tags:

views:

231

answers:

4

EDIT:

So my remaining questions are: (1) should I use a 302 or 303 for the header() redirect? I believe 303 is the proper way. (2) Is $_SESSION the best way to pass variables to the ?contact=thankyou page?

My revised code:

if ( isset( $_POST[ 'submit' ] ) )
{
  if ( is_bot() )
  {
    header( "Location: http://www.example.com/contact/?contact=thankyou",
        TRUE, 303 );
    exit;
  }
  elseif ( is_input_error() )
  {
    // show error form stuff...
  }
  else
  {
    contact_send_email();
    header( "Location: http://www.example.com/contact/?contact=thankyou",
        TRUE, 303 );
    exit;
  }
}

ORIGINAL (resolved):

I am just learning about $_POST, $_GET and forms with PHP. I have a Contact Form that started out simple, but has now become a little complicated for my experience.

// curly braces left out for brevity
if ( isset( $_POST[ 'submit' ] ) )
  if ( is_bot() )
    header( "Location: http://www.example.com/contact/?contact=thankyou", 
            TRUE, 303 );
  if ( is_input_error() )
    header( "Location: http://www.example.com/contact/?contact=error", 
            TRUE, 303 );
  else
    contact_send_email()
    header( "Location: http://www.example.com/contact/?contact=thankyou", 
            TRUE, 303 );
  1. Being new at this, I guess I'd like to know if you see any glaring problems?
  2. Does my header() redirect code look complete and valid?
  3. What is the most common and/or recommended way to pass $_POST variables after the header() redirection? Is it with $_SESSION, or is there a better way? I've never used sessions before, so I am a little intimidated by them.

EDIT: By the way, I want to pass the header() redirect with $_GET to avoid the "refresh-resend" very scary and evil warning message.

A: 

1st question. I would suggest to use brackets { } after if, because your conditional blocks look invalid.

2nd question. I don't think you need 303 status code. A typical header('Location: ...'); will do.

As for 3rd question. Two possible solutions are: session or database.

To sum up, I'd do:

if ( isset( $_POST[ 'submit' ] ) )
{
  if ( is_bot() )
  {
    header( "Location: http://www.example.com/contact/?contact=thankyou" );
  }
  elseif ( is_input_error() )
  {
    header( "Location: http://www.example.com/contact/?contact=error" );
  }
  else
  {
    contact_send_email();
    header( "Location: http://www.example.com/contact/?contact=thankyou" );
  }
}
warpech
On the second thought, I don't think you should redirect to an error page in case of "input error". You should rather display the error message on current page.
warpech
Yeah, and add exit(); as Gumbo proposed
warpech
That's good info, and is exactly how I had my form set up originally -- with the error page not using the header() redirect, but the other two scenarios using it.
Jeff
For those interested, the 303 redirect is the proper method after a POST.
Jeff
+1  A: 

Being new at this, I guess I'd like to know if you see any glaring problems?

I don’t know if you intended it, but your code reads translated into a version with curly braces like this:

if (isset($_POST['submit'])) {
    if (is_bot()) {
        header("Location: http://www.example.com/contact/?contact=thankyou", TRUE, 303);
    }
}
if (is_input_error()) {
    header("Location: http://www.example.com/contact/?contact=error", TRUE, 303);
} else {
    contact_send_email();
}
header("Location: http://www.example.com/contact/?contact=thankyou", TRUE, 303);

If the curly braces are missing, the body of a if block is always just the next statement. And I doubt you really want that.

Does my header() redirect code look complete and valid?

I would add an exit after each header to prevent further code of being executed. But the rest looks fine.

Gumbo
Gotchya. I left out the curly braces for brevity.
Jeff
A: 

Remove the 303 from the header function. It is a 302, temporary redirect you want, which the function uses by default if you don't explicitly set one.

A small point, but worth noting; choosing the wrong HTTP redirect status code will upset SEO very slightly.

JonB
I read that the redirect code should be a 303 on this page:http://www.ajaxray.com/blog/2008/01/12/how-to-avoid-postdata-resend-warning/... which is referenced by Wikipedia here:http://en.wikipedia.org/wiki/Post/Redirect/Get
Jeff
To add to my comment above, the commenter (Sam) says:One thing to keep in mind, is that your HTTP status code should also be 303 rather than 302, so that it is standards compliant AND future safe for new browsers that may come out.
Jeff
Just read that stuff and it makes perfect sense. The only thing is whether you are more worried about future proofing you site, or making sure it is useable by older clients (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.4).
JonB
Doing some Googling, I also found this regarding the redirects: http://drupal.org/node/355157
Jeff
Seems the correct answer is to use the 303. http://techblog.blupinnacle.net/2009/07/http-redirects-301-302-and-303.html
Jeff
A: 

I dont see why you want to redirect to those error or thank you pages.

On error: display the form again with the values submitted, highlight the fields with erroneous or missing required fields.

On success: display the thank you html page.

OIS
I want to pass the header() redirect with $_GET to avoid the "refresh-resend" very scary and evil warning message.
Jeff
redirecting to "thank you" pages is a good practice, because it stops user from submitting the form twice by accident
warpech
You can prevent that with a unique form id
OIS