patternphpMinor
Submitting an HTML form, adding submission to database and emailing the client and registrant
Viewed 0 times
theaddingsubmittingdatabaseclientemailingandformregistranthtml
Problem
I have been asked to make a registration form that will add a users details to a database, create a registration code, then email the registrant and client the details including the registration code.
I am quite new to PHP but have put together something that works for me, however, I don't have the experience to know if it will work for everyone. Also, it uses the PHPMailer to send the email.
Any advice regarding security, as well as anything that would be considered bad practice would be appreciated.
HTML:
PHP:
```
connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$host_email = 'email@email.com';
$host_name = 'name';
$first_name = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["first_name"]);
$last_name = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["last_name"]);
$email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);
$gender = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["gender"]);
$age = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["age"]);
$phone = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["phone"]);
$findus = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["findus"]);
$street_address = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["st
I am quite new to PHP but have put together something that works for me, however, I don't have the experience to know if it will work for everyone. Also, it uses the PHPMailer to send the email.
Any advice regarding security, as well as anything that would be considered bad practice would be appreciated.
HTML:
First Name *
Last Name *
Email address *
Age *
Phone *
Street Address *
Suburb
City *
Postcode *
Country *
Where did you hear about us?
Gender *
Female
Male
SUBMIT
PHP:
```
connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$host_email = 'email@email.com';
$host_name = 'name';
$first_name = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["first_name"]);
$last_name = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["last_name"]);
$email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);
$gender = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["gender"]);
$age = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["age"]);
$phone = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["phone"]);
$findus = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["findus"]);
$street_address = preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["st
Solution
-
Put the database connection code in a separate file as you have commented in your code:
This will be a better way.
-
Writing
This will be a better way to write and it will avoid by assignments by mistake while writing big code.
-
Put this statement in a different function as you are using frequently in your code, so this will be changed to:
Now put this function in a separate file, such as functions.php, and include it in your code. In the future, you can add more functions to this file that will be used frequently in your code.
Keep one thing in mind while writing code: if you are using any code more than once or twice, convert that code to a reusable function.
-
Put your mail code in a separate file and include that file whenever you need it.
-
Create a separate function for sending mail and pass your values as arguments to that function.
-
One more function you can add to the functions.php file:
Always try to separate the code which is frequently used in your application so it will be easily manageable.
I appreciate your efforts that you have taken in your first program. You have made a good job at initial level. As you will do more practice you will get more understanding about how to write more reusable code.
Put the database connection code in a separate file as you have commented in your code:
//include 'connect.php';This will be a better way.
-
Writing
if conditions and comparing the hardcoded values always put the values at left-hand side. So your if condition will be changed to:if('POST' == $_SERVER['REQUEST_METHOD'])This will be a better way to write and it will avoid by assignments by mistake while writing big code.
-
preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST["first_name"])Put this statement in a different function as you are using frequently in your code, so this will be changed to:
function parseVariabel($paramVariable) {
return preg_replace("/[^a-zA-Z0-9\s]/", "", $paramVariable);
}Now put this function in a separate file, such as functions.php, and include it in your code. In the future, you can add more functions to this file that will be used frequently in your code.
Keep one thing in mind while writing code: if you are using any code more than once or twice, convert that code to a reusable function.
-
Put your mail code in a separate file and include that file whenever you need it.
-
Create a separate function for sending mail and pass your values as arguments to that function.
-
One more function you can add to the functions.php file:
function redirect(url) {
header("Location:"+ url);
}Always try to separate the code which is frequently used in your application so it will be easily manageable.
I appreciate your efforts that you have taken in your first program. You have made a good job at initial level. As you will do more practice you will get more understanding about how to write more reusable code.
Code Snippets
//include 'connect.php';if('POST' == $_SERVER['REQUEST_METHOD'])function parseVariabel($paramVariable) {
return preg_replace("/[^a-zA-Z0-9\s]/", "", $paramVariable);
}function redirect(url) {
header("Location:"+ url);
}Context
StackExchange Code Review Q#118918, answer score: 4
Revisions (0)
No revisions yet.