<?php
session_start();
if (isset($_POST['submit'])) {
// clean and check form inputs including the secure image code
    $name = trim(strip_tags($_POST['name']));
    $email = trim(strip_tags($_POST['email']));
    $comments = trim(strip_tags($_POST['comments']));
    $secure = strtoupper(trim(strip_tags($_POST['secure'])));
    $match = $_SESSION['captcha']; // the code on the image

// input error checking
    if ($name=="") {
        $err.= "Please provide your name<br/>";
    }
    if (!$email) {
        $err.= "Please provide your email address<br>";
    }
    if ($email) {
        if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
            $err.= $email. " is not a valid email address.<br/>";
        }
    } 
    if ($comments=="") {
        $err.= "Please provide comments<br/>";
    }
    if (!$secure) {
        $err.= "No security code entered<br/>";
    }
    if (($secure!=$match) && ($secure!="")) {
        $err.= "Security code mismatch<br/>";
    }
    if ($err=="") {
    // success - input passed all tests
    echo "What you do with success is up to you.";
    exit();
    }
}
?>
<head>
<title>Trolls go away</title>
<style type="text/css">
body,td {
	font-family:arial, helvetica, sans-serif;
	background:#fff;
	color:#000;
	font-size:12px;
}
input, textarea {
	background:#eee;
	color:#000;
	font-size:12px;
	border:1px solid #000;   
 }
</style>
</head>
<body>
<?php
if ($err!="") {
    echo "<strong>Form Error(s)</strong><br/>";
    echo "<font color='#cc3300'>". nl2br($err). "</font><br/>";
}
?>

<form name="captcha" method="post" action="<?php echo $_SERVER['SCRIPT_NAME'];?>">
<table cellpadding="3" cellspacing="2" style="border:1px dotted #666;">
<tr>
<td>Name:</td><td><input type="text" name="name" value="<?php echo $_POST['name'];?>"/></td>
</tr>
<tr>
<td>Email:</td><td><input type="text" name="email" value="<?php echo $_POST['email'];?>"/></td>
</tr>
<tr>
<td valign="top">Comments:</td><td><textarea rows="5" columns="30" name="comments"><?php echo $_POST['comments'];?></textarea></td>
</tr>
<tr>
<td>Security Code</td><td><input type="text" name="secure"/></td>
</tr>
<tr>
<td><img src="captcha_image.php" alt="security image" border="0"/></td><td><input type="submit" name="submit" value="Send"/></td>
</tr>
</table>
</form>
</body>
</html>
Member Avatar for diafol

On some servers, you need to explicitly give $err a value before concatenating, so put

$err="";

at the start.

[B]action="<?php echo $_SERVER['SCRIPT_NAME'];?>[/B]

From action is wrong. $_SERVER returns the current file name with system path, not URL. Should use '$_SERVER' or '$_SERVER'.

And this one should be better for error message.

if (isset($err) && $err != '') {
echo "<strong>Form Error(s)</strong><br/>";
echo "<font color='#cc3300'>". nl2br($err). "</font><br/>";
}
?>

Hope this help.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.