I have just now completed building this form and it is running quite well, thanks to the user community of stackoverflow; but I have now noticed an issue with my form while testing it in different scenarios.
The major problem is that it is sending information regardless of any information being present and regardless of whether the user has entered correct data. The error is showing up on the page, but the data is being sent, even when error is being displayed on the page.
I want to find out how to stop the form from sending an E-mail, when the fields are empty or have wrong content entered into them?
Here is the PHP code, I am using:
<?php
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
// define variables and set to empty values
$first_nameErr = $last_nameErr = $emailErr = $overviewErr = "";
$first_name = $last_name = $email = $overview = "";
if(isset($_POST['email'])) {
$email_to = "myself#mydomain.com";
$email_subject = "Contact us - My company's name";
{
if (empty($_POST["first_name"]))
{$first_nameErr = "(First Name is required)";}
else
{$first_name = test_input($_POST["first_name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$first_name))
{
$first_name = "(Only letters and white space allowed)";
}
}
if (empty($_POST["last_name"]))
{$last_nameErr = "(Last Name is required)";}
else
{$last_name = test_input($_POST["last_name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$last_name))
{
$last_name = "(Only letters and white space allowed)";
}
}
if (empty($_POST["email"]))
{$emailErr = "(Email ID is required)";}
else
{$email = test_input($_POST["email"]);
// check if e-mail address syntax is valid
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email))
{
$emailErr = "(Invalid email format)";
}
}
if (empty($_POST["overview"]))
{$overviewErr = "(Overview is required)";}
else
{$overview = test_input($_POST["overview"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$overview))
{
$overview = "(Only letters and white space allowed)";
}
}
}
//Email & SEND INFO
$email_message = "Form details below.\n\n";
$email_message .= "First Name: ".clean_string($first_name)."\n";
$email_message .= "Last Name: ".clean_string($last_name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Services: ".clean_string(implode(', ', $service))."\n";
$email_message .= "Overview: ".clean_string($overview)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
?>
<!-- Success HTML -->
Thank you for contacting us. We will be in touch with you very soon.
<?php
}
?>
I believe you are wanting to stop the form from sending any data if there is nothing to send in the forms, right? If so then you need to do that via javascript. The easiest way would be with jquery. I suggest This tutorial. That will help you get off the ground
I think your code blocks might be incorrect try this:
<?php
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
// define variables and set to empty values
$first_nameErr = $last_nameErr = $emailErr = $overviewErr = "";
$first_name = $last_name = $email = $overview = "";
if(isset($_POST['email'])) {
$email_to = "myself#mydomain.com";
$email_subject = "Contact us - My company's name";
}
if (empty($_POST["first_name"])) {
$first_nameErr = "(First Name is required)";
} else {
$first_name = test_input($_POST["first_name"]);
}
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$first_name)) {
$first_name = "(Only letters and white space allowed)";
}
if (empty($_POST["last_name"])) {
$last_nameErr = "(Last Name is required)";
} else {
$last_name = test_input($_POST["last_name"]);
}
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$last_name)) {
$last_name = "(Only letters and white space allowed)";
}
if (empty($_POST["email"])) {
$emailErr = "(Email ID is required)";
} else {
$email = test_input($_POST["email"]);
}
// check if e-mail address syntax is valid
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email)) {
$emailErr = "(Invalid email format)";
}
if (empty($_POST["overview"])) {
$overviewErr = "(Overview is required)";
} else {
$overview = test_input($_POST["overview"]);
}
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$overview)) {
$overview = "(Only letters and white space allowed)";
}
//Email & SEND INFO
$email_message = "Form details below.\n\n";
$email_message .= "First Name: ".clean_string($first_name)."\n";
$email_message .= "Last Name: ".clean_string($last_name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Services: ".clean_string(implode(', ', $service))."\n";
$email_message .= "Overview: ".clean_string($overview)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($email_to, $email_subject, $email_message, $headers);
if ($first_nameErr || $last_nameErr || $emailErr || $overviewErr) {
echo "Thank you for contacting us. We will be in touch with you very soon.";
} else {
echo "There are some errors in your form: " . $first_nameErr . ', ' . $last_nameErr . ', ' . $emailErr . ', ' . $overviewErr;
}
Not sure if that'll fix everything but it should be easier to see what's going on.
Related
The form only works if the user submitting the form is using a .com email address. If the user is using a .com address I receive an email from them containing their form information (content). But, if anyone with another email address for example .co.uk submits the form, it does not send an email to myself (billy#hotmail.co.uk), please help. The enquiry.php code is below:
<?php
$email_to = "billy#hotmail.com";
$firstname = $_POST["firstname"];
$surname = $_POST["surname"];
$telephone = $_POST["telephone"];
$email = $_POST["email"];
$time = $_POST["time"];
if (empty($firstname)) {
show_error("Please fill in your Name - hit back in the browser to correct");
}
if (empty($surname)) {
show_error("Please fill in your Surname - hit back in the browser to correct");
}
if (empty($email)) {
show_error("Please fill in your Email Address - hit back in the browser to correct");
}
if (empty($telephone)) {
show_error("Please fill in your Telephone Number - hit back in the browser to correct");
}
if (empty($time)) {
show_error("Please select a collection time slot - hit back in the browser to correct");
}
$email = htmlspecialchars($_POST['email']);
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email)) {
show_error("E-mail address not valid");
}
$email_from = $_POST["email"];
$message = $_POST["message"];
$email_subject = "Easter 2018 Order Form";
$headers =
"From: $email_from .\n";
"Reply-To: $email_from .\n";
$message =
"First Name: ". $firstname .
"\r\nSurname: " . $surname .
"\r\nTelephone Number: " . $telephone .
"\r\nEmail Address: " . $email .
"\r\nTime Slot: " . $time .
ini_set("sendmail_from", $email_from);
$sent = mail($email_to, $email_subject, $message, $headers, "-f"
.$email_from);
if ($sent) {
header("location:
http://www.billyfarroll.co.uk/thank-you.html");
} else {
echo "There has been an error sending your comments. Please try later.";
}
function check_input($data, $problem='') {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0) {
show_error($problem);
}
return $data;
}
function show_error($myError) {
?>
OK the problem is with your regex.
The thing is that when you use this regex
([\w\-]+\#[\w\-]+\.[\w\-]+)
it will match a result on these kind of address mail
billy#hotmail.co.uk
but the matched result will be
billy#hotmail.co
because you're askin for a_word#a_word.a_word
So the email address is valid according to your code, but isn't existing
You have to recheck your regex.
Maybe try
("/.*#.*\..*/")
Hi I'm trying to install Google Recaptcha onto my contact form. Recaptcha is displaying fine but at the moment the form will submit even if Captcha not attempted.
I've posted the code below, would appreciate any help :)
<?php
/* =====================================================
* change this to the email you want the form to send to
* ===================================================== */
$email_to = ";
$email_subject = "Contact Form submitted";
if(isset($_POST['email']))
{
function return_error($error)
{
echo $error;
die();
}
// check for empty required fields
if (!isset($_POST['name']) ||
!isset($_POST['email']) ||
!isset($_POST['message'])
)
{
return_error('Please fill in all required fields.');
}
// form field values
$name = $_POST['name']; // required
$email = $_POST['email']; // required
$contact_number = $_POST['contact_number']; // not required
$message = $_POST['message']; // required
$enquiry = $_POST['enquiry'];
// form validation
$error_message = "";
// name
$name_exp = "/^[a-z0-9 .\-]+$/i";
if (!preg_match($name_exp,$name))
{
$this_error = 'Please enter a valid name.';
$error_message .= ($error_message == "") ? $this_error : "<br/>".$this_error;
}
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if (!preg_match($email_exp,$email))
{
$this_error = 'Please enter a valid email address.';
$error_message .= ($error_message == "") ? $this_error : "<br/>".$this_error;
}
// if there are validation errors
if(strlen($error_message) > 0)
{
return_error($error_message);
}
// prepare email message
$email_message = "Form details below.\n\n";
function clean_string($string)
{
$bad = array("content-type", "bcc:", "to:", "cc:", "href");
return str_replace($bad, "", $string);
}
$email_message .= "Enquiry Type: ".clean_string($enquiry)."\n";
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Contact number: ".clean_string($contact_number)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
// create email headers
$headers = 'From: '.$email."\r\n".
'Reply-To: '.$email."\r\n" .
'X-Mailer: PHP/' . phpversion();
//var_dump($email_to); var_dump($email_subject); var_dump($email_message); var_dump($headers);
if (mail($email_to, $email_subject, $email_message, $headers))
{
echo 'Form submitted successfully.';
}
else
{
echo 'An error occured. Please try again later.';
die();
}
}
else
{
echo 'Please fill in all required fields.';
die();
}
?>
<?php
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$privatekey = "";
//get verified response data
$param = "https://www.google.com/recaptcha/api/siteverify?secret=".$privatekey."&response=".$_POST['g-recaptcha-response'];
$verifyResponse = file_get_contents($param);
$responseData = json_decode($verifyResponse);
if($responseData->success){
// success
echo "success";
}else{
// failure
echo "failure";
}
}else{
// user didn't enter reCAPTCHA
echo "The reCAPTCHA wasn't entered correctly. Go back and try it again.";
}
?>
Walk through the code carefully, both the outermost if blocks i.e. if(isset($_POST['email'])){ ... and if(isset($_POST['g-recaptcha-response'])... will work independently. You need to place if(isset($_POST['email'])){ ... block inside if(isset($_POST['g-recaptcha-response'])... block, like this:
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$privatekey = "YOUR_PRIVATE_KEY";
//get verified response data
$param = "https://www.google.com/recaptcha/api/siteverify?secret=".$privatekey."&response=".$_POST['g-recaptcha-response'];
$verifyResponse = file_get_contents($param);
$responseData = json_decode($verifyResponse);
if($responseData->success){
// success
$email_to = '';
$email_subject = "Contact Form submitted";
if(isset($_POST['email'])){
function return_error($error){
echo $error;
die();
}
// check for empty required fields
if (!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['message'])){
return_error('Please fill in all required fields.');
}
// form field values
$name = $_POST['name']; // required
$email = $_POST['email']; // required
$contact_number = $_POST['contact_number']; // not required
$message = $_POST['message']; // required
$enquiry = $_POST['enquiry'];
// form validation
$error_message = "";
// name
$name_exp = "/^[a-z0-9 .\-]+$/i";
if (!preg_match($name_exp,$name)){
$this_error = 'Please enter a valid name.';
$error_message .= ($error_message == "") ? $this_error : "<br/>".$this_error;
}
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if (!preg_match($email_exp,$email)){
$this_error = 'Please enter a valid email address.';
$error_message .= ($error_message == "") ? $this_error : "<br/>".$this_error;
}
// if there are validation errors
if(strlen($error_message) > 0){
return_error($error_message);
}
// prepare email message
$email_message = "Form details below.\n\n";
function clean_string($string){
$bad = array("content-type", "bcc:", "to:", "cc:", "href");
return str_replace($bad, "", $string);
}
$email_message .= "Enquiry Type: ".clean_string($enquiry)."\n";
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Contact number: ".clean_string($contact_number)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
// create email headers
$headers = 'From: '.$email."\r\n".
'Reply-To: '.$email."\r\n" .
'X-Mailer: PHP/' . phpversion();
//var_dump($email_to); var_dump($email_subject); var_dump($email_message); var_dump($headers);
if (mail($email_to, $email_subject, $email_message, $headers)){
echo 'Form submitted successfully.';
}else{
echo 'An error occured. Please try again later.';
die();
}
}else{
echo 'Please fill in all required fields.';
die();
}
}else{
// failure
echo "reCAPTCHA failure";
}
}else{
// user didn't enter reCAPTCHA
echo "The reCAPTCHA wasn't entered correctly. Go back and try it again.";
}
How can I make "email" field not mandatory? Even if someone is not filling the field, the form should submit.
In the below code, the "email" field is mandatory.
I tried to add if !isset email field so that the $email_from will get the word "empty", but it didn't work for me.
<?php
if(isset($_POST['name'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "aaaaa#aaaaa.com";
$email_subject = "Messeage from your site";
function died($error) {
?>
<?php
die();
}
// validation expected data exists
if(!isset($_POST['name']) ||
//!isset($_POST['email']) || /* i tried to comment this line, but didnt work. */
!isset($_POST['telephone']))
{
died('We are sorry, but there appears to be a problem with the form you submitted.');
}
$name = $_POST['name']; // required
$email_from = $_POST['email']; // required
$telephone = $_POST['telephone']; // not required
$error_message = "";
$email_exp = '/^[A-Za-z0-9._%-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "First Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
// create email headers
$headers = 'מאת: '.$email_from."\r\n".
'חזור ל: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
?>
<?php
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=thank_you.html">';
exit;
?>
<?php
}
?>
if(!isset($_POST['name']) ||
!isset($_POST['telephone'])){
if(isset($_POST['email'])){
//all code for email inside here
}
}
this should do trick, while $_POST['email'] is empty it should´t bother you anymore.
The preg_match on $email_form makes it required.
If you first check if $email_form is set, and than perform the preg_match it must work.
Like this:
if(!empty($_POST['email'])){
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br/>';
}
} else {
$email_from = '';
}
I did , and it work:
if(!empty($_POST['email'])){
if(!preg_match($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
}
check if email is valid or not using FILTER_VALIDATE_EMAIL in php5
if(isset($_POST['email']))
{
$email = $_POST['email'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo $email." E-mail is not valid.";
}
else
{
echo $email." E-mail is valid.";
}
}
My PHP contact form was recently being used to send spam. Some security measures have since been put in place (please refer to the comments below) and I'm seeking the collective wisdom of others to review the code and to check to make sure it is secure from injection attacks.
Thank you in advance for taking the time to review.
<?php
/* method for validate each input values in case any injection scripts it will ignore */
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
/* honeypot - if hidden field is completed discard form content */
if(!isset($_POST['honeypot']) || $_POST['honeypot'] != '')
{
die("You spammer!\n");
}
else
{
// define variables and set to empty values
$subject = $id = $subcategory = $subcategory = $subcategory_email = $to = $descError = $error =
$remarks = $response= $message= $name = $from = $phone ="";
if(isset($_REQUEST['category']) && $_REQUEST['category']!="")
{
//validate each input values for any injection attacks
$id = test_input($_REQUEST['category']);
$subcategory = test_input($_REQUEST['subcategory']);
$emails = array
(
array("0",""),
array("1","email1#yahoo.com","email2#yahoo.com"),
array("2","email1#yahoo.com","email2#yahoo.com"),
array("3","email1#yahoo.com","email2#yahoo.com"),
array("4","email1#yahoo.com","email2#yahoo.com"),
array("5","email1#yahoo.com","email2#yahoo.com")
);
$value = explode(",", $subcategory);
$subcategory_email = $emails[$id][$value[0]];
$remarks = test_input($_REQUEST['remarks']);
$message = '<html><body>';
$message .= '<table rules="all" style="border-color: #666;" border="1" cellpadding="10">';
$message .= "<tr style='background-color:#F5F5F5;'><th width=25%>Heading </th><th width=75%>Content</th></tr>";
$message .= "<tr><td><b>Category </b></td><td>".$category[$id-1]."</td></tr>";
$message .= "<tr><td><b>SubCategory </b></td><td>".$value[1]."</td></tr>";
$message .= "<tr><td><b>Comments</b></td><td><pre>".$remarks."</pre></td></tr>";
if($response==0)
{
$name = test_input($_REQUEST['name']);
$from = test_input($_REQUEST['email']);
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$from))
{
$emailErr = "Invalid email format";
}
$phone = test_input($_REQUEST['phone']);
$message .= "<tr><td><b>Would you like a response? </b></td><td>Yes</td></tr>";
$message .= "<tr><td><b>Name</b></td><td>".$name."</td></tr>";
$message .= "<tr><td><b>E-Mail</b></td><td>".$from."</td></tr>";
$message .= "<tr><td><b>Telephone</b></td><td>".$phone."</td></tr>";
}
else
{
$from = "noreply#test.com";
$message .= "<tr><td><b>Would you like a response? </b></td><td>No</td></tr>";
}
$subject = "SubCategory ".$value[1];
//Normal headers
$headers = "From: " . strip_tags($from) . "\r\n";
$headers .= "Reply-To: ". strip_tags($subcategory_email) . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$message .= "</table>";
if(mail($subcategory_email, $subject, $message, $headers))
{
include("thanks.php");
$error=6;
}
else
{
echo "mail not sent";
}
}
else
{
echo "<br/>";
$subject = "Sub Category";
$to = "Email1#yahoo.com";
if(empty($_REQUEST['remarks']))
{
$descError = "Enter Description";
$error = 5;
}
else
{
$remarks = test_input($_REQUEST['remarks']);
}
if(test_input($_REQUEST['response'])=="0")
{
$yesDIV = "checked";
$response = "Yes";
if(empty($_REQUEST['name']))
{
$nameError = "Name Required";
$error = 5;
}
else
{
$name = test_input($_REQUEST['name']);
}
$from = $_REQUEST['email'];
if(empty($_REQUEST['email']))
{
$emailError = "Email Required";
$error = 5;
}
else if (!filter_var($from, FILTER_VALIDATE_EMAIL)) {
$emailError = "Valid Email Required";
$error = 5;
}
}
else
{
$noDIV = "checked";
$response = "No";
$bodyDIV = "style='display:none;'";
}
if($error!=5)
{
$phone = test_input($_REQUEST['phone']);
$message = '<html><body>';
$message .= '<table rules="all" style="border-color: #666;" border="1" cellpadding="10">';
$message .= "<tr style='background-color:#F5F5F5;'><th width=25%>Heading </th><th width=75%>Content</th></tr>";
$message .= "<tr><td><b> Comments</b></td><td ><pre>".$remarks."</pre></td></tr>";
$message .= "<tr><td><b>Would you like a response? </b></td><td>".$response."</td></tr>";
$message .= "<tr><td><b>Name</b></td><td>".$name."</td></tr>";
$message .= "<tr><td><b>E-Mail</b></td><td>".$from."</td></tr>";
$message .= "<tr><td><b>Telephone</b></td><td>".$phone."</td></tr>";
$message .= "</table>";
//Normal headers
$headers = "From: noreply#test.com \r\n";
$headers .= "Reply-To: ". strip_tags($from) . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if(mail($to, $subject, $message, $headers))
{
include("thanks.php");
$error=6;
}
else
{
echo "mail not sent";
}
}
}
}
?>
The term "injection" refers to code injection, with code referring to any computer language. Since every computer language is different, the problems and solutions are also different and need to be addressed in a per-language basis. However, you have a generic function that tries to prevent all kind of injections at once and, often, using the worst technique: removing user data.
For instance:
$headers = "From: " . strip_tags($from) . "\r\n";
What sense does it make to take an e-mail address and remove HTML tags from it to compose an e-mail header?
$data = htmlspecialchars($data);
You apply this to e.g. $_REQUEST['email']. Why would you want to insert HTML entities in an e-mail address?
In your code I see two potential sources for injection:
HTML - When you inject user data into HTML you need to ensure that user data is handled as plain text (i.e. whatever the user typed is not rendered as HTML). You can use htmlspecialchars(). You kind of do that but it's really hard to be sure.
E-mail headers - mail()'s fourth argument allows to define mail headers. Injecting raw user input there (which is possibly what's happening now) allows to hide the complete message body, replace it with anything else and even select new recipients. You basically have to strip new lines (again, it's hard to say whether you're doing it right...).
Sending e-mail with PHP is hard. It's better to skip good old mail() and use a third-party library like PHPMailer or Swift Mailer.
This question already has answers here:
How to do email form with multiple recipients and different body?
(3 answers)
Closed 9 years ago.
I have one contact form, when user submit all value will send(email) to admin.But now i want to do when user submit admin will receive the email and user also will receive an email but with different body.
here my previous code :
<?php
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "admin#gmail.com";
$email_subject = "Lifemailer Sales Enquiry";
$email_to_user= "Name: ".clean_string($name)."\n";
function died($error) {
// your error code can go here
$URL = "error.html";
header("Location: $URL");
die();
}
// validation expected data exists
if(!isset($_POST['name']) ||
!isset($_POST['contact']) ||
!isset($_POST['email']) ||
!isset($_POST['email_sub']) ||
!isset($_POST['remarks'])) {
died('We are sorry, but there appears to be a problem with the form your
submitted.');
}
$name = $_POST['name']; // not required
$contact = $_POST['contact']; // required
$email = $_POST['email']; // required
$email_sub = $_POST['email_sub']; // required
$remarks = $_POST['remarks']; // required
$error_message = "";
$string_exp = "^[a-z .'-]+$";
if(!eregi($string_exp,$name)) {
$error_message .= 'The Name you entered does not appear to be valid.<br />';
}
$string_exp = "^[0-9 .-]+$";
if(!eregi($string_exp,$contact)) {
$error_message .= 'The Contact Number you entered does not appear to be valid.
<br />';
}
$email_exp = "^[A-Z0-9._%-]+#[A-Z0-9.-]+\.[A-Z]{2,4}$";
if(!eregi($email_exp,$email)) {
$error_message .= 'The Email Address you entered does not appear to be valid.
<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Contact Number: ".clean_string($contact)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Email Subject : ".clean_string($email_sub)."\n";
$email_message .= "Remarks/Enquiry : ".clean_string($remarks)."\n";
// create email headers
$headers = 'From: '.$email."\r\n".
'Reply-To: '.$email."\r\n" .
'X-Mailer: PHP/' . phpversion();
#mail($email_to, $email_subject, $email_message, $headers);
$URL = "thank-you.html";
header("Location: $URL");
?>
Thank you for contacting us. We will be in touch with you very soon.
<?
}
?>
In the same way you can send a second mail with different subject, email_to, email_message after sending it to admin.
just concatenate
$email_to = ' admin#gmail.com ' . ',' ;
$email_to . = ' admin#gmail.com ' ;