PHP Forum

**chrishirst** · 03-17-2010, 04:26 AM

Quote:

Originally Posted by gerdonhanry

Use Following Program to make sure about your e-mail address,And copy this PHP Code in your Program,It will really help you,

Well it may do;

That is of course provided

You have a file called config.php that (probably) sets up a few things.

OR
Did you miss that when you copy and pasted code from DaniWeb?

**njccbeach9** · 03-17-2010, 04:54 PM

OK thanks for a great piece of code

As for this particular purpose I don't want to add any of my fields into a database I thought:

Instead of inserting a database is it possible to insert the data the user enterd in the form into a cookie and if the cookie has been successfully created then a confirmation email is sent to the email they entered into the textbox. Then in the confirmation email the radom link created:
http://www.yourweb.com/confirmation....=$confirm_code

it will direct the user to a particular page on my website where the page can get the data from the saved cookie stored on the user's machine and then successfully send the email to me.

Thanks, the code is definitely one step forwards...

**NullPointer** · 03-17-2010, 05:04 PM

Quote:

Originally Posted by njccbeach9

Instead of inserting a database is it possible to insert the data the user enterd in the form into a cookie and if the cookie has been successfully created then a confirmation email is sent to the email they entered into the textbox. Then in the confirmation email the radom link created:
http://www.yourweb.com/confirmation....=$confirm_code

There are two things wrong with that: To begin with the confirmation link won't work if the user switches machines or browsers between signing up and using the link. Secondly, it is insecure. The user could just grab the confirmation code set in the cookie and pass it to your confirmation script without ever checking his/her email.

**njccbeach9** · 03-17-2010, 05:16 PM

Surely to make the cookie system secure couldn't you say that the only information stored in the cookie would be the fields that they entered in the contact form. Say for example:

$name = "example"
$email = "example@example.com"
$themessage = "example message"

No confirmation code added to the cookie. The confirmation code would be added to the email only. Then when the user clicks the confirmation link it directs to a page where it can get the $name, $email, $themessage and construct an email to send to a fixed email address which is mine. e.g. fixedemail@fixed.com

Even if a hacker gets the information from the cookie, he does not know the confirmation code and link and therefore it just contains the data he entered in the form which is useless to him.

I hope this has helped.

Thanks guys

**njccbeach9** · 03-17-2010, 05:35 PM

OK I have just got some information from somebody else and they think the following:

Quote:

Server side is probably better: send them an ID in the URL and use that to identify the reply.

Where on the server? Choices are essentially: session, database or file. Session is probably too short (~25 minutes before it times out, so if they don't reply immediately or the email takes a while, you're dead, and has the same problem as cookies only worse as they also don't have the same session if they close the browser in between). Database you ruled out. So store a file from PHP in a folder (outside the Web server's name space!) named according to the token you sent them and pick it up again on the second step. If the PHP has SAFE MODE turned on you're prevented from doing that, so you might instead have to put it in the server's name space and protect the files using Apache directives in .htaccess (e.g. require basic_auth to access the directory through the web server) or chmod the files so as to deny access to the web server, and back again when you want them internally.

I like what he is suggesting but I don't know how to do it. What do you think?

**Advanox** · 03-17-2010, 10:03 PM

$name = "example"
$email = "example@example.com"
$themessage = "example message"
is good suggestions, but did you check your configs & sessions?

**njccbeach9** · 03:38 PM

I think everything is alright, I have XAMPP server installed with Apache 2.2. Just scrolling down on the configuration page shows that under Session and session support is says enabled. This is a table containing the session info, is this ok?

Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary wddx

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path C:\xampp\xampp\tmp C:\xampp\xampp\tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0

Session Support enabled Registered save handlers files user sqlite Registered serializer handlers php php_binary wddx
Session Support enabled Registered save handlers files user sqlite Registered serializer handlers php php_binary wddx

DirectiveLocal ValueMaster Valuesession.auto_startOffOffsession.bug_compat_42 OnOnsession.bug_compat_warnOnOnsession.cache_expir e180180session.cache_limiternocachenocachesession. cookie_domainno valueno valuesession.cookie_httponlyOffOffsession.cookie_lifeti me00session.cookie_path//session.cookie_secureOffOffsession.entropy_fileno valueno valuesession.entropy_length00session.gc_divisor100100se ssion.gc_maxlifetime14401440session.gc_probability 11session.hash_bits_per_character55session.hash_fu nction00session.namePHPSESSIDPHPSESSIDsession.refe rer_checkno valueno valuesession.save_handlerfilesfilessession.save_pathC:\ xampp\xampp\tmpC:\xampp\xampp\tmpsession.serialize _handlerphpphpsession.use_cookiesOnOnsession.use_o nly_cookiesOffOffsession.use_trans_sid00

DirectiveLocal ValueMaster Valuesession.auto_startOffOffsession.bug_compat_42 OnOnsession.bug_compat_warnOnOnsession.cache_expir e180180session.cache_limiternocachenocachesession. cookie_domainno valueno valuesession.cookie_httponlyOffOffsession.cookie_lifeti me00session.cookie_path//session.cookie_secureOffOffsession.entropy_fileno valueno valuesession.entropy_length00session.gc_divisor100100se ssion.gc_maxlifetime14401440session.gc_probability 11session.hash_bits_per_character55session.hash_fu nction00session.namePHPSESSIDPHPSESSIDsession.refe rer_checkno valueno valuesession.save_handlerfilesfilessession.save_pathC:\ xampp\xampp\tmpC:\xampp\xampp\tmpsession.serialize _handlerphpphpsession.use_cookiesOnOnsession.use_o nly_cookiesOffOffsession.use_trans_sid00
I have tried to incorporate the code given into my php file but is quite complex especially my experience level.

This is what my code looks like so far with all the validation and textbox controls:

PHP Code:


			
<?php
 
if (!isset($_POST['submit'])) {
 
} else {
$Firstname = $_POST['Firstname'];
 
$Surname = $_POST['Surname'];
 
$Email = $_POST['Email'];
 
$Company = $_POST['Company'];
 
$phone = ereg_replace('[^0-9]', '', $_POST['Telephone']);
 
$employee = ($_POST['employee'] or $osrows);
 
$consultingtype = $_POST['consultingtype'];
 
$message = $_POST['Message'];
 
if (!empty($_POST['Firstname'])) {
} else {
$Firstname = FALSE;
echo "<p><font color='red'>Please enter your first name.</font></p>";
}
if (!empty($_POST['Surname'])) {
} else {
$Surname = FALSE;
echo "<p><font color='red'>Please enter your surname.</font></p>";
}
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $Email)){
 } else { echo "<p><font color='red'>Please enter a valid email address.</font></p>"; 
}  
 if (!empty($_POST['Company'])) {
} else {
$Company = FALSE;
echo "<p><font color='red'>Please enter your company name.</font></p>";
}
 
if (!filter_var($phone, FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => "/^0[1-9][0-9]{8,9}$/")))) {
echo "<p><font color='red'>Please enter a valid UK phone number.</font></p>";
} 
if ($employee == "1-10" || $employee == "10-20" || $employee == "20-40" || $employee == "40-80" || $employee == "80-160" || $employee == "160-320" || $employee == "320-640" || $employee == "1000+"){
 
}else {
echo "<p><font color='red'>Please select the number of employees</font></p>";
}
 
   if($consultingtype == "FinanceSupport" || $consultingtype == "MarketingSupport") { 
 
}else {
echo "<p><font color='red'>Please select a consulting option</font></p>";
}
if (!empty($_POST['Message'])) {
} else {
$message = FALSE;
echo "<p><font color='red'>Please enter a message.</font></p>";
}
 
if(isset($_POST['checkbox'])) {
} else {
echo "<p><font color='red'>You must agree to the Terms and Conditions.</font></p>";
}
}
$osrows = array(
 array('idInvalid' => 0, 'label' => 'Please select'),
 array('id' => 1, 'label' => '1-10'),
 array('id' => 2, 'label' => '20-40'),
 array('id' => 3, 'label' => '40-80'),
 array('id' => 4, 'label' => '80-160'),
 array('id' => 5, 'label' => '160-320'),
 array('id' => 6, 'label' => '320-640'),
 array('id' => 7, 'label' => '1000+'),
);
$consultingrows = array(
 array('idInvalid' => 0, 'label' => 'Please select'),
 array('id' => 1, 'label' => 'Finance Client'),
 array('id' => 2, 'label' => 'Marketing Client'),
 
); 
?>
  </p>
  </div>
  <table width="508" border="0">
  <tr>
    <td><p>First name</p></td>
    <td><label>
    <input type="text" name="Firstname" id="Firstname" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Firstname=$_POST['Firstname']; echo "$Firstname"; }?>" >
   </label> </td> 
  </tr>
  <tr>
    <td width="164"><p>Surname</p></td>
    <td width="334"><label>
    <input type="text" name="Surname" id="Surname" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Surname=$_POST['Surname']; echo "$Surname"; }?>" >
    </label></td>
  </tr>
  <tr>
    <td><p>Email Address</p></td>
    <td><label>
      <input type="text" name="Email" id="Email" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Email=$_POST['Email']; echo "$Email"; }?>">
    </label></td>
  </tr>
  <tr>
    <td><p>Company name</p></td>
    <td><label>
      <input type="text" name="Company" id="Company" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Company=$_POST['Company']; echo "$Company"; }?>">
    </label></td>
  </tr>
  <tr>
    <td><p>Telephone Number</p></td>
    <td><input type="text" name="Telephone" id="Telephone" value="<?php if (!isset($_POST['submit'])) {} else { 
    $phone=$_POST['Telephone']; echo "$phone"; }?>"></td>
  </tr>
  <tr>
    <td><p>Number of employees</p></td>
 
    <td><select name="employee" id="employee">
     <?php foreach ($osrows as $osrow): ?>
      <option value="<?php echo $osrow['id'] ?>"
 
   <?php echo ($osrow['id'] == $_POST['employee'] ? "selected='selected'" : ""); ?> 
  ><?php echo $osrow['label'] ?></option>
      <?php endforeach; ?>
    </select>
      </td>
  </tr>
  <tr>
    <td><p>Consulting type</p></td>
    <td>
      <select name="consultingtype" id="consultingtype">
        <?php foreach ($consultingrows as $consultingrow): ?>
      <option value="<?php echo $osrow['id'] ?>"
 
   <?php echo ($consultingrow['id'] == $_POST['consultingtype'] ? "selected='selected'" : ""); ?> 
  ><?php echo $consultingrow['label'] ?></option>
      <?php endforeach; ?>
    </select></td>
  </tr>
  <tr>
    <td height="133"><p>Message</p></td>
    <td valign="top">
      <textarea name="Message" cols="45" rows="10" id="Message"> <?php if (!isset($_POST['submit'])) {} else { 
    $message=$_POST['Message']; echo "$message"; }?></textarea></td>
  </tr>
  <tr>
    <td valign="top"><p> I agree to LMGR <a href="../Policies/policies.html" target="_blank">Terms and Conditons </a></p>      </td>
    <td valign="top">
    <input name="checkbox" type="checkbox" id="checkbox" value="checked"></td>
  </tr>
</table>
 
  <input name="submit" type="submit" id="submit" value="Submit">
</form>

Sorry if this post was a bit long but I thought you might like to see all the code.

Thanks guys

**Huggy** · 03-18-2010, 06:20 PM

I personally would just make a random number using

PHP Code:


			
$num = rand(10000,1000000);

Insert that number with the users email into the database, make it expire after 24 hours or something like that. Within the email give the user a link with the id inside the url, you can either send the users email, store the users ip and check that.

If the number matches the record in the database, set the users account to active. That's what I do when I need to create an activation script.

**njccbeach9** · 03-19-2010, 02:04 PM

I think using a database would make the problem harder to solve than it actually is. I am using a lot of ASP.net and therefore I have a MS SQL server 2008 express installed and I am using it for my members area.

Please can somebody help me solve the problem using cookies or sessions on the server.

Thanks

**NullPointer** · 02:36 PM

Quote:

Originally Posted by njccbeach9

I think using a database would make the problem harder to solve than it actually is. I am using a lot of ASP.net and therefore I have a MS SQL server 2008 express installed and I am using it for my members area.

Please can somebody help me solve the problem using cookies or sessions on the server.

Thanks

Cookies and sessions are a bad approach (for reasons I explained before). If you really insist on doing things without a database (which I don't personally recommend) you can use a flat file to store your data. The simplest way would probably to use an associative array to associate usernames with confirmation codes and serialize it:

PHP Code:


			
//reading in the data

$pathToFile = 'data.dat';

$data = unserialize(file_get_contents($pathToFile));



if($data && is_array($data))

{

     //checking the confirmation code assuming

     //the request is of the form: 

     //http://yoursite.com/confirm?user=username&code=confirmationcode

     $code = $_GET['code'];

     $user = $_GET['user'];



     if($code == $data[$user])

     {

          /*correct confirmation code

          you'll probably won't to remove the confirmed

          user's code using unset($data[$username])

          you'll need to save the data after doing this */

     }

}

PHP Code:


			
//storing a new code

$pathToFile = 'data.dat';

$data = unserialize(file_get_contents($pathToFile));



if(!$data || !is_array($data))

{

     $data = array();

}



$data[$username] = $code;



//store the data

file_put_contents($pathToFile, serialize($data));

A database would be a much more reliable solution; the performance of flat files degrade linearly. You may want to clean up the file from time to time as well: you'll need to store a timestamp for each entry and delete old entries from time to time.

**njccbeach9** · 06:12 PM

OK thanks for all the code. I have finally got the base code all working. I have PHP validation working just the way I want it to.

After a bit of learning I came up with a solution similar to what you were suggesting.
--------------------------------
Contact Page (contactus.php) (all required fields): user fills in all details

Firstname: TEXTBOX
Surname: TEXTBOX
Email: TEXBOX
Number of employees: DROP DOWN
Consulting type: DROP DOWN
Message: TEXT AREA
Confirmation: CHECKBOX

Submit: BUTTON (when user clicks it adds this data to a table in a Microsoft SQL 2008 Express Database and sends an email to the address the user entered into the email textbox )
------------------------------------------
In database table (MS SQL 2008 Express)

ID (primary key) : Randomly generated number (created by PHP)
Firstname: Data user entered
Surname: Data user entered
Email: Data user entered
Number of employees: Data user entered
Consulting type: Data user entered
Message: Data user entered
Confirmation: checked

----------------
Confirmation Email

Thanks for contacting us please click this go here to complete contacting us:

http://www.mysite.com/contactus.php?RANDOMNUMBER

------------------------------------

Contact Us (contactus.php?RANDOMNUMBER)

Gets the data from the ID RANDOMNUMBER

As soon as page loads it sends all the data off to a fixed email address:

myemail@myemail.com

If the email was successfully send, php removes RANDOMNUMBER's row in the database browser redirects to static page- successForm.html just saying email successfully sent

If the email failed to send, php keeps RANDOMNUMBER's row in the database and browser redirects to static page- failureForm.html just saying email failed to send. Please try the confirmation link again later.

------------

To clarify things further, I'll show you what contactus.php looks like so far so you see what I need to do in order to successfully achieve the above:

Code:

<?php
 
if (!isset($_POST['submit'])) {
 
} else {
$Firstname = $_POST['Firstname'];
 
$Surname = $_POST['Surname'];
 
$Email = $_POST['Email'];
 
$Company = $_POST['Company'];
 
$phone = ereg_replace('[^0-9]', '', $_POST['Telephone']);
 
$employee = ($_POST['employee'] or $osrows);
 
$consultingtype = ($_POST['consultingtype'] or $consultingrows);
 
$message = $_POST['Message'];
 
if (!empty($_POST['Firstname'])) {
} else {
$Firstname = FALSE;
echo "<p><font color='red'>Please enter your first name.</font></p>";
}
if (!empty($_POST['Surname'])) {
} else {
$Surname = FALSE;
echo "<p><font color='red'>Please enter your surname.</font></p>";
}
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $Email)){
 } else { echo "<p><font color='red'>Please enter a valid email address.</font></p>"; 
}  
 if (!empty($_POST['Company'])) {
} else {
$Company = FALSE;
echo "<p><font color='red'>Please enter your company name.</font></p>";
}
 
if (!filter_var($phone, FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => "/^0[1-9][0-9]{8,9}$/")))) {
echo "<p><font color='red'>Please enter a valid UK phone number.</font></p>";
} 
if ($employee == "1-10" || $employee == "10-20" || $employee == "20-40" || $employee == "40-80" || $employee == "80-160" || $employee == "160-320" || $employee == "320-640" || $employee == "1000+"){
 
}else {
echo "<p><font color='red'>Please select the number of employees</font></p>";
}
 
   if ($consultingtype == "Finance Support" || $consultingtype == "Marketing Support") { 
 
}else {
echo "<p><font color='red'>Please select the a consulting option</font></p>";
}
if (!empty($_POST['Message'])) {
} else {
$message = FALSE;
echo "<p><font color='red'>Please enter a message.</font></p>";
}
 
if(isset($_POST['checkbox'])) {
} else {
echo "<p><font color='red'>You must agree to the Terms and Conditions.</font></p>";
}
}
$osrows = array(
 array('idInvalid' => 0, 'label' => 'Please select'),
 array('id' => 1, 'label' => '1-10'),
 array('id' => 2, 'label' => '20-40'),
 array('id' => 3, 'label' => '40-80'),
 array('id' => 4, 'label' => '80-160'),
 array('id' => 5, 'label' => '160-320'),
 array('id' => 6, 'label' => '320-640'),
 array('id' => 7, 'label' => '1000+'),
);
$consultingrows = array(
 array('id2Invalid' => 0, 'label2' => 'Please select'),
 array('id2' => 1, 'label2' => 'Finance Support'),
 array('id2' => 2, 'label2' => 'Marketing Support'),
 
); 
?>
</p>
  </div>
  <table width="508" border="0">
  <tr>
    <td><p>First name</p></td>
    <td><label>
    <input type="text" name="Firstname" id="Firstname" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Firstname=$_POST['Firstname']; echo "$Firstname"; }?>" >
   </label> </td> 
  </tr>
  <tr>
    <td width="164"><p>Surname</p></td>
    <td width="334"><label>
    <input type="text" name="Surname" id="Surname" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Surname=$_POST['Surname']; echo "$Surname"; }?>" >
    </label></td>
  </tr>
  <tr>
    <td><p>Email Address</p></td>
    <td><label>
      <input type="text" name="Email" id="Email" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Email=$_POST['Email']; echo "$Email"; }?>">
    </label></td>
  </tr>
  <tr>
    <td><p>Company name</p></td>
    <td><label>
      <input type="text" name="Company" id="Company" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Company=$_POST['Company']; echo "$Company"; }?>">
    </label></td>
  </tr>
  <tr>
    <td><p>Telephone Number</p></td>
    <td><input type="text" name="Telephone" id="Telephone" value="<?php if (!isset($_POST['submit'])) {} else { 
    $phone=$_POST['Telephone']; echo "$phone"; }?>"></td>
  </tr>
  <tr>
    <td><p>Number of employees</p></td>
 
    <td><select name="employee" id="employee">
     <?php foreach ($osrows as $osrow): ?>
      <option value="<?php echo $osrow['id'] ?>"
 
   <?php echo ($osrow['id'] == $_POST['employee'] ? "selected='selected'" : ""); ?> 
  ><?php echo $osrow['label'] ?></option>
      <?php endforeach; ?>
    </select>
      </td>
  </tr>
  <tr>
    <td><p>Consulting type</p></td>
    <td>
      <select name="consultingtype" id="consultingtype">
        <?php foreach ($consultingrows as $consultingrow): ?>
      <option value="<?php echo $consultingrow['id2'] ?>"
 
   <?php echo ($consultingrow['id2'] == $_POST['consultingtype'] ? "selected='selected'" : ""); ?> 
  ><?php echo $consultingrow['label2'] ?></option>
      <?php endforeach; ?>
    </select></td>
  </tr>
  <tr>
    <td height="133"><p>Message</p></td>
    <td valign="top">
      <textarea name="Message" cols="45" rows="10" id="Message"><?php $message=$_POST['Message']; echo "$message"; ?></textarea></td>
  </tr>
  <tr>
    <td valign="top"><p> I agree to LMGR <a href="../Policies/policies.html" target="_blank">Terms and Conditons </a></p>      </td>
    <td valign="top">
    <input name="checkbox" type="checkbox" id="checkbox" value="checked"></td>
  </tr>
</table>
 
  <input name="submit" type="submit" id="submit" value="Submit" >
 
</form>

Sorry I have changed my mind a lot throughout this thread but I am learning as I still learning and many people are suggesting different things, but I believe this is probably the best way.

I hope I have given all the info needed. Please bear in mind it must connect to a Microsoft SQL 2008 Express database named ASPNETDB.MDF
I cannot use MySQL because I have already set up all the user accounts in this particular database. I have heard it is possible to do this in PHP despite the fact it is normally used to connect to MySQL.

Thanks for your time guys,

**njccbeach9** · 04-01-2010, 06:15 AM

Ignore my last thread. After a long time I have finally cracked the hardest piece of this issue.

You see when I submit the form, it goes ahead as I asked it to and inserts a row into my SQL Express database table.
However, when it gives the results of the number of employees and consulting type it always comes back with a value of 1. I have tried to changed my values but because so much relies of something else it just messes everything up. Here is my code:

Code:

<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" name="form" id="form"><h1> By Email </h1>
<p>Please fill in the following information in order to Contact us about our consulting programmes or any other queries you many have.</p>
<div class="divRightContact"><p>
 
<?php
$number=0;
if (!isset($_POST['submit'])) {
 
} else {
$Firstname = $_POST['Firstname'];
 
$Surname = $_POST['Surname'];
 
$Email = $_POST['Email'];
 
$Company = $_POST['Company'];
 
$phone = ereg_replace('[^0-9]', '', $_POST['Telephone']);
 
$employee = ($_POST['employee'] or $osrows);
 
$consultingtype = ($_POST['consultingtype'] or $consultingrows);
 
$message = $_POST['Message'];
$checkbox = $_POST['checkbox'];
 
if (!empty($_POST['Firstname'])) {
$number++;
} else {
$Firstname = FALSE;
echo "<p><font color='red'>Please enter your first name.</font></p>";
}
if (!empty($_POST['Surname'])) {
$number++;
} else {
$Surname = FALSE;
echo "<p><font color='red'>Please enter your surname.</font></p>";
}
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $Email)){
$number++;
 } else { echo "<p><font color='red'>Please enter a valid email address.</font></p>"; 
}  
 if (!empty($_POST['Company'])) {
 $number++;
} else {
$Company = FALSE;
echo "<p><font color='red'>Please enter your company name.</font></p>";
}
 
if (!filter_var($phone, FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => "/^0[1-9][0-9]{8,9}$/")))) {
echo "<p><font color='red'>Please enter a valid UK phone number.</font></p>";
} else {
$number++;
} 
if ($employee == "1-10" || $employee == "10-20" || $employee == "20-40" || $employee == "40-80" || $employee == "80-160" || $employee == "160-320" || $employee == "320-640" || $employee == "1000+"){
$number++;
}else {
echo "<p><font color='red'>Please select the number of employees</font></p>";
}
 
   if ($consultingtype == "Finance Support" || $consultingtype == "Marketing Support") { 
 $number++;
}else {
echo "<p><font color='red'>Please select the a consulting option</font></p>";
}
if (!empty($_POST['Message'])) {
$number++;
} else {
$message = FALSE;
echo "<p><font color='red'>Please enter a message.</font></p>";
}
 
if(isset($_POST['checkbox'])) {
$number++;
} else {
echo "<p><font color='red'>You must agree to the Terms and Conditions.</font></p>";
}
}
$osrows = array(
 array('idInvalid' => 0, 'label' => 'Please select'),
 array('id' => 1, 'label' => '1-10'),
 array('id' => 2, 'label' => '20-40'),
 array('id' => 3, 'label' => '40-80'),
 array('id' => 4, 'label' => '80-160'),
 array('id' => 5, 'label' => '160-320'),
 array('id' => 6, 'label' => '320-640'),
 array('id' => 7, 'label' => '1000+'),
);
$consultingrows = array(
 array('id2Invalid' => 0, 'label2' => 'Please select'),
 array('id2' => 1, 'label2' => 'Finance Support'),
 array('id2' => 2, 'label2' => 'Marketing Support'),
 
); 
if ($number >= 9) {
  if ($db = @mssql_connect('.\SQLEXPRESS', '',
    '')) {
    mssql_select_db('ASPNETDB');
    echo 'Connected to the database.';
 
 
$tbl_name=contactUs_data; 
// Random confirmation code 
$ticketID=md5(uniqid(rand())); 
// values sent from form 
$Firstname;
 $Surname;
 $Email;
 $Company;
 $phone;
 $employee;
 $consultingtype ;
 $message;
 $checkbox;
// Insert data into database 
$sql="INSERT INTO $tbl_name(ticketID, firstname, surname, email, company, telephone,employeenumber, consultingtype, message, confirmation)VALUES('$ticketID','$Firstname', '$Surname', '$Email', '$Company', '$phone', '$employee', '$consultingtype', '$message', '$checkbox')"; 
$result=mssql_query($sql); 
 
 
 if($result){
// send e-mail to ... 
$to=$Email; 
// Your subject 
$subject="Your confirmation link here"; 
// From 
$header="from: your name <your email>"; 
// Your message 
$message="Your Comfirmation link \r\n"; 
$message.="Click on this link to activate your account \r\n"; 
$message.="confirmation.php?passkey=$ticketID"; 
// send email 
$sentmail = mail($to,$subject,$message,$header); 
} 
// if your email succesfully sent 
if($sentmail){ 
echo "Your Confirmation link Has Been Sent To Your Email Address."; 
} 
else { 
echo "Cannot send Confirmation link to your e-mail address"; 
} 
 
  
 
 
    mssql_close($db);
  } else {
    echo 'Connection failed.';
  }
}
?>
</p>
  </div>
  <table width="508" border="0">
  <tr>
    <td><p>First name</p></td>
    <td><label>
    <input type="text" name="Firstname" id="Firstname" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Firstname=$_POST['Firstname']; echo "$Firstname"; }?>" >
   </label> </td> 
  </tr>
  <tr>
    <td width="164"><p>Surname</p></td>
    <td width="334"><label>
    <input type="text" name="Surname" id="Surname" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Surname=$_POST['Surname']; echo "$Surname"; }?>" >
    </label></td>
  </tr>
  <tr>
    <td><p>Email Address</p></td>
    <td><label>
      <input type="text" name="Email" id="Email" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Email=$_POST['Email']; echo "$Email"; }?>">
    </label></td>
  </tr>
  <tr>
    <td><p>Company name</p></td>
    <td><label>
      <input type="text" name="Company" id="Company" value="<?php if (!isset($_POST['submit'])) {} else { 
    $Company=$_POST['Company']; echo "$Company"; }?>">
    </label></td>
  </tr>
  <tr>
    <td><p>Telephone Number</p></td>
    <td><input type="text" name="Telephone" id="Telephone" value="<?php if (!isset($_POST['submit'])) {} else { 
    $phone=$_POST['Telephone']; echo "$phone"; }?>"></td>
  </tr>
  <tr>
    <td><p>Number of employees</p></td>
 
    <td><select name="employee" id="employee">
     <?php foreach ($osrows as $osrow): ?>
      <option value="<?php echo $osrow['id'] ?>"
 
   <?php echo ($osrow['id'] == $_POST['employee'] ? "selected='selected'" : ""); ?> 
  ><?php echo $osrow['label'] ?></option>
      <?php endforeach; ?>
    </select></td>
  </tr>
  <tr>
    <td><p>Consulting type</p></td>
    <td>
      <select name="consultingtype" id="consultingtype">
        <?php foreach ($consultingrows as $consultingrow): ?>
      <option value="<?php echo $consultingrow['id2'] ?>"
 
   <?php echo ($consultingrow['id2'] == $_POST['consultingtype'] ? "selected='selected'" : ""); ?> 
  ><?php echo $consultingrow['label2'] ?></option>
      <?php endforeach; ?>
    </select></td>
  </tr>
  <tr>
    <td height="133"><p>Message</p></td>
    <td valign="top">
      <textarea name="Message" cols="45" rows="10" id="Message"><?php $message=$_POST['Message']; echo "$message"; ?></textarea></td>
  </tr>
  <tr>
    <td valign="top"><p> I agree to LMGR <a href="../Policies/policies.html" target="_blank">Terms and Conditons </a></p>      </td>
    <td valign="top">
    <input name="checkbox" type="checkbox" id="checkbox" value="checked"></td>
  </tr>
</table>
 
  <input name="submit" type="submit" id="submit" value="Submit" ></form>

I am so sure this is a simple problem to solve, but please, somebody, can you outline what I need to do so that the value that appears in my database represents the value of the selection.

Thanks,