0

I apologise in advanced if there is an answer to this already. I have looked and I simply can't make head nor tail of answers I have looked at so please... be gentle.

I am really new to PHP and not exactly fluent with Javascript. Essentially I am just building a website for my business and what I would like to do is have a lead form on the homepage. The goal being to securely take a client's e-mail address and redirect them to the booking page with their e-mail appended to the url.

ie, the customer enters their email address on the homepage at 

www.hygenius.co

and when they click submit it validates that they've entered a real address and that the field is not blank then takes them to 

www.hygenius.co/book?email=customersemail

However, for the life of me, I can't seem to get anything I have tried to work.

So far my form looks like this;

<form action="lead.php" method="POST">
 <input type="text" name="email" placeholder="Enter a valid E-mail Address">
 <span class="error">* <?php echo $emailErr;?></span>
 <input type="submit" name="submit" value="Submit">  
</form>

My lead.php file looks like this.

<?php
// define variables and set to empty values
$emailErr = "";
$email = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  if (empty($_POST["email"])) {
    $emailErr = "Email is required";
  } else {
    $email = test_input($_POST["email"]);
    // check if e-mail address is well-formed
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
      $emailErr = "Invalid email format"; 
    }
  }

}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

header( 'Location: http://www.hygenius.co/book.html' ) ;
?>

I haven't even manged to get the e-mail validation to work so far, I was trying to follow the W3schools guidance but nothing has worked. It simply allows you to click submit and go straight to the booking page without any validation and no error message appears either. I have no idea how to get to the stage where I can append information to the URL either.

I am sure I am just being incredibly dense here, coding is not my forte at all but any guidance as to what I can do to make this work and where I am going wrong would be incredibly appreciated.

Warm regards,

Jonathan Crow.

Jonathan Crow
  • 1
  • Try ` – delboy1978uk Oct 22 '18 at 15:38
  • Your header call starts a new request, so maybe pass `?error=' . $emailErr` at the end and on your form page check for $_GET['error'] – delboy1978uk Oct 22 '18 at 15:40
  • Please don't use an [all-in-one sanitize function](https://stackoverflow.com/questions/3126072/what-are-the-best-php-input-sanitizing-functions) (with a misleading name). Know what you are trying to prevent and work towards that. Don't just blindly apply functions. – Script47 Oct 22 '18 at 15:40
  • FYI: your book page is a HTML file, you may have missed it. – Script47 Oct 22 '18 at 15:43
  • Don't use `htmlspecialchars` or `stripslashes` on user input. Whatever book recommends doing this is wickedly out of date. – tadman Oct 22 '18 at 16:15
  • I hadn't realised that I used html file, a friend pointed this out to me as well. Thank you for all the feedback. As I was following W3schools advice I wasn't really sure if I needed to sanitize or not. I just don't want to leave my customers or my website vulnerable. – Jonathan Crow Oct 22 '18 at 17:31

1 Answers1

1

I've combined the logic, to must be non-empty and a valid email, to then redirect. Or else display a generic invalid error.

<?php

$emailErr = "";

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
  if (
    !empty($_POST["email"]) &&
    filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)
  )
  {
    header('location: ?email=' . urlencode($_POST["email"]));
    exit;
  } else {
    $emailErr = "Valid email address required."; 
  }
}

?>
<form method="POST">
    <input type="text" name="email" placeholder="joe@example.com">
    <span class="error"><?php echo $emailErr;?></span>
    <input type="submit" name="submit" value="Submit">  
</form>
Progrock
  • 7,373
  • 1
  • 19
  • 25