1

I have a form which posts variables through to a PHP processing script.

Before the processing script begins I would like to sanitize the posted variables:

$Contact_Name = filter_var($_POST['contactName'], FILTER_SANITIZE_STRING);
$Company = filter_var($_POST['company'], FILTER_SANITIZE_STRING);
$Telephone = filter_var($_POST['telephone'],FILTER_SANITIZE_NUMBER_INT);

So far. So good.

But sanitizing and validating the email is a real pain.

$Email = $_POST['email'];
$Sanitised_Email = filter_var($Email, FILTER_SANITIZE_EMAIL);
$Email_is_valid = filter_var($Email, FILTER_VALIDATE_EMAIL);

If $Sanitised_Email isn't the same as $Email, I want to go back to the form page:

if ($Sanitised_Email != $Email) {
header('Location: http://'.$_SERVER['HTTP_HOST'].'/form.php');
}

If $Email_is_valid is false, I want to go back to the form page:

if ($Email_is_valid == FALSE) {
header('Location: http://'.$_SERVER['HTTP_HOST'].'/form.php');
}

Neither of these two if statements work when I enter an email which is both invalid and in need of sanitisation such as:

i.am.(totally)invalid@asanemailaddress

What am I doing wrong? Have I messed up my syntax somewhere?

Improve this question
13
  • 2
    Why do you need to sanitize instead of just checking if the supplied address is valid? Commented Feb 5, 2016 at 19:23
  • 1
    One other note: consider passing an error message back to the form rather than a plain-jane re-direct (thus likely leaving the user wondering why the form didn't submit). You could improve your current method with a simple url parameter that triggers an error display on the form, for example. Commented Feb 5, 2016 at 19:25
  • 2
    Do you want to check wether the sanitized email is valid after its been cleaned? Or do you really want to run both functions on the user input email? Commented Feb 5, 2016 at 19:27
  • 1
    After looking @RocketHazmat is it possible your "HTTP_HOST" is not returning anything? I've had that not be populated (or populated incorrectly) as a server variable before. stackoverflow.com/questions/2297403/http-host-vs-server-name Commented Feb 5, 2016 at 19:29
  • 2
    is the code you mentioned at the top of the PHP page and are you sure you have not already sent output before trying to send header information. Commented Feb 5, 2016 at 19:42

1 Answer 1

Reset to default
2

Syntax seems good. I think your problem is that you are not ending your script after setting header. Change it to:

if (condition) {
        header('Location: www.example.com');
        exit();
}

Learn how to debug your code, you can simply echo something to know if you are entering a structure or not. A good practice is also to create a function to redirect pages, it's quick, clean and save some lines:

function redirect($page){
        header('Location: http://'.$_SERVER['HTTP_HOST']."/$page.php");
        exit();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

That's a priceless answer, @Daniel MK - thank you so much! The problem, as you correctly identified was that I wasn't ending the script with exit(); after setting the header. (I've used header('Location: '); several times before, but only ever at the end of scripts, so I've never been aware that this is necessary.) Setting up a redirect(page); function is a great idea and using echo statements to verify whether conditions are being followed properly is a very smart time-saver. Thank you for all your tips. If I could give you extra points, I would.
I'm glad I've helped you, you're welcome, thanks for your nice words =)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.