This question already has answers here:
PHP email form shooting blank emails
(4 answers)
Closed 2 years ago.
I have a contact form on two different websites I have made for clients.
At around 8-9pm everyday a blank message is sent using the contact form and straight to my clients' respective email addresses.
PHP:
<?php
$name = $_POST['full-name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = $_POST['full-name'];
$to = 'mobileguitarworkshop#hotmail.com';
if(!empty($_POST['field'])) die();
$email_from = 'mobileguitarworkshop#hotmail.com';
$email_subject = "Enquiry from $name.\n";
$body = "From: $name.\n".
"Email: $email.\n".
"Message: $message.\n";
$headers = "From: $email \r\n";
$headers .= "Reply-To: $email \r\n";
mail($to, $email_subject, $body, $headers);
header("Location: http://mobileguitarworkshop.co.uk/success.html");
exit();
?>
HTML:
<form action="contact.php" method="post" class="contact-form">
<label for="full-name">Name</label>
<input name="full-name" type="text" id="full-name" required>
<input type="text" id="field" name="field"/>
<label for="phone">Phone</label>
<input name="phone" type="tel" id="phone">
<label for="email">Email address</label>
<input name="email" type="text" id="email" required>
<label for="message">Message</label>
<textarea name="message" id="message"></textarea>
<input name="send" type="submit" value="SEND" id="sendBtn">
</form>
I've tried adding 'required' to the Name and Email Address inputs to stop spammers, and also a hidden field that, if filled, directs them to 'success.html' without posting the message.
If anyone can explain why this is happening that would be great. The hosting service I'm using is 1&1 IONOS.
Thanks,
Jack
The spammers may be sending a request directly to the contact form endpoint, bypassing your form entirely. This means that required fields in the html wont do much to stop that. You'll need to check those properties on the backend to prevent those submissions. Something like this would work:
if(empty($_POST['full-name']) || empty($_POST['email'])) {
die();
}
If I were you, I'd also look into implementing a CSRF token. See How to properly add CSRF token using PHP
While we're talking, we really should sanitize the $_POST['message']; with something like the below to remove any questionable html content your users may have submitted:
$message = strip_tags($_POST['message']);
Related
I recently made a website using HTML, CSS, and JS. Since I don't know PHP, I am stuck at building the contact form where it is vital on the website. I learned a bit from YouTube tutorials and have the following HTML & PHP code:
<div class="contact_form">
<form action="/action_page.php">
<input type="text" id="name" name="name" placeholder="Name*">
<input class="contact_even" type="text" id="email" name="email" placeholder="Email id*">
<input type="text" id="phone" name="phone" placeholder="Phone No.">
<input class="contact_even" type="text" id="city" name="city" placeholder="City">
<textarea id="subject" name="subject" placeholder="How Can We Help You?"></textarea>
<input type="submit" value="Submit">
</form>
</div>
<?php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$mailFrom = $_POST['email'];
$phone = $_POST['phone'];
$city = $_POST['city'];
$message = $_POST['message'];
$mailTo = 'example#something.in';
$headers = 'From: '.$mailFrom;
$txt = $name.'('.$phone.') from '.$city.' says:\n\n'.$message;
$headers = "MIME-VERSION: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
mail($mailTo, $headers, $txt);
header("Location: index.html?mailsent");
}
?>
Why do I need the MIME and content-type headers at the bottom as that bit I added from another tutorial.
When I use the form and try sending the message, I get the "?mailsent" after the URL but I receive no email which is a professional plan by GoDaddy.
They are also hosting my website. I contacted them to know whether the server allows me to make my contact form with the plan I have and they said yes. So, I must be missing something important here.
refer to the documentation of mail function
there are 3 required parameter : email destination (to), subject and the message, and two additional options are: headers and parameters.
your code didnt respect that, because you missing to add the subjuct as parameter.
and you get ?mailsent because you use header("Location: index.html?mailsent") without any test if the email send successfully or not.
i suggest you to replace the last two lines of your php code with this
$subject = "some subject"; // you can replace it with $subject = $_POST["subject"]
$result = mail($mailTo, $subject , $txt,$headers);
if ($result){
// mail send successfully
header("Location: index.html?mailsent");
} else {
// error
}
EDIT:
you can get the error message with error_get_last() function.
thanks to https://stackoverflow.com/a/20203870/195835
$subject = "some subject"; // you can replace it with $subject = $_POST["subject"]
$result = mail($mailTo, $subject , $txt,$headers);
if ($result){
// mail send successfully
header("Location: index.html?mailsent");
} else {
print_r(error_get_last());
}
You are missing the form action, So PHP doesn't know what to do with your variable data.Try adding method="post" inside <form> tag. Like this
<div class="contact_form">
<form action="/action_page.php" method="post">
<input type="text" id="name" name="name" placeholder="Name*">
<input class="contact_even" type="text" id="email" name="email" placeholder="Email id*">
<input type="text" id="phone" name="phone" placeholder="Phone No.">
<input class="contact_even" type="text" id="city" name="city" placeholder="City">
<textarea id="subject" name="subject" placeholder="How Can We Help You?"></textarea>
<input type="submit" value="Submit">
</form>
</div>
And also. If you use your computer as localhost(using xampp , wamp, or something without a hosting service) You have to make some changes to the config files.
Also try this modified php code
<?php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$mailFrom = $_POST['email'];
$phone = $_POST['phone'];
$city = $_POST['city'];
$message = $_POST['message'];
$title = "replace this";
$mailTo = 'support#udichi.in';
$txt = $name.'('.$phone.') from '.$city.' says:\n\n'.$message;
$headers = 'From: '.$mailFrom . PHP_EOL .'Reply-To:' .$mailFrom . PHP_EOL . 'X-Mailer: PHP/' . phpversion();
mail($mailTo,$title,$txt,$headers);
header("Location: index.html?mailsent");
}
?>
This question already has answers here:
How do I send email on heroku using PHP?
(2 answers)
PHP mail function doesn't complete sending of e-mail
(31 answers)
Closed 4 years ago.
I'm trying to make my form work so I can receive emails. My website is currently stored on Heroku and everything looks fine, except it doesn't send emails after the form is submitted. Can someone help me please?
index.php :
<form id="contact-form" method="post" action="email.php">
<input class="holder" placeholder="Name" type="text" name="name" required>
<input class="holder" placeholder="Email" type="email" name="email" required>
<textarea class="holder" placeholder="Drop me some lines" type="text" name="message"></textarea>
<div class="button-position">
<button id="button-submit" type="submit"><p id='submit_word'>Submit</p><img class="send-spaceship" src="resources/css/images/send-spaceship.png"></button>
</div>
</form>
email.php:
<?php
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];
$email_from = "itzikshaoulian#gmail.com";
$email_subject = "Form Submission";
$email_body = "User Name: $name.\n".
"User Email: $visitor_email.\n".
"User Message: $message.\n";
$to = "itzikshaoulian#gmail.com";
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
mail($to,$email_subject,$email_body,$headers);
header("Location: https://itzikshaoulianportfolio.herokuapp.com/");
?>
I've already spend hours on this simple code. Email arrives, but fields like name email newsletter are empty. It must be something stupid but it drives me crazzy that it's not working when it's just simple form.
Also, if you know, can you please help me prevent user from clicking on form twice and sending multiple emails. Thank you a lot!
<?php
$name = strip_tags(htmlspecialchars($_GET['name']));
$email_address = strip_tags(htmlspecialchars($_GET['email']));
$message = strip_tags(htmlspecialchars($_GET['message']));
$newsletter = strip_tags(htmlspecialchars($_GET['newsletter']));
// Create the email and send the message
$to = 'xxx#xxx.com';
$email_subject = "Message from from : $name";
$email_body = "Message from form arrived.\n\n"."Message details:\n\nName: $name\n\nEmail: $email_address\n\nPhone: $newsletter\n\nMessage:\n$message";
$headers = "From: form#xxx.com\n";
$headers .= "Reply-To: $email_address";
mail($to,$email_subject,$email_body,$headers);
?>
<form method="GET">
<span>Name</span>
<input type="text" name="name" placeholder="Your name"><br />
<span>E-mail</span>
<input type="email" name="email" placeholder="E-mail"><br />
<div>Message</div>
<textarea type="text" name="message" rows="8" cols="80"></textarea><br />
<input type="checkbox" name="newsletter" id="newsletter">
<label for="newsletter">I wold like to get email infromations</label><br />
<button type="submit">Send</button>
<span class="message"></span>
</form>
You may prefer HEREDOC syntax when working with lengthy strings that include variables, like you would use to generate email content. If your variables are being populated correctly, then this should work.
$email_body = <<<EOT
Message from form arrived.
Message details:
Name: $name
Email: $email_address
Phone: $newsletter
Message:
$message
EOT;
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Hi guys this is my first question on stackoverflow.
I'm an amateur web designer designing a mostly static website..I need to create a contact form for user queries.What's the best approach for this task?
1)php's mailto function?
2)form data stored in a text file or spreadsheet?
3)database-connected(not preferred)
Any help would be really appreciated!!
To create a simple contact us form in php,you dont need to create any database. You have to use mail() function in PHP
You can refer following links to built simple contact us form :-
http://www.phpeasystep.com/phptu/8.html
http://www.freecontactform.com/email_form.php
OR
page1.php
<h2>Your Title</h2>
<form action="receiving.php" method="POST">
Name:<br><input type="text" name="name" size="40" /><br><br>
Email:<br><input type="text" name="email" size="40" /><br><br>
Phone:<br><input type="text" name="phone" size="40"><br><br>
Message:<br><textarea name="message" rows="3" cols="31" > </textarea><br><br>
<input type="submit" name="submit" value="Submit" />
<br><br>
</form>
receiving.php
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$message = $_POST['message'];
if(isset($_POST['submit']))
{
$from_add = "contactform#yourwebsite.com";
$to_add = "yourname#yourwebsite.com";
$subject = "Your Subject Name";
$message = "Name:$name \n Email: $email \n Phone: $phone \n
Message: $message";
$headers = "From: $from_add \r\n";
$headers .= "Reply-To: $from_add \r\n";
$headers .= "Return-Path: $from_add\r\n";
$headers .= "X-Mailer: PHP \r\n";
if(mail($to_add,$subject,$message,$headers))
{
$msg = "Mail sent";
}
}
print "<p> Thank you $name for your message,
we will be in contact shortly. Click here
to continue </p>" ;
?>
NOTE :- You cannot send mail from localhost, configure some other smtp at localhost eg : google,yahoo...
Sample code of contact form using mail function
<?php
if (isset($_POST['action'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
if ($name == "" || $email == "" || $message == "") {
echo "All fields are required, please fill the form again.";
} else {
$from = "From: $name<$email>\r\nReturn-path: $email";
$subject = "Message sent using your contact form";
mail("youremail#yoursite.com", $subject, $message, $from);
echo "Email sent!";
}
}
?>
<form action="" method="POST">
Your name:<br>
<input name="name" type="text" /><br>
Your email:<br>
<input name="email" type="text"/><br>
Your message:<br>
<textarea name="message" rows="7" cols="30"></textarea><br>
<input type="submit" name="action" value="Send email"/>
</form>
Simply build a html-form and send the data to a php-file. Database is not needed at all, unless you want to store all messages or IP.
A simple search will get you a lot of results.
In the phpfile you have two options: Use php's mail() as is, or try PHPmailer. The latter is a bit more complecated, but ends up less as spam, it sets headers and everything for you.
Especially when you mail from multiple pointer on your website, I recommend PHPmailer.
In reply to one of your comments:
All mailing happends on the server. PHP is a serverside language, all actions take place on the server, not on the users computer. For that reason, your code should always be on a server, or local with WAMP (or LAMP)
I am a web designer, and dont really know much about PHP. I have a form, and I want the values to be sent to three email addresses.
Here is my HTML:
<form id="player" method="post" action="process.php">
<label for="name">Your Name</label>
<input type="text" name="name" title="Enter your name" class="required">
<label for="phone">Daytime Phone</label>
<input type="tel" name="phone" class="required">
<label for="email">Email</label>
<input type="email" name="email" title="Enter your e-mail address" class="required email">
<input type="submit" name="submit" class="button" id="submit" value="I'd like to join Now" />
</form>
I have somehow found a PHP code that should send the data to ONE email address only, but I dont even know if it works or not.
Here is the code for that:
<?php
// Get Data
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$phone = strip_tags($_POST['phone']);
$url = strip_tags($_POST['url']);
$message = strip_tags($_POST['message']);
// Send Message
mail( "you#youremail.com", "Contact Form Submission",
"Name: $name\nEmail: $email\nPhone: $phone\nWebsite: $url\nMessage: $message\n",
"From: Forms <forms#example.net>" );
?>
Thanks
Add headers
<?php
// Get Data
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
$phone = strip_tags($_POST['phone']);
$url = strip_tags($_POST['url']);
$message = strip_tags($_POST['message']);
$headers .="From: Forms <forms#example.net>";
$headers .="CC: Mail1 <Mail1#example.net>";
$headers .=", Mail2 <Mail2#example.net>";
// Send Message
mail( "you#youremail.com", "Contact Form Submission",
"Name: $name\nEmail: $email\nPhone: $phone\nWebsite: $url\nMessage: $message\n",
$headers );
?>
You should be able to separate email addresses with commas in the first parameter of the mail() function, i.e.
mail('email1#example.com, email2#example.com', $subject, $message, $headers);
Or sepcific CC and optionally BCC addresses as per Ahmad's answer.
The mail function (which is used in the code that you posted) allows you to specify multiple recipients. See the PHP documentation of that function for details: http://php.net/manual/en/function.mail.php
Edit: You basically need to replace the "you#youremail.com" part with a list of addresses, separated by commas, e.g.:
mail("you#youremail.com,somebody#domain.com,anotherone#domain.com", ...
use
$to = "email#email.com"
$to .= ", anotheremail#email.com";
this will help you to create multiple recipient.