0

Please can someone help me find that why is this form getting submitted on refreshing the page? The validation works fine and also the details are getting submitted on submit. The only problem is this form gets submitted on refreshing the contact page. 

<!doctype html>
<html lang="en-US" xmlns="http://www.w3.org/1999/xhtml" class="csstransforms csstransforms3d csstransitions"><head profile="http://gmpg.org/xfn/11">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<title>Our Site</title>
<link href="media-queries.css" rel="stylesheet" type="text/css">
<link href="style.css" rel="stylesheet" type="text/css" />
<link href="fonts.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="pagewrap"> <!--pagewrap start-->
<!--header start-->
<div id="header">
  <div class="bottom">
  </div><!--bottom end-->
</div> <!--header end-->
<!--content start-->
<div id="content_1">
  <div class="content_1_1">
    <span class="text9">Contact Us</span><br><hr style="width:670px; margin-left:90px">
    <div style="margin-left:90px; margin-right:0px">
      <?php
      $firstname = $lastname = $email = $telephone = $comments = "";
      $error = "";

      if ($_SERVER["REQUEST_METHOD"] == "POST") {

           if (empty($_POST["firstname"])) {
                $error  = "Field required";
           } else {
                $firstname = check($_POST["firstname"]);
                // check if name only contains letters and whitespace
                if (!preg_match("/^[a-zA-Z ]*$/",$firstname)) {
                     $error  = "Field required"; 
                }
           }

           if (empty($_POST["lastname"])) {
                $error  = "Field required";
           } else {
                $lastname = check($_POST["lastname"]);
                // check if name only contains letters and whitespace
                if (!preg_match("/^[a-zA-Z ]*$/",$lastname)) {
                     $error  = "Field required"; 
                }
           }


           if (empty($_POST["email"])) {
                $error = "Field required";
           } else {
                $email = check($_POST["email"]);
                if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                     $error  = "Field required"; 
                }
           }

           if (empty($_POST["telephone"])) {
                $error  = "Field required";
           } else {
                $telephone = check($_POST["telephone"]);
                if (!preg_match("/^[0-9\_]{7,20}/",$telephone)) {
                     $error  = "Field required"; }
           }



           if (empty($_POST["comments"])) {
                $errors  = "Field required";
           } else {
                $comments = check($_POST["comments"]);
                if (!preg_match("/^[a-zA-Z ]*$/",$comments)) {
                     $error  = "Field required"; 
                }
           }
      }



      function check($data) {
           $data = trim($data);
           $data = stripslashes($data);
           $data = htmlspecialchars($data);
           return $data;
      }




      if (empty($error)) { 
           $from = "From: Our Site!"; //Site name
           // Change this to your email address you want to form sent to
           $to = "info@oursite.com"; 
           $subject = "Website Form " . $name . "";

           $message = "Message from " . $firstname . " " . $lastname . " 
           Email: " . $email ."
           Phone: " . $telephone . " 
           Comments: " . $comments ."";
           mail($to,$subject,$message,$from);
      }
      ?>
      <form name="contactform" method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"  >
        <table width="450px">
          <tr>
            <td valign="top">
              <label for="firstname">First Name *</label>
            </td>
            <td valign="top">
              <input  type="text" name="firstname" maxlength="50" size="30">
              <span class="error" style="color:#C00;"><?php echo $error ;?></span>
            </td>
          </tr>
          <tr>
            <td valign="top">
              <label for="lastname"> Last Name *</label>
            </td>
            <td valign="top">
              <input  type="text" name="lastname" maxlength="50" size="30">
              <span class="error" style="color:#C00;"><?php echo $error ;?></span>
            </td>
          </tr>
          <tr>
            <td valign="top">
              <label for="email">Email Address *</label>
            </td>
            <td valign="top">
              <input  type="email" name="email" maxlength="80" size="30">
              <span class="error" style="color:#C00;"><?php echo $error ;?></span>
            </td>
          </tr>
          <tr>
            <td valign="top">
              <label for="telephone">Telephone Number</label>
            </td>
            <td valign="top">
              <input  type="number"  name="telephone" maxlength="30" size="30">
              <span class="error" style="color:#C00;"><?php echo $error ;?></span>
            </td>
          </tr>
          <tr>
            <td valign="top">
              <label for="comments">Comments *</label>
            </td>
            <td valign="top">
              <textarea  name="comments" maxlength="1000" cols="25" rows="6"></textarea>
              <span class="error" style="color:#C00;"><?php echo $error ;?></span>
            </td>
          </tr>
          <tr>
            <td colspan="2" style="text-align:center">
              <input type="submit" value="submit" name="submit">
            </td>
          </tr>
        </table>
      </form>
      <br>
    </div>
    </div>  <!--content_1_1 end-->
  </div><!--content end-->
  <!--footer start-->
  <div id="footer">
    </div><!--footer end-->
    </div><!--pagewrap end-->
  </body>
</html>
hkulekci
  • 1,894
  • 15
  • 27
user3355627
  • 1
  • 2
  • The simplest way would be to add a redirect if the form submits successfully that redirects back to the same page. Then if the user refreshes the page there will be no POST data in the request. – 0x6C77 Sep 15 '14 at 11:17
  • But even when if I open the page for the first time it gets mailed automatically. – user3355627 Sep 15 '14 at 11:32

2 Answers2

1

Wrap your entire PHP inside the following conditional statement, since you already have a named submit button.

<?php
if(isset($_POST['submit'])){
$firstname = $lastname = $email = $telephone = $comments = "";

...

  mail($to,$subject,$message,$from);
  }

} // brace for if(isset($_POST['submit']))

?>

However, you could split your HTML form and PHP into two seperate files, while using that same conditional statement and redirect to another page afterwards.

To learn how to redirect, see the following Q&A on Stack:

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • The form is not getting submitted. Getting this erorr: Fatal error: Call to undefined function check() in /home/curesvot/public_html/curesight-contact.php – user3355627 Sep 15 '14 at 11:37
  • @user3355627 Then try setting the conditional statement just above `if ($_SERVER["REQUEST_METHOD"] == "POST")` – Funk Forty Niner Sep 15 '14 at 11:38
  • @user3355627 For the life of me, I tried to fix your entire code but couldn't get it to work. Have a look at this answer http://stackoverflow.com/a/10219610/ and base yourself on that. That is one of the Q&A's I found (Googling) on Stack related to the function you're using. I can't debug your code. Use my answer in conjunction with that, using the submit button's name and conditional statement. Not sure if you got your original code from http://www.w3schools.com/php/php_form_required.asp but it resembles it. – Funk Forty Niner Sep 15 '14 at 12:24
  • @user3355627 You will also need to use proper mail headers, for instance the `From:` which is lacking in your present code (it's just a name). For more information on mail headers, visit the PHP.net website http://php.net/manual/en/function.mail.php – Funk Forty Niner Sep 15 '14 at 12:27
0

You use:

if (empty($error)) {

mail();

}

On a refresh $error is probably empty, and thus the form is mailed.

KIKO Software
  • 15,283
  • 3
  • 18
  • 33
  • Put the whole thing inside the `if ($_SERVER["REQUEST_METHOD"] == "POST") { ... }` block, so you can only mail when something has been posted. – KIKO Software Sep 15 '14 at 12:01