Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#13 2011-07-19 14:44:44
- Dimitri
- Member
- From: Johannesburg
- Registered: 2010-10-31
- Posts: 129
Re: Creating a contact form that writes to the database and sends email
Ah k
Good luck, I advice you to post this thread to the plugin support
<txp:way_too_cool />
Offline
Re: Creating a contact form that writes to the database and sends email
Please read this thread before implementing Kevin’s (graphicPUSH) code. I myself and Ruud give some security related advices there which you should take into consideration.
For example do not trust and save the POST values blindly directly as Kevin advices. You do not want run into database filled with spam and other nasty stuff.
Instead it’s better to use zemcontact.submit callback and $zem_contact_values global array to handle the data, and use doSlash() to clean the values to avoid SQL injections. It’s also advisable to check posts status with get_zemcontact_evaluator() before saving anything to make sure the comment isn’t flagged as spam by an anti-spam plugin. Both anti-spam plugins and the saving function will be using the same callback after all.
As outlined in the forum thread I mentioned all you need to do to save comment data is something like this (untested, just an example, use with caution):
/**
Registers the callback. xxx_my_saving_function() is
now loaded on 'zemcontact.submit' event. You can find
the callback spot from ZRC's source and what it can offer.
*/
register_callback('xxx_my_saving_function','zemcontact.submit');
/**
The function that does the work on
the submit event
*/
function xxx_my_saving_function() {
/*
get_zemcontact_evaluator() tells us if the comment is
flagged as spam by an other plugin using the same callback.
If spam, do not save the comment.
PS. Remember to load the spam plugins
before this plugin; set this plugin's load order to '6'
and the anti-spam plugins '5'.
We want to do the spam checks before this point.
*/
$evaluation =& get_zemcontact_evaluator();
/*
It's spam, end here
*/
if($evaluation->get_zemcontact_status() != 0)
return;
/*
Saving the data goes here etc..
$zem_contact_values global array holds
all the form data.
*/
global $zem_contact_values;
$set = 'timestamp=now()';
foreach($zem_contact_values as $name => $val) {
$set .= ', '. $name . "='" . doSlash($value) . "'";
}
/*
Insert row to the database table
named "xxx_enquiries_table".
*/
safe_insert(
'xxx_enquiries_table',
$set
);
}The code can be loaded as a plugin. Everything is prefixed to avoid conflicts with other core functions, plugins and tables.
Last edited by Gocom (2011-07-19 19:47:31)
Offline