/
contact-form-process.php
90 lines (56 loc) · 1.9 KB
/
contact-form-process.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php require("inc-public-predoctype.php"); ?>
<?php
//CHECK IF THE FORM SUBMITTED
if (isset($_POST['txtsecurity']) && $_POST['txtsecurity'] === $_SESSION['svadminsecurity']) {
//SET A BASE LINE VALUEFOR VALIDATION CHECK
$vvalidate = 0;
$vbox = $_POST['txtbox'];
//COLLECT ALL THE VALUES FROM THE FORM FIELDS AND ASSIGN THEM TO SESSION VARIABLES
//GENERAL - REQUIRED FIELDS
$vname = filter_var(trim($_POST['txtname']), FILTER_SANITIZE_STRING);
if ($vname === ''){
$vvalidate++;
}
$vsurname = filter_var(trim($_POST['txtsurname']), FILTER_SANITIZE_STRING);
if ($vsurname === ''){
$vvalidate++;
}
$vemail = filter_var(trim($_POST['txtemail']), FILTER_SANITIZE_STRING);
if ($vemail === ''){
$vvalidate++;
}
$vmsg = filter_var(trim($_POST['txtmsg']), FILTER_SANITIZE_STRING);
if ($vmsg === ''){
$vvalidate++;
}
$vqstr = "?kvalidation=failed";
$vqstr .= "&kname=" . urlencode($vname);
$vqstr .= "&ksurname=" . urlencode($vsurname);
$vqstr .= "&kemail=" . urlencode($vemail);
if($vvalidate !== 0){
//ENCODE QUERYSTRING
header ('Location: contact.php' . $vqstr);
exit();
} else {
//CONNECT TO THE MYSQL SERVER
require('inc-conntekiah.php');
//CALL IN THE FUNCTION escapestring
require('inc-function-escape-string.php');
//FORMULATE THE INSERT STATEMENT
$sql_contact = sprintf("INSERT INTO tblcontactform (cfname, cfsurname, cfemail, cfmsg) VALUES (%s, %s, %s, %s)",
escapestring($vconntekiah, $vname, 'text'),
escapestring($vconntekiah, $vsurname, 'text'),
escapestring($vconntekiah, $vemail, 'text'),
escapestring($vconntekiah, $vmsg, 'text')
);
$sql_contact_result = mysqli_query($vconntekiah, $sql_contact);
header('Location: contact.php?kinsert=successful');
exit();
header ('Location: contact.php?kinsert=failed');
exit();
}
} else{
header('Location: contact.php');
exit();
}
?>