BRINGING FORMS TO LIFE Figure 5-6. Quotes within user input need special treatment before form fields can be redisplayed. Passing the content of the $_POST array element to the htmlentities(), however, converts the double quotes in the middle of the string to ". And, as Figure 5-7 shows, the content is no longer truncated. What s cool about this is that the HTML entity " is converted back to double quotes when the form is resubmitted. As a result, there s no need for any further conversion before the email can be sent. Figure 5-7. The problem is solved by passing the value to htmlentities() before it s displayed. By default, htmlentities() leaves single quotes untouched. Since I chose to wrap the value attribute in double quotes, this doesn t matter. To convert single quotes to an HTML entity as well, pass ENT_QUOTES (all uppercase) as a second argument to htmlentities() like this: htmlentities($_POST[’name’], ENT_QUOTES) 2. Amend the email input field in the same way, using $_POST[’email’] instead of $_POST[’name’]. 135
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY PHP Solution 5-4: Creating sticky form fields Continue working with the same file. Alternatively, use contact06.php from the download files. 1. When the page first loads, or the email is successfully sent, you don t want anything to appear in the input fields. But you do want to redisplay the content if a required field is missing. So that s the key: if the $missing variable exists, you want the content of each field to be redisplayed. You can set default text for a text input field by setting the value attribute of the tag, so amend the tag for name like this: /> This PHP code block is quite short, but the line inside the curly braces contains a combination of quotes and periods that are likely to catch you out if you re not careful. The first thing to realize is that there s only one semicolon right at the end so the echo command applies to the whole line. As explained in Chapter 3, a period is called the concatenation operator, which joins strings and variables. So you can break down the rest of the line into three sections, as follows: ‘value=”‘. htmlentities($_POST[’name’]) .’”‘ The first section outputs value=” as text and uses the concatenation operator to join it to the next section, which passes $_POST[’name’] to a function called htmlentities(). I ll explain what the function does in a moment, but the third section uses the concatenation operator again to join the next section, which consists solely of a double quote. So, if $missing has been set, and $_POST[’name’] contains Joe, you ll end up with this inside the tag: This is the type of situation where you need to keep careful track of double and single quotes. The double quotes are part of the string value=”", so each part of the string needs to be enclosed in single quotes. Because the closing double quote stands on its own in the script, it s easy to forget, but it will play havoc with the form when displayed in a browser. So, what s the htmlentities() function for? Again, it s all to do with handling quotes and apostrophes. As the function name suggests, it converts certain characters to their equivalent HTML entity. The one you re concerned with here is the double quote. Let s say Elvis really is still alive and decides to send feedback through the form. If you use $_POST[’name’] on its own, Figure 5-6 shows what happens when a required field is omitted and you don t use htmlentities().
From our experience, we are can tell you that you can find a reliable and cheap webhost service at Java Web Hosting services.

BRINGING FORMS TO LIFE 7. Insert a similar warning for the comments field like this: Comments: Please enter your comments The PHP code is the same except for the value you are looking for in the $missing array. It s the same as the name attribute for the form element. 8. Save contact.php and test the page again, first by entering nothing into any of the fields. The page should look like Figure 5-5. 5 Figure 5-5. By validating user input, you can prevent the email from being sent and display suitable warnings. Then try sending a message with all fields filled in. The page should work as before, and you should receive an email in your inbox. If you have any problems, compare your code with contact05.php. All you need to do to change the required fields is change the names in the $required array and add a suitable alert inside the tag of the appropriate input element inside the form. It s easy to do, because you always use the name attribute of the form input element. Try making the email field required, too. You can see the solution in contact06.php in the download files. Preserving user input when a form is incomplete Imagine you have just spent ten minutes filling in a form. You click the submit button, and back comes the response that a required field is missing. It s infuriating if you have to fill in every field all over again. Since the content of each field is in the $_POST array, it s easy to redisplay it when an error occurs. 133
From our experience, we are can tell you that you can find a reliable and cheap webhost service at Java Web Hosting services.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY 4. Let s turn now to the main body of the page. You need to display a warning if anything is missing. Amend the conditional statement at the top of the page content like this:

Contact us

Please complete the missing item(s) indicated.

Sorry, there was a problem sending your message. Please try later.

Your message has been sent. Thank you for your feedback.

Ut enim ad minim veniam . . .

This simply adds a new condition to the block. It s important to note that I ve placed it as the first condition. The $mailSent variable won t even be set if any required fields have been omitted, so you must test for $missing first. The second and third conditions are impossible if isset($missing) equates to true. 5. To make sure it works so far, save contact.php and load it in a browser. Click Send message without filling in any of the fields. You should see the message about missing items that you added in the previous step. 6. To display a suitable message alongside each missing required field, add a PHP code block to display a warning as a inside the tag like this: Name: Please enter your name Since the $missing array is created only after the form has been submitted, you need to check first with isset() that it exists. If it doesn t exist such as when the page first loads or if the email has been sent successfully the is never displayed. If $missing does exist, the second condition checks if the $missing array contains the value name. If it does, the is displayed as shown in Figure 5-5.
From our experience, we are can tell you that you can find a reliable and cheap webhost service at Java Web Hosting services.

BRINGING FORMS TO LIFE If studying PHP code makes your brain hurt, you don t need to worry about how this works. As long as you create the $expected, $required, and $missing arrays in the previous step, you can just copy and paste the code for use in any form. So what does it do? In simple terms, this foreach loop goes through the $_POST array, strips out any whitespace from user input, and assigns its contents to a variable with the same name (so $_POST[’email’] becomes $email, and so on). If a required field is left blank, its name attribute is added to the $missing array. Why is the $expected array necessary? It s to prevent an attacker from injecting other variables in the $_POST array in an attempt to overwrite your default val- ues. By processing only those variables that you expect, your form is much more secure. Any spurious values are ignored. 3. You want to build the body of the email message and send it only if all required fields have been filled in. Since $missing starts off as an empty array, nothing is added to it if all required fields are completed, so empty($missing) is true. Wrap the rest of the script in the opening PHP code block like this: // go ahead only if all required fields OK if (empty($missing)) { // build the message $message = “Name: $namenn”; $message .= “Email: $emailnn”; $message .= “Comments: $comments”; // limit line length to 70 characters $message = wordwrap($message, 70); // send it $mailSent = mail($to, $subject, $message); if ($mailSent) { // $missing is no longer needed if the email is sent, so unset it unset($missing); } } } This ensures that the mail is sent only if nothing has been added to $missing. However, $missing will be used to control the display in the main body of the page, so you need to get rid of it if the mail is successfully sent. This is done by using unset(), which destroys a variable and any value it contains. 131
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY Making sure required fields aren t blank When required fields are left blank, you don t get the information you need, and the user may never get a reply, particularly if contact details have been omitted. PHP Solution 5-3: Checking required fields Continue using the same files. Alternatively, use contact04.php from the download files. The completed code for this section is in contact05.php. 1. Start by creating two arrays: one listing the name attribute of each field in the form and the other listing all required fields. Also, initialize an empty array to store the names of required fields that have not been completed. For the sake of this demonstration, make the email field optional, so that only the name and comments fields are required. Add the following code just before the section that processes the $_POST variables: $subject = ‘Feedback from Japan Journey site’; // list expected fields $expected = array(’name’, ‘email’, ‘comments’); // set required fields $required = array(’name’, ‘comments’); // create empty array for any missing fields $missing = array(); // process the $_POST variables 2. In PHP Solution 5-2, the $_POST variables were assigned manually to variables that use the same name as the $_POST array key. For example, $_POST[’email’] became $email. With three fields, manual assignment is fine, but it becomes a major chore if you have a dozen or more fields. Let s kill two birds with one stone by checking the required fields and automating the naming of the variables at the same time. Replace the three lines of code beneath the $_POST variables comment as follows: // process the $_POST variables foreach ($_POST as $key => $value) { // assign to temporary variable and strip whitespace if not an array $temp = is_array($value) ? $value : trim($value); // if empty and required, add to $missing array if (empty($temp) && in_array($key, $required)) { array_push($missing, $key); } // otherwise, assign to a variable of the same name as $key elseif (in_array($key, $expected)) { ${$key} = $temp; } } // build the message
Go visit our java server pages services for a reliable, lowcost webhost to satisfy all your needs.

BRINGING FORMS TO LIFE 8. Again, navigate to a different page and return. The failure message disappears when you come back. Revert the code in step 6 to its original state, so that you can send email again. You can check your code against contact04.php in the download files. The form contains only 3 input fields, but even if it had 30, the process is the same: extract the contents of each field from the $_POST array, and combine them into a single string. Once you ve built the message, simply pass the recipient s address, subject, and message to the mail() function. Although this is a good start, the feedback form needs a lot of improvement. There s noth ing to stop users from sending a blank email. You also need to check the validity of input to make sure that your site isn t exploited by a spam relay. The rest of the chapter shows you how to make these improvements, plus how to use other form elements: drop-down menus, radio buttons, and check boxes. Validating user input Most visual editors, like Dreamweaver or GoLive, have features that check whether required fields have been filled in. Dreamweaver performs the checks when the submit button is clicked; GoLive does it when the focus moves to another field. Both rely on JavaScript and perform the checks on the user s computer before the form is submitted to the server. This is called client-side validation. It s useful because it s almost instanta neous and can alert the user to a problem without making an unnecessary round-trip to the server. However, you should never rely on client-side validation alone because it s too easy to sidestep. All a malicious user has to do is turn off JavaScript in the browser, and your checks are rendered useless. So it s important to check user input on the server side with PHP, too. Just because client-side validation with JavaScript can be sidestepped doesn t mean it s not worthwhile doing, as it saves time and bandwidth. However, it s probably not worth performing very detailed checks. Just verifying that each required field has a value may be all you need. 129
Searching for affordable and proven webhost to host and run your servlet applications? Go to Linux Web Hosting services and you will find it.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY Both parts of the conditional statement check the Boolean values of $_POST and $mailSent. Although the $_POST array is always set, it doesn t contain any values unless the form has been submitted. Since PHP treats an empty array as false (see The truth according to PHP in Chapter 3), you can use $_POST on its own to test whether a form has been submitted. So the code in both parts of this conditional statement is ignored when the page first loads. If the form has been submitted, $_POST equates to true, so the next condition is tested. The exclamation mark in front of $mailSent is the negative operator, making it the equivalent of not $mailSent. So, if the email hasn t been sent, both parts of the test are true, and the XHTML containing the error message is displayed. However, if $mailSent is true, the XHTML containing the acknowledgment is displayed instead. 4. Save contact.php and load it into a browser. Type something into each text field, and click Send message. If everything went well, you should see the following message: Not long afterward, you should receive the content of your message as an email. If the email fails to arrive, test contact.php on your remote server. Sometimes email sent from a local test environment is rejected by ISPs, particularly if the SMTP server requires a username and password each time you connect. If that happens, conduct all further tests that involve sending mail on your remote server. 5. The acknowledgment shown in the preceding screenshot is controlled by the if… elseif conditional statement that you entered in step 3. To prove this, use the site menu to go to another page, and return to contact.php. (If you re not using the full site, click inside the browser address bar and press Enter/Return. If you use the browser s Reload button, select the option not to resend the post data.) The acknowledgment should disappear. Your page is becoming truly interactive. 6. The way to test the failure message is to disable the mail() function temporarily. Comment out the mail() function and hard-code a false value for $mailSent like this: // send it $mailSent = false; // mail($to, $subject, $message); 7. Save contact.php and try to send another message. This time you should see the failure message as shown in the following screenshot.
Please visit our professional web hosting services to find out about cheap and reliable webhost service that will surely answer all your demands.

BRINGING FORMS TO LIFE body is complete, it s passed to the wordwrap() function, which takes two argu ments: a string and an integer that sets the maximum length of each line. Although most mail systems will accept longer lines, it s recommended to limit each line to 70 characters. After the message has been built and formatted, the recipient s address, the subject line, and the body of the message are passed to the mail() function. The function returns a Boolean value indicating whether it succeeded in passing the email to the MTA. So, it s useful to capture that value as $mailSent. You can then use $mailSent to redirect the user to another page or change the contents of the current one. 3. For the time being, let s keep everything in the same page, because the rest of the chapter will add further refinements to the basic script. Scroll down and insert the following code just after the page s main heading (new code is highlighted in bold):

Contact us

Sorry, there was a problem sending your message. Please try later.

Your message has been sent. Thank you for your feedback.

Ut enim ad minim veniam . . .

This is a straightforward if… elseif conditional statement, but it may look odd if you re not used to seeing scripts that mix XHTML with PHP logic. What s happen ing can be summarized like this:

Contact us

Ut enim ad minim veniam . . .

As noted before, many developers mistakenly think that you need to use echo or print to display XHTML inside a PHP block. It s more efficient to switch back to XHTML, except for very short pieces of code. Doing so avoids the need to worry about escaping quotes. Just make sure that you balance your opening and clos- ing braces correctly. 127
Check Tomcat Web Hosting services for best quality webspace to host your web application.

PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY 2. Add the code to process and send the email. It goes immediately before the closing PHP tag of the code block above the DOCTYPE declaration. (If your remote server uses magic quotes, this means immediately after the code you entered in step 3 of PHP Solution 5-1.) The new code looks like this: // process the email if (array_key_exists(’send’, $_POST)) { $to = ‘me@example.com’; // use your own email address $subject = ‘Feedback from Japan Journey site’; // process the $_POST variables $name = $_POST[’name’]; $email = $_POST[’email’]; $comments = $_POST[’comments’]; // build the message $message = “Name: $namenn”; $message .= “Email: $emailnn”; $message .= “Comments: $comments”; // limit line length to 70 characters $message = wordwrap($message, 70); // send it $mailSent = mail($to, $subject, $message); } This entire section of code is wrapped in an if statement, which uses the function array_key_exists(). If you refer to Figures 5-3 and 5-4, you ll see that the last element in the $_POST array looks like this: [send] => Send message This is the name attribute of the form s submit button and the label shown on the button. You don t normally need either of these as part of the email message, but passing the name of the submit button and $_POST to array_key_exists() is a foolproof way of checking that a form has been submitted. When the page first loads, there s no way that the submit button can have been clicked, so its name isn t present in the $_POST array. As a result, array_key_exists(’send’, $_POST) equates to false, and everything inside the if statement is ignored. However, as soon as the button is clicked, the page reloads, array_key_exists(’send’, $_POST) equates to true, and the email script is processed. The code that does the processing consists of five stages. The first two lines assign your email address to $to and the subject line of the email to $subject. The next section labeled process the $_POST variables reassigns $_POST[’name’], $_POST[’email’], and $_POST[’comments’] to ordinary variables. This makes them easier to handle when you subject them to security checks or style the email later. Next, you build the body of the email message, which must consist of a single string. By using double quotes, you can embed the variables in the string and use n to insert new line characters (see Table 3-4 in Chapter 3). Once the message
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.