select option, email form

Question

I'm trying to get the 'select option' to post to my email, the other input fields do post but not the select it's driving me nuts. Please advice. Also any additional advice on sql injection prevention methods would be much appreciated.

HTML

 <form action="contactform.php" method="post" >
<input type="text" name="name" placeholder="*Full Name">
<input type="text" name="email" placeholder="*Email">
<input type="tel" name="telephone"placeholder="*Telephone">
<input type="text" name="comments"class="feedback-input"id="comments"placeholder="*How can I help?">
 <select name="selectoption">
    <option value="first">First</option>
    <option value="second">Second</option>
    <option value="third">Third</option>
  </select>
<input type="text" name="code" placeholder="1+2 =" />
<input type="submit"value="Send"class="button">
</form>



PHP
<?php

if(isset($_POST['email'])) {


if (strtolower($_POST['code']) != '3') {die('Wrong access code');}


    $email_to = "";

    $email_subject = "contact form submission";

    $name = $_POST['name']; // required

    $email_from = $_POST['email']; // required

    $telephone = $_POST['telephone']; // not required


    $comments = $_POST['comments']; // required

    $selectoption = $_POST['selectoption']; // required



    function clean_string($string) {

      $bad = array("content-type","bcc:","to:","cc:","href");

      return str_replace($bad,"",$string);

    }

    $email_message .= "Name: ".clean_string($name)."\n";

    $email_message .= "Email: ".clean_string($email_from)."\n";

    $email_message .= "Telephone: ".clean_string($telephone)."\n";


    $email_message .= "Comments: ".clean_string($comments)."\n";

    $email_message .= "Selectoption: ".clean_string($selectoption)."\n";




// create email headers

$headers = 'From: '.$email_from."\r\n".

'Reply-To: '.$email_from."\r\n" .

'X-Mailer: PHP/' . phpversion();

@mail($email_to, $email_subject, $email_message, $headers);  

?>






Thank you for contacting us. We will be in touch with you very soon.
<a href="#">return to website</a>


<?php

}

?>



thanks very much
Dan

Your first instance of `$email_message` is in concatenating. You should begin with `$email_message = "";` not `$email_message .= "";` — Adam Joseph Looze, Feb 14 '16 at 05:44
Also a tip. In your clean string function. You are just comparing the array itself. You should run a loop in that function to loop through each comparison. — Adam Joseph Looze, Feb 14 '16 at 05:46
You need more sanitation in your $_POST variables. I wrote you this quick function for future reference. `function protect($p) { $p = stripslashes($p); $p = strip_tags($p); $p = preg_replace("[^A-Za-z0-9]", "", trim(trim($p,"'"),'"')); return $p; }` — Adam Joseph Looze, Feb 14 '16 at 05:49
Any sql query?? to advice on sql injection prevention methods . — Sanzeeb Aryal, Feb 14 '16 at 07:31

score 0 · Answer 1 · edited May 23 '17 at 12:07

0

<select name="selectoption">
    <option value="first">First</option>
    <option value="second">Second</option>
    <option value="third">Third</option>
 </select>

You can get selected valueby below code:-

$selectOption = $_POST['selectoption'];

Use isset to check value is exist or not.

$name = isset($_POST['name']) ? $_POST['name'] : '';  

$email_from = isset($_POST['email']) ? $_POST['email'] : ''; 

$telephone = isset($_POST['telephone']) ? $_POST['telephone'] : '';    

$comments = isset($_POST['comments']) ? $_POST['comments'] : ''; 

$selectoption = isset($_POST['selectoption']) ? $_POST['selectoption'] : '';

For SQL Injection Prevention Techniques,

Refer this link.

Hope it will help you :)

edited May 23 '17 at 12:07

Community

1
1

answered Feb 14 '16 at 05:45

Ravi

6,311
1
23
41

that didn't work Ravi in email it posts: Selectoption: but not value :( – Dave Feb 14 '16 at 15:12
Thanks Adam and Ravi – Dave Feb 14 '16 at 15:13
$telephone = $_POST['telephone']; // required $comments = $_POST['comments']; // required $selectOption = $_POST['selectoption']; – Dave Feb 14 '16 at 15:13
@Dave: You need to put client side or server side validation for your form. – Ravi Feb 14 '16 at 15:44
I will do friend, right now I'm trying to get the select option to post which It currently is not. Can you or someone offer tutoring happy to pay but I need to learn where I'm making mistakes. Thanks. – Dave Feb 15 '16 at 00:37
Script like this Ravi, – Dave Feb 15 '16 at 00:42
– Dave Feb 15 '16 at 00:45
@Dave: I am giving you some links. Refer it. It will solve your questions. Let me know if you don't understand from it. I will help you :) http://www.sitepoint.com/form-validation-with-php/ – Ravi Feb 15 '16 at 06:01

select option, email form

1 Answers1