I'm trying to build a contact form that uses ajax and PHP to send a mail. ajax, and email submission is working fine but PHP validation is not working and I receive unfiltered user credentials in my email box at the server, here is the code please help the php validation is not working and any data a user enters in the form is not filtered and is send the way it is.
<?php
session_start();
include_once('includes/db_connect.php');
if(isset($_POST['name']) && $_POST['name'] && isset($_POST['phone']) && $_POST['phone'] && isset($_POST['email']) && $_POST['email'] && isset($_POST['message']) && $_POST['message']){
$name = mysqli_real_escape_string($con, $_POST['name']);
$phone = mysqli_real_escape_string($con, $_POST['phone']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$message = mysqli_real_escape_string($con, $_POST['message']);
if(( !preg_match ("/^[a-zA-Z\s]+$/",$name))||(strlen($name) < 3)){
echo json_encode(array('success' => 'invalid name'));
}else{
$name_error = "";
}
if((!is_numeric($phone))||(strlen($phone) !=12)){
echo json_encode(array('success' => 'invalid phone'));
}else{
$phone_error = "";
}
if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
echo json_encode(array('success' => 'invalid email'));
}else{
$email_error = "";
}
if(strlen($message)<10){
echo json_encode(array('success' => 'invalid message'));
}else{
$message_error = "";
}
if(empty($name_error) && empty($phone_error) && empty($email_error)&& empty($message_error)){
error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED ^ E_STRICT);
ini_set("include_path", '/home/extensiv/php:' . ini_get("include_path") );
require_once "Mail.php";
$host = "ssl://mail.mywebsite.com";
$username = "support@mywebsite.com";
$password = "mypassword";
$port = "465";
$to = "support@mywebsite.com";
$email_from = $email;
$email_subject = "Is it working?: " ;
$email_body = $message.$phone ;
$email_address = "support@mywebsite.com";
$headers = array ('From' => $email_from, 'To' => $to, 'Subject' => $email_subject, 'Reply-To' => $email_address);
$smtp = Mail::factory('smtp', array ('host' => $host, 'port' => $port, 'auth' => true, 'username' => $username, 'password' => $password));
$mail = $smtp->send($to, $headers, $email_body);
if (PEAR::isError($mail)) {
echo json_encode(array('success' => 'submit error'));
} else {
echo json_encode(array('success' => 'submit success'));
}
}else{
echo json_encode(array('success' => 'invalid credentials'));
}
}else{
echo json_encode(array('success'=>'No data received'));
}
?>
You never set $name_error, $phone_error, $email_error or $message_error to any value. Your condition will always be true as $name_error (and the others) will all be null. Empty returns true when null.
To fix, set the $name_error (and the others) to the error string then echo it from the string.
if(( !preg_match ("/^[a-zA-Z\s]+$/",$name))||(strlen($name) < 3)){
$name_error = json_encode(array('success' => 'invalid name'));
echo $name_error;
}else{
$name_error = "";
}
I also suggest adding a die() after your first error. Otherwise you can end up with a return payload containing multiple json objects.