Hi, so I’m trying to create camp registration form. This code is just for a test form until I can get it right. I have it to where it will send to the database and send to email, but now I am trying to get it to post the information on the confirmation page so the person registering can print it out for themselves. I found some code and tried piecing it in there, but it now just goes to a blank screen instead of the confirmation message that I have there. The confirmation message was showing up fine until I tried peicing in the code to echo the data.
Anyone know what I need to do? Also, is there security issues with the code I’m using?
Thanks!
<html>
<head>
<title>Registration complete</title>
</head>
<body>
<?php
$con=mysqli_connect("localhost","username","password","database");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO camp_registration (first_name, last_name, sex, state)
VALUES
('$_POST[first_name]','$_POST[last_name]','$_POST[sex]','$_POST[state]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Your registration form has been submitted. Please click the Paypal button below to pay your camp fees.";
mysqli_close($con);
//Peiced in code for echoing entered data back onto page
if(array_key_exists("Submit", $_POST)){
// loop through post data for form
foreach($_POST as $key => $value){
if(is_array($value)){
foreach($value as $key2 => $value2){
echo $key." = ".$value2."<br/>";
}
} else {
echo $key." = ".$value."<br/>";
}
}
echo "<i>Submitted!</i>";
} else {
// Build the email (replace the address in the $to section with your own)
$first_name = $_POST['first_name'];
$email = $_POST['email'];
$message = $_POST['message'];
$last_name = $_POST['last_name'];
$sex = $_POST['sex'];
$state = $_POST['state'];
$email_from = 'my@email.com';
$email_subject = "New Camp Registration for $first_name $last_name";
$email_body = "You have received a new camp registration from the user $first_name.\
".
"\
First Name: $first_name \
Last Name: $last_name \
Sex: $sex \
State: $state \
".
// Send the mail using PHPs mail() function
$to = "hallartistry@higherfocusart.com";
$headers = "From: $email_from \\r\
";
$headers .= "Reply-To: $email \\r\
";
mail($to,$email_subject,$email_body,$headers);
function IsInjected($str)
{
$injections = array('(\
+)',
'(\\r+)',
'(\ +)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str))
{
return true;
}
else
{
return false;
}
}
if(IsInjected($email))
{
echo "Bad email value!";
exit;
}
?>
</body>
</html>