///Checking Form Field Integrity within PHP

Checking Form Field Integrity within PHP

Checking form field integrity within PHP

In my first PHP mail article, we looked at how to write a simple PHP mail script, using only a couple lines of code, but we never addressed the issue of required field elements. Incorporating requirements in your form can effectively yield your form tamper proof against mischivous users who send blank e-mails.

Let us say, for the sake of an example, your web site feedback form includes fields like Name, Email, URL and Comments. Since not every web user has a web site, you probably would not want to require the $URL field, but the other three are reasonable possibilities. We can use the same mail() function we did in our first article, but we’ll add a little code before the form is submitted. Here is an example.

Example 1.1


if ((!$Name) || (!$Email) || (!$Comments))

Print "Oops, you forgot to fill in some information. Please use your back
button and try again...don't be bashful.";

} else {

$mailto = "your@address.com";
$msgSubject = "Your subject";
$msgBody = "Variables here, like $Name, $Comments, etc";

mail($mailto, $msgSubject, $msgBody, "From: your@address.com");



Let’s inspect this line by line. The first line tells the browser the following code is PHP, and should be parsed by PHP, which is installed on the web server (notice ?> tells the browser the PHP coding is finished). The second line says if ((!$Name) || (!$Email) || (!$Comments)). In PHP, a dollar sign is placed before all variable names. So, in the case of our Name form field, we refer to it as $Name. In this case, the ! symbol (logical not) is used to test each variable for a blank value (or no value). Our logical OR operator, or ||, means our ‘if’ statement is true if $Name, or $Email or $Comments is left blank. If any or all of those three variables are left blank, we instruct the browser to print our error statement, “Oops, you forgot to fill in some information. Please use your back button and try again…don’t be bashful.”

Notice the actual mail coding is within the else statement and is wrapped by curly braces, { and }. In any programming language, nothing within the else statement is executed unless the initial if statement is false. We are using reverse logic, so it may be a little difficult to understand at first, but the if statement is testing to see if those given variables are blank; if they are not blank, then the if statement is false, and the code within the else statement will be executed. Otherwise, nothing within the else statement will be read and no mail will be sent.

So, let’s pretend a visitor has neglected to provide his or her name on your feedback form (that variable will be blank). When the submit button is pressed, the PHP on your processing page will begin executing. As soon as PHP realizes that the $Name variable is blank, the if statement is rendered true, our error message will print, and no mail will be sent. Since we are using PHP’s OR operator, if any of those given variables are blank, the entire if statement is therefore true, and no code within the else statement will be executed. Be cognizant of semicolons throughout your coding. One missing semicolon will yield the entire script useless until the problem is fixed.

If your user provides information for all required fields, the if statement will be false and PHP will drop down to the else statement and send the mail. You may check any number of variables, but notice the parenthesis and how they are used. When checking more than one variable, each !$variablename should be surrounded by parenthesis, as well as the entire if statement.

2010-05-26T11:20:05+00:00 May 14th, 2005|PHP|0 Comments

About the Author:

Steve have been the main guy behind WebSiteGravy.com since its induction more than 5 years ago. Steve is a recent college graduate and works as a systems engineer. He has over 9 years of Internet experience, including web design, web site maintenance and planning and web site programming, promotion and graphics creation.

Leave A Comment