vigi3/form.php

## form.php
<?php

	if($_POST){

	//not empty
	//
		$errors = array();

	//start validation
		if (empty($_POST['nom'])) {

			$errors['nom1'] = "Tu dois marqué ton nom !";
		}

		if (empty($_POST['prenom'])) {

			$errors['prenom1'] = "Tu dois marqué ton prénom !";
		}

		if (empty($_POST['email'])) {

			$errors['email1'] = "Tu dois marqué ton email !";
		}

		if (empty($_POST['telephone'])) {

			$errors['telephone1'] = "Tu dois marqué ton numero de telephone !";
		}

		if (empty($_POST['message'])) {

			$errors['message1'] = "Le message ne peut pas etre vide !";
		}


	//Check
		if (count($errors)==0) {
			echo "Success";
		}
	}

?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">
	<title>My test page</title>
</head>
<body>
	<form action="form.php" action="test_form.php/&quot;&gt;&lt;script&gt;alert('hacked')&lt;/script&gt;" method="post" target="">
		<div>
			<label for="nom">Nom :</label><br>
			<input type="text" id="nom" name="nom" value="<?php if (isset($_POST['nom'])) echo $_POST['nom']; ?>">
			<p><?php if (isset($errors['nom1'])) { echo $errors['nom1'];

			} ?></p>
		</div>
		<div>
			<label for="prenom">Prenom :</label><br>
			<input type="text" id="prenom" name="prenom" value="<?php if (isset($_POST['prenom'])) echo $_POST['prenom']; ?>">
			<p><?php if (isset($errors['prenom1'])) { echo $errors['prenom1'];

			} ?></p>
		</div>
		<div>
			<label for="email">Courriel :</label><br>
			<input type="email" id="email" name="email" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>">
			<p><?php if (isset($errors['email1'])) { echo $errors['email1'];

			} ?></p>
		</div>
		<div>
			<label for="tel">Telephone :</label><br>
			<input type="text" id="telephone" name="telephone" value="<?php if (isset($_POST['telephone'])) echo $_POST['telephone']; ?>">
			<p><?php if (isset($errors['telephone1'])) { echo $errors['telephone1'];

			} ?></p>
		</div>
		<div>
			<label for="pays">Sujet :</label><br>
			<select name="sujet" id="sujet">
				<option value="wild">Wild</option>
				<option value="code">Code</option>
				<option value="school">School</option>
				<option value="5">5</option>
				<option value="month">Month</option>
			</select>
		</div>
		<div>
			<label for="message">Message :</label><br>
			<textarea id="message" name="message"><?php if (isset($_POST['message'])) echo $_POST['message']; ?></textarea>
			<p><?php if (isset($errors['message1'])) { echo $errors['message1'];

			} ?></p>
		</div>
		<div class="button">
			<button type="submit">Envoyer votre message</button>
		</div>
	</form>
</body>
</html>
	<?php

	if($_POST){

	//not empty
	//
	$errors = array();

	//start validation
	if (empty($_POST['nom'])) {

	$errors['nom1'] = "Tu dois marqué ton nom !";
	}

	if (empty($_POST['prenom'])) {

	$errors['prenom1'] = "Tu dois marqué ton prénom !";
	}

	if (empty($_POST['email'])) {

	$errors['email1'] = "Tu dois marqué ton email !";
	}

	if (empty($_POST['telephone'])) {

	$errors['telephone1'] = "Tu dois marqué ton numero de telephone !";
	}

	if (empty($_POST['message'])) {

	$errors['message1'] = "Le message ne peut pas etre vide !";
	}





	//Check
	if (count($errors)==0) {
	echo "Success";
	}
	}

	?>
	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<title>My test page</title>
	</head>
	<body>
	<form action="form.php" action="test_form.php/"><script>alert('hacked')</script>" method="post" target="">
	<div>
	<label for="nom">Nom :</label><br>
	<input type="text" id="nom" name="nom" value="<?php if (isset($_POST['nom'])) echo $_POST['nom']; ?>">
	<p><?php if (isset($errors['nom1'])) { echo $errors['nom1'];

	} ?></p>
	</div>
	<div>
	<label for="prenom">Prenom :</label><br>
	<input type="text" id="prenom" name="prenom" value="<?php if (isset($_POST['prenom'])) echo $_POST['prenom']; ?>">
	<p><?php if (isset($errors['prenom1'])) { echo $errors['prenom1'];

	} ?></p>
	</div>
	<div>
	<label for="email">Courriel :</label><br>
	<input type="email" id="email" name="email" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>">
	<p><?php if (isset($errors['email1'])) { echo $errors['email1'];

	} ?></p>
	</div>
	<div>
	<label for="tel">Telephone :</label><br>
	<input type="text" id="telephone" name="telephone" value="<?php if (isset($_POST['telephone'])) echo $_POST['telephone']; ?>">
	<p><?php if (isset($errors['telephone1'])) { echo $errors['telephone1'];

	} ?></p>
	</div>
	<div>
	<label for="pays">Sujet :</label><br>
	<select name="sujet" id="sujet">
	<option value="wild">Wild</option>
	<option value="code">Code</option>
	<option value="school">School</option>
	<option value="5">5</option>
	<option value="month">Month</option>
	</select>
	</div>
	<div>
	<label for="message">Message :</label><br>
	<textarea id="message" name="message"><?php if (isset($_POST['message'])) echo $_POST['message']; ?></textarea>
	<p><?php if (isset($errors['message1'])) { echo $errors['message1'];

	} ?></p>
	</div>
	<div class="button">
	<button type="submit">Envoyer votre message</button>
	</div>
	</form>
	</body>
	</html>