to $_SERVER[PHP_SELF]Still doesnt work :(
Jacksta
Oki, could you please post in what you see on the screeen, than we can help you more. Do you get an errorcode or message, or is it just a blank page? ... A simple way to test where the code crashes is to uncomment and remove code bit by bit... please fill in with your result.
PHP_Jedi
I updated the question with the code, cheers
Jacksta
Thanks, but now im abit comfused here. Your question states that there is no HTML output from your script, and you have outdated with the output. So, Is your problem solved or what was the problem again?
PHP_Jedi
A: 

Some installations care about file-extensions, is your file called *.html or *.php?

It is not uncommon that *.html is just sent out to the client, while the *.php parsed by the php-engine and then to the client.

Johan
It's in .php formatt I tried changing it to .html and it had a whole lot of code printed on the screen, thanks for the suggestion.
Jacksta
+1  A: 

Found it. Your hidden input field is not inside the form tags and does not get sent when the form is submitted which does not trigger the rest of the PHP code.

So, instead of:

...
<input type=\"hidden\" name=\"op\" value=\"ds\">
<form method=\"post\" action=\"$server[PHP_SELF]\">
...

Swap them round like::

...
<form method=\"post\" action=\"$server[PHP_SELF]\">
<input type=\"hidden\" name=\"op\" value=\"ds\">
...

Very naughty.

zaf
well spotted, the script still doesnt run the error check e.g. no text in name field and return error.
Jacksta
If you just click submit on the blank form don't you get "Please enter your name" ?
zaf
No, did you get that?
Jacksta
Yes. Have you tried flushing your browser cache?
zaf
+1  A: 

As a stylistic tip, you may want to read up on the HEREDOC syntax. You could do your form building and variable assignment without all the escaping:

$form_block = <<<EOL
<input type="hidden" name="op" value="ds">
<form method="post" action="$_SERVER[PHP_SELF]">
<p>Your name<br />
<input name="sender_name" type="text" size=30 value="$_POST[sender_name]" /></p>
<p>Email<br  />
<input name="sender_email" type="text" size=30 value="$_POST[sender_email]"/></p>
<p>Message<br />
<textarea name="message" cols=30 rows=5 value="$_POST[message]"></textarea></p>
<input name="submit" type="submit" value="Send This Form" />
</form>
EOF;

Also be aware that blindly inserting user-provided data into the form as you are (sender_name and sender_email) can lead to trivial cross-site-scripting attacks. Consider what would happen if the user filled out the form and included a double-quote in either field, but caused a form error some other way (e.g: double quote in sender_name, but left sender_email blank). The double-quote gets inserted into the form and prematurely terminates the "value" attribute of the input field.

To mitigate this, pass all values that will be inserted into the form through htmlspecialchars() first, which will escape any special characters.

Marc B
wow I was not aware of that, something else I have learnt!
Jacksta