当表单验证失败时,selectfield重置

时间:2012-12-03 16:30:22

标签: php forms validation

请帮忙吗?

我是php新手并尝试为简单的联系表单开发验证规则。

如果表单的其他部分无法通过验证,如何停止选择字段重置?

代码如下:

<?php


    $error      = '';
    $title      = '';
    $firstname  = '';
    $surname    = '';
    $email      = '';
    $phone      = '';
    $comments   = '';
    $how        = '';
    $verify     = '';

    if(isset($_POST['contactus'])) {

    $title      = $_POST['title'];
    $firstname  = $_POST['firstname'];
    $surname    = $_POST['surname'];
    $email      = $_POST['email'];
    $phone      = $_POST['phone'];
    $comments   = $_POST['comments'];
    $how        = $_POST['how'];
    $verify     = $_POST['verify'];

    ini_set("sendmail_from", $email_from, "enquiries@blah.com");


    // Errors

    if(trim($title) == '') {
        $error = '<div class="error_message">Please enter your Title.</div>';
    }
    else if(trim($firstname) == '') {
        $error = '<div class="error_message">Please enter your First name.</div>';
    }
    else if(trim($surname) == '') {
        $error = '<div class="error_message">Please enter your Surname.</div>';
    }
    else if(!validEmail($email)){
    $error = '<div class="error_message">Please enter a valid email address.</div>';
    $email = '';
    }
    if($error == '') {

        if(get_magic_quotes_gpc()) {
            $comments = stripslashes($comments);
        }


    $address = "enquiries@blah.com";

    $e_subject = 'Care at Home Enquiry from ' . $title . $surname . '.';

    $e_body = "You have been contacted by $name with regards to an Advantage Nurses general enquiry, contact details and message are as follows.\r\n\n";
    $e_content = "Title: " . $title  .
                 "\r\n\nFirst name:" . $firstname  .
                 "\r\n\nSurname: " . $surname  .  
                 "\r\n\nEmail: " . $email  . 
                 "\r\n\nPhone: " . $phone  . 
                 "\r\n\nEnquiry: " . $comments .
                 "\r\n\nHow Did You Hear About Us: " . $how;

    //$e_reply = "\r\n\nYou can contact $name via email, $email or via phone $phone";

    $msg = $body . $e_content . $e_reply;

    if(mail($address, $e_subject, $msg, "From: $email\r\nReply-To: $email\r\nReturn-Path: $email\r\n"))
    {
        // Email has sent successfully, echo a success page.

         echo "<div id='succsess_page'>";
         echo "<h1>Enquiry Submitted.</h1>";
         echo "<p>Thank you <strong>$title $surname</strong>, your enquiry has been submitted to us.<br /><br /> A member of our Team will contact you within 48 hours.</p>";
         echo "</div>";
     } else echo "Error. Mail not sent";

    }
}

    if(!isset($_POST['contactus']) || $error != '') // Do not edit.
    {

&GT;

3 个答案:

答案 0 :(得分:0)

在表单上,​​您需要检查这些变量的值。例如:

<select name="title" class="selectfield" id="title" value="">
    <option value="">Please Select...</option>
    <option value="Mr" <?php if(isset($title) && $title == 'Mr') echo 'selected'; ?>>Mr</option>
    <option value="Mrs" <?php if(isset($title) && $title == 'Mrs') echo 'selected'; ?>>Mrs</option>
    <option value="Miss" <?php if(isset($title) && $title == 'Miss') echo 'selected'; ?>>Miss</option>
    <option value="Ms" <?php if(isset($title) && $title == 'Ms') echo 'selected'; ?>>Ms</option>
    <option value="Dr" <?php if(isset($title) && $title == 'Dr') echo 'selected'; ?>>Dr</option>
    <option value="Rev" <?php if(isset($title) && $title == 'Rev') echo 'selected'; ?>>Rev</option>
    <option value="Sir" <?php if(isset($title) && $title == 'Sir') echo 'selected'; ?>>Sir</option>
</select>

如果您愿意,也可以使用JQuery选择正确的选项。

答案 1 :(得分:0)

在用于选择选项的html中,尝试以下内容:

<option value="Mr." <? if($title == "Mr.") echo "selected"; ?>>Mr.</option>

如果您的option值为“先生”,则会自动选择$_POST

答案 2 :(得分:0)

如果在数组中定义选项值,那就更优雅了:

$titles = array('Mr', 'Miss', 'Mrs');

在HTML中:

<select name="title" id="title">
    <?php foreach($titles as $title): ?>

    <option value="<?php echo $title; ?>" if(isset($_POST['title']) $_POST['title'] == $title) echo 'selected="selected"';><?php echo $title; ?></option>

    <?php endforeach; ?>
</select>

警告1:您的代码容易受到XSS的攻击,您不应该将原始用户输入打印回页面,通过htmlspecialchars()传递。

警告2:它也容易受到邮件标头注入攻击。您应该验证插入标题中的$email,或者不要将任何用户输入插入标题中。

由于这些原因,我已从问题中删除了您的网站链接。我建议您将页面脱机,直到漏洞得到修复。