|
 |
| |
รบกวนแนะนำ เรื่อง form ใน program มีเงื่อนไขคือ ให้ตรวจสอบ form มี captcha และ เก็บข้อมูลลง DB |
| |
 |
|
|
 |
 |
|
เนื่องจาก form มี 3 file
1) form.php
2) config-form.php config และ ส่ง email
3) customer.php บันทึกลง Database
- ใน form.php
<form method="post" class="cForm" action="{$where_included}#cform">
กำหนด ให้ ตรวจสอบในช่อง #cform และส่งเก็บข้อมูลใน DB โดยกำหนดใน $where_included
- $where_included อยู่ใน file config-form.php กำหนดให้บันทึกข้อมูล หลังตรวจสอบค่าในช่อง(บรรทัดที่ 261)
ปัญหาคือ ถ้า "ไม่กำหนด" $where_included การตรวจสอบ form จะไม่มีปัญหา แต่จะไม่มีการบันทึกข้อมูลลงใน DB
แต่ถ้ากำหนด $where_included ="customer.php"; แล้ว form จะไม่มีการตรวจสอบใดๆ ให้ แต่ระบบจะทำการบันทึกข้อมูลให้
ไม่ทราบว่า ควรแก้ไขจุดไหนดีค่ะ
หรือควรจะแก้ไข จุดไหน เพื่อใน form ทำงาน 3 อย่าง คือ 1) ตรวจสอบค่าในช่อง 2) บันทึกข้อมูลลงใน DB และ 3) ส่ง email
หรือ พอมีตัวอย่าง program ที่สามารถทำงานได้ทั้ง 3 อย่าง ข้างต้น ไม๊คะ
ขอบพระคุณค่ะ
Code (PHP)
// 1) form.php
<?php
if (session_id() == '') session_start();
include_once "contact-config.php";
$error_message = '';
?>
<!--START Form 00000000000000000000000000000000000 -->
<!--START Contact Code **************************** 2/2-->
<table align="center" width="95%"70% border="0">
<tr><td class="title">Contact</span>
<hr color="#FF6600" width="100%" align="left"></td></tr>
<tr><td align="left">
<?
if (!isset($_POST['submit'])) {
showForm();
} else { //form submitted
$error = 0;
if(!empty($_POST['name'])) {
$name[2] = clean_var($_POST['name']);
}
else {
$error = 1;
$name[3] = 'color:#FF0000;';
}
if(!empty($_POST['email'])) {
$email[2] = clean_var($_POST['email']);
if (!validEmail($email[2])) {
$error = 1;
$email[3] = 'color:#FF0000;';
$email[4] = '<strong><span style="color:#FF0000;">Invalid email</span></strong>';
}
}
else {
$error = 1;
$email[3] = 'color:#FF0000;';
}
if(!empty($_POST['subject'])) {
$subject[2] = clean_var($_POST['subject']);
if (function_exists('htmlspecialchars')) $subject[2] = htmlspecialchars($subject[2], ENT_QUOTES);
}
else {
$error = 1;
$subject[3] = 'color:#FF0000;';
}
if(!empty($_POST['message'])) {
$message[2] = clean_var($_POST['message']);
if (function_exists('htmlspecialchars')) $message[2] = htmlspecialchars($message[2], ENT_QUOTES);
}
else {
$error = 1;
$message[3] = 'color:#FF0000;';
}
if(empty($_POST['captcha_code'])) {
$error = 1;
$code[3] = 'color:#FF0000;';
} else {
include_once "contact-securimage.php";
$securimage = new Securimage();
$valid = $securimage->check($_POST['captcha_code']);
if(!$valid) {
$error = 1;
$code[3] = 'color:#FF0000;';
$code[4] = '<strong><span style="color:#FF0000;">Incorrect code</span></strong>';
}
}
if ($error == 1) {
$error_message = '<span style="font-weight:bold;font-size:90%;">Please correct/enter field(s) in red.</span>';
showForm();
} else {
if (function_exists('htmlspecialchars_decode')) $subject[2] = htmlspecialchars_decode($subject[2], ENT_QUOTES);
if (function_exists('htmlspecialchars_decode')) $message[2] = htmlspecialchars_decode($message[2], ENT_QUOTES);
$body = "$name[0]: $name[2]\r\n\r\n";
$body .= "$email[0]: $email[2]\r\n\r\n";
$body .= "$message[0]:\r\n$message[2]\r\n";
if (!$from) $from_value = $email[2];
else $from_value = $from;
$headers = "Content-type: text/plain; $charset" . "\r\n";
$headers .= "From: $from_value" . "\r\n";
$headers .= "Reply-To: $email[2]" . "\r\n";
mail($to,"$subject_prefix - $subject[2]",$body, $headers);
if (!$thank_you_url) {
if ($use_header_footer) include $header_file;
echo '<a name="cform"><!--Form--></a>'."\n";
echo '<div id="formContainer" style="width:'.$form_width.';height:'.$form_height.';text-align:left; vertical-align:top;">'."\n";
echo $GLOBALS['thank_you_message']."\n";
echo '</div>'."\n";
if ($use_header_footer) include $footer_file;
}
else {
header("Location: http://www.xxx.com/");
}
}
} //else submitted
function showForm()
{
global $name, $email, $subject, $message, $code;
global $where_included, $use_header_footer, $header_file, $footer_file;
global $form_width, $form_height, $form_background, $form_border_color, $form_border_width, $form_border_style, $cell_padding, $left_col_width;
if ($use_header_footer) include $header_file;
echo $GLOBALS['error_message'];
echo <<<EOD
<a name="cform"><!--Form--></a>
<div id="formContainer" style="width:{$form_width};">
<form method="post" class="cForm" action="{$where_included}#cform">
<table style="width:100%; height:{$form_height}; background:{$form_background}; border:{$form_border_width} {$form_border_style} {$form_border_color}; padding:10px;" id="contactForm">
<tr>
<td style="width:{$left_col_width}; text-align:left; vertical-align:top; padding:{$cell_padding}; font-weight:bold; {$name[3]}">{$name[0]}</td>
<td style="text-align:left; vertical-align:top; padding:{$cell_padding};"><input type="text" name="{$name[1]}" value="{$name[2]}" id="{$name[1]}" /></td>
</tr>
<tr>
<td style="width:{$left_col_width}; text-align:left; vertical-align:top; padding:{$cell_padding}; font-weight:bold; {$email[3]}">{$email[0]}</td>
<td style="text-align:left; vertical-align:top; padding:{$cell_padding};"><input type="text" name="{$email[1]}" value="{$email[2]}" id="{$email[1]}" /> {$email[4]}</td>
</tr>
<tr>
<td style="width:{$left_col_width}; text-align:left; vertical-align:top; padding:{$cell_padding}; font-weight:bold; {$subject[3]}">{$subject[0]}</td>
<td style="text-align:left; vertical-align:top; padding:{$cell_padding};"><input type="text" name="{$subject[1]}" value="{$subject[2]}" size="40" id="{$subject[1]}" /></td>
</tr>
<tr>
<td style="width:{$left_col_width}; text-align:left; vertical-align:top; padding:{$cell_padding}; font-weight:bold; {$message[3]}">{$message[0]}</td>
<td style="text-align:left; vertical-align:top; padding:{$cell_padding};"><textarea name="{$message[1]}" cols="40" rows="6" id="{$message[1]}">{$message[2]}</textarea></td>
</tr>
<tr>
<td style="width:{$left_col_width}; text-align:left; vertical-align:top; padding:{$cell_padding};"> </td>
<td style="text-align:left; vertical-align:top; padding:{$cell_padding};"><img id="captcha" src="contact-securimage_show.php" alt="CAPTCHA Image" /></td>
</tr>
<tr>
<td style="width:{$left_col_width}; text-align:left; vertical-align:top; padding:{$cell_padding}; font-weight:bold; {$code[3]}">{$code[0]}</td>
<td style="text-align:left; vertical-align:top; padding:{$cell_padding};"><input type="text" name="{$code[1]}" size="10" maxlength="5" id="{$code[1]}" /> {$code[4]}
<br /><br />(Please enter the text in the image above. Text is not case sensitive.)<br />
<a href="#" onclick="document.getElementById('captcha').src = 'contact-securimage_show.php?' + Math.random(); return false"><font color="#000000">Click here if you cannot recognize the code.</font></a>
</td>
</tr>
<tr>
<td colspan="2" style="text-align:center; vertical-align:middle; padding:{$cell_padding}; font-size:90%; font-weight:bold;">All fields are required.</td>
</tr>
<tr>
<td colspan="2" style="text-align:center; vertical-align:middle; padding:{$cell_padding};"><input type="submit" name="submit" value="Submit" style="border:1px solid #999;background:#E4E4E4;margin-top:5px;" id="submit_button" /></td>
</tr>
</table>
</form>
</div>
EOD;
if ($use_header_footer) include $footer_file;
}
function clean_var($variable) {
$variable = strip_tags(stripslashes(trim(rtrim($variable))));
return $variable;
}
/**
Email validation function. Thanks to http://www.linuxjournal.com/article/9585
*/
function validEmail($email)
{
$isValid = true;
$atIndex = strrpos($email, "@");
if (is_bool($atIndex) && !$atIndex)
{
$isValid = false;
}
else
{
$domain = substr($email, $atIndex+1);
$local = substr($email, 0, $atIndex);
$localLen = strlen($local);
$domainLen = strlen($domain);
if ($localLen < 1 || $localLen > 64)
{
// local part length exceeded
$isValid = false;
}
else if ($domainLen < 1 || $domainLen > 255)
{
// domain part length exceeded
$isValid = false;
}
else if ($local[0] == '.' || $local[$localLen-1] == '.')
{
// local part starts or ends with '.'
$isValid = false;
}
else if (preg_match('/\\.\\./', $local))
{
// local part has two consecutive dots
$isValid = false;
}
else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
{
// character not valid in domain part
$isValid = false;
}
else if (preg_match('/\\.\\./', $domain))
{
// domain part has two consecutive dots
$isValid = false;
}
else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local)))
{
// character not valid in local part unless
// local part is quoted
if (!preg_match('/^"(\\\\"|[^"])+"$/',
str_replace("\\\\","",$local)))
{
$isValid = false;
}
}
if ($isValid && function_exists('checkdnsrr'))
{
if (!(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) {
// domain not found in DNS
$isValid = false;
}
}
}
return $isValid;
}
?>
</td></tr></table>
//<!--END Contact Code ****************************-->
// 2)config-form.php *************************
$to = '[email protected]';
$subject_prefix = 'poooos Contact Form : ';
$where_included = 'customer.php';
$from = '';
$use_header_footer = FALSE;
$header_file = 'contact-header.php';
$footer_file = 'contact-footer.php';
$thank_you_message = <<<EOD
<!-- Start message -->
<p align='center'><b>We have received your message. <br>If required, we'll get back to you as soon as possible.<br>Thank You.</b></p>
<!-- End message -->
EOD;
$thank_you_url = '';
$charset = 'charset=windows-874';
$form_width = '70%';
$form_height = '500px';
$form_background = '#F7F8F7';
$form_border_color = '#CCCCCC';
$form_border_width = '1px';
$form_border_style = 'solid';
$cell_padding = '5px';
$left_col_width = '25%';
$name = array('Name','name',NULL,NULL);
$email = array('Email','email',NULL,NULL,NULL);
$subject = array('Subject','subject',NULL,NULL);
$message = array('Message','message',NULL,NULL);
$code = array('Code','captcha_code',NULL,NULL,NULL);
?>
// 3) customer.php บันทึกลง database *************************
<?php
$db_host="localhost";
$db_username="root";
$db_pass="1234";
$dbname="customer";
mysql_connect("$db_host","$db_username","$db_pass") or die ("could not connect to mysql ");
mysql_select_db("$dbname") or die ("no database");
mysql_query("SET NAMES TIS620");
$sql="insert into tb_order values(NULL,'$name', '$national', '$address', '$country', '$tel', '$email', '$message','$total_order','$datenow')";
mysql_db_query($dbname,$sql);
mysql_close();
?>
ขอบคุณมากค่ะ
Tag : PHP, MySQL
|
ประวัติการแก้ไข
2015-01-01 21:59:12
2015-01-01 22:01:06
2015-01-01 22:04:07
2015-01-01 22:06:05
2015-01-01 22:08:50
|
 |
 |
 |
 |
| Date :
2014-12-31 18:27:21 |
By :
gju |
View :
759 |
Reply :
1 |
|
 |
 |
 |
 |
|
|
|
|
 |
 |
|
 |
 |
| |
|
|
|
| |
|
ลง code แบบนี้มันงงครับ เอาใส่ tag php ดีๆ แล้วก็เอาจุดที่คิดว่าเป็นปัญหามาลงถามครับ จะช่วยให้ได้คำตอบเร็วขึ้น
|
| |
|
|
| |
| Date :
2015-01-01 21:32:15 |
By :
mangkunzo |
|
|
| |
|
|
|
|
|
| |
|
|
|
|
|
| |
|
 Load balance : Server 00
|
