Developer Forum

P184 line 7, contact_05.php l119 both read:

<textarea name="message" id="message"><?php if(isset($error)) {echo
$messageBody;} ?></textarea>

This gives a very small message window. I presume that the dimensions have been
accidentally omitted, and the line should read as follows?

<textarea name="message" cols="60" rows="12" id="message"><?php
if(isset($error)) {echo $messageBody;} ?></textarea>

I have forgotten where to look for the errata for the book, and after ploughing
through this stuff my brain is thoroughly addled.

I can no longer test on my local server -- I don't know why -- but I have
uploaded the latest version up to this point in the book. You can see it at

http://www.yqcomputer.com/

Click the yellow ! or ? envelope to try it. Now I want the page to close if the
message is sent, preferably after displaying 'thank you' for a second or so. I
would read your next section, which may or may not cover this, when I have
recovered from getting this far.


Clancy

Technically speaking, you are correct. The cols and rows attributes are
required for valid HTML. Dreamweaver doesn't insert default values - a
bug that I have reported to Adobe and understand will be corrected in
the next version of Dreamweaver. However, if you were following the
instructions in my book, you would get a much larger message window,
because its size is controlled by CSS.


http://www.yqcomputer.com/

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://www.yqcomputer.com/

On page 166, step 13, you say to set the character width and numline fields in
the property Inspector. However on page 184 these disappear without comment. I
did insert the additional CSS to set these values, but because I am working on a
page built using one of my templates I had to insert it as inline code some way
into the page, and Dreamweaver does not recognise it, but IE does, and this
caused me considerable confusion.

The submit page works nicely, except that if you hit 'Submit' with invalid data,
an IE error box pops up, as shown below, but the warning messages are never
displayed.

Microsoft Internet Explorer

! The following error(s) occurred:
-name is required.
-email must contain an e-mail address.
-message is required.

OK

I tried using the browser to look at the code actually sent to it, and was
surprised to discover an error message, stating:

<form action="<br />
<b>Notice</b>: Undefined index: Technical/PHP_SELF in
<b>D:\Websites\Corybas\Feedback.php</b> on line <b>109</b><br />

The original read:
<form action="<?php $_SERVER['Technical/PHP_SELF'];?>" method="post"
name="contactform" id="contactform"

I have no idea where this came from, but can only presume I made some wrong
choice in Dreamweaver, as I certainly would not have thought to put it in
myself. However when I corrected this the behaviour was unchanged.

As before, you can try it out for yourself by going to http://www.yqcomputer.com/
and clicking the yellow '! or ?' envelope to try it.

I went through the whole procedure again this evening, and built another page
with a form. I did not get the error above, but I was unable to find the submit
button, as described on page 166, section 13. I thought I had used the 'insert
radio button' yesterday, but when I did so today I had to enter the code
manually to convert it to a submit button.

One refinement which would be nice would be to have the cursor automatically
positioned in the name field when the page pops up. Little touches like this
make a big difference to the users' perception of the friendliness of the site.

I still do not understand how this page works. As far as I can understand the
code, it appears to be single pass, yet the page behaves as if it is in a loop.
Is the page procedure called repeatedly?

I would also like to know how to modify it so that it closes automatically after
the message is sent.

With many thanks,


Clancy

Actually, they're also missing from the code listing at the bottom of
page 166. One of the problems of writing a 500 page book with several
hundred accompanying download files is keeping track of every detail.
The CSS compensates for the missing rows and columns attributes. Since
you're trying to adapt the contact form to the design of your own site,
you should concentrate on the PHP code.


No, the warning messages won't be displayed if the IE error box pops up.
However, if you enter a series of spaces in the name field, as described
in step 14 on page 183, the JavaScript validation will be fooled, but
the PHP validation will stop the form from being processed, and the
warning message will appear.


That's been done by your template. I'm not sure if that's a Dreamweaver
bug or if you have done something wrong.


It's the third icon from the right on the Forms Insert bar.


Google "JavaScript field focus". You'll find plenty of ready-made
scripts to show you how to do this.


No, the page ignores all the PHP code above the DOCTYPE, except for
$mailSent = false; when the page first loads. When you click the Submit
button, the code inside the if (array_key_exists('ewComments', $_POST))
conditional statement processes the email.


You can't. You have used target="_blank" to force open another browser
window. PHP cannot close a browser window. JavaScript can be used to
close a window, but only if JavaScript was used to open it in the first
place.

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://www.yqcomputer.com/

But this is part of the .php code, and I did say 'minor typo'. It is obvious
once you realise what is going on, but trying to learn php, and JavaScript, from
cold is an awfully big learning curve, especially when your brain has been
ravaged by the brain border virus * , and small things like this can be very
confusing.


Clearly I am fundamentally confused somewhere. The way it appears to me, the
php interpreter starts at the top of the page, dodges all the preamble, then
sends the HTML to the browser, making a few changes along the way, but what
happens when it gets to the bottom of the page? There is nothing visible to
make it return to the top again.

Thanks for the other comments. I am currently trying out some JavaScript to
open and close windows.

* The only virus that transfers from computers to people. I discovered it in
1990, and it has infected virtually everyone who has worked in the computer
industry for any length of time.

Clancy

I'm sorry if it confused you, but the Introduction on page xiv does say
"You should be familiar with the basics of HTML or XHTML". Leaving out
the rows and columns attributes from the <textarea> tag is a minor typo
in the XHTML that has no impact on the PHP. However, it is a mistake in
the book, and I'll get the publisher to add it to the corrections page.


Clicking the submit button reloads the page. See Figure 6-2 on page 168.
Page 170 further explains that "by testing for the existence of
$_POST['ewComments'], you can control whether the mail-processing script
should run when the page loads."

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://www.yqcomputer.com/

So, effectively, the page procedure IS called repeatedly.

I note that you can specify a maxlength for text input boxes. Given the
popularity among malwear writers of buffer overruns as a means of gaining
control of your system, is it a good idea to specify these? And can you specify
the maximum amount of input into a text area?


Clancy

If it helps you to think of it that way, fine. What's important to
understand is that PHP is a server-side language. When someone requests
a page, all the PHP code is parsed on the server and the resulting XHTML
is sent to the browser. The whole process ends at that point. Clicking
the submit button tells the browser to submit a new request to the
server. Because it's a self-processing form, the browser requests the
same page. However, this time, the $_POST array contains the value of
the submit button, so the server processes the validation code.

If you were to put the name of a different file in the action attribute
of the form tag, the browser would request that file instead. Several
years ago, it was common practice to put the validation and mail
processing code in a separate file. However, doing so has the
disadvantage that you can't redisplay the form with error messages and
user input preserved. That's why self-processing forms are more common
these days.


Using maxlength is no protection against a determined hacker, but
there's no harm in using it. (X)HTML provides no means of restricting
the length of a text area. You can use JavaScript to impose a maximum,
but a hacker can easily get round this by disabling JavaScript.

The default behaviour of PHP is to permit a maximum of 8MB in the $_POST
array, so in theory somebody could attempt to send you an 8MB email. The
way to prevent this is to use PHP to validate the input. Let's say the
text area is called "comments", in your mail processing script, add
something like this:

if (strlen($_POST['comments']) > 4000) {
$error['tooLong'] = 'Please restrict your comments to 4,000 characters';
}

The strlen() function returns the number of characters in a string. If
$error is set, don't send the mail.

It's good that you're aware of the security issues. Unfortunately, it's
impossible to cover every aspect of form handling and validation in a
book like "Foundation PHP for Dreamweaver 8". PHP is a vast subject. If
you're interested in security issues, I go into them in more detail in
"PHP Solutions", which is due to be published in three weeks' time:

http://www.yqcomputer.com/

--
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://www.yqcomputer.com/