I don't know what I'm doing wrong. I am trying to use PHP to make a contact me form. Here is the code:
<?php
if($_POST["submit"]) {
$recipient="qdpicks@gmail.com";
$subject="Form to email message";
$Name=$_POST["Name"];
$Email=$_POST["Email"];
$Reason=$_POST["Reason"];
$Message=$_POST["Message"];
$mailBody="Name: $Name
Email: $Email
$Reason $Message";
mail($recipient, $subject, $mailBody, "From: $Name <$Email>");
$thankYou="<p>Thank you! Your message has been sent.</p>";
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="QDPicks.css">
<title> QDPicks</title>
</head>
<body>
<header>
<a class="btn btn-primary btn-lg" href="QDPicks.html" role="button">Home</a>
<a class="btn btn-sample btn-lg active pull-right" href="QDPicksContactUs.html" role="button">Contact Us</a>
<a class="btn btn-sample btn-lg pull-right" href="QDPicksCompany.html" role="button">Company</a>
<a class="btn btn-sample btn-lg pull-right" href="QDPicksProducts.html" role="button">Products</a>
</header>
<header><p1>Contact Us</p1></header>
<form method="post" action="QDPicksContactUs.php >
<div class="form-group">
<label for="InputReason1"></label>
<input type="text" class="form-control" id="InputReason1" name="Name">
<label for="exampleInputEmail1"></label>
<input type="email" class="form-control" id="exampleInputEmail1" name="Email">
<label for="InputReason1"></label>
<input type="text" class="form-control" id="InputReason1" name="Reason">
</div>
<div class="form-group">
<textarea type="text" class="form-control" rows="3" name="Message"> </textarea>
<p3 class="help-block">Explain on the reason for contact.</p3>
</div>
<div class="checkbox">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
<script src="https://code.jquery.com/jquery-1.12.0.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"> </script>
</body>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
</html>
When I put my info in and hit submit the data goes away like it has sent an email but no email has come in. Also sorry - for some reason some of the code got cut off but it isn't any crucial parts.
You forget to put " after action="QDPicksContactUs.php
Replace your tag with this line
<form method="post" action="QDPicksContactUs.php" >
May be your code works after this change
First of all there is a missing double quote here
<form method="post" action="QDPicksContactUs.php >
Also there is no need to give the page name in the action if you are posting at the same page.
Add name in tag like:
<button name="submit" type="submit" class="btn btn-default">Submit</button>
Finally replace if($_POST["submit"]) with if(isset($_POST["submit"]))
Also, are you running your code on localhost?
Let's focus on the code that sends the email. Please read my comments.
if($_POST["submit"]) {
// you probably shouldn't post a real email here on SO
$recipient="qdpicks@gmail.com";
$subject="Form to email message";
// you should validate this field if you are sticking it in your mail headers as you do below.
$Name=$_POST["Name"];
// you should DEFINITELY validate this before trying to send mail
$Email=$_POST["Email"];
$Reason=$_POST["Reason"];
$Message=$_POST["Message"];
$mailBody="Name: $Name
Email: $Email
$Reason $Message";
// first, you don't even bother checking to see if this returns TRUE
// secondly, because you don't validate $Name or $Email, this command is vulnerable to Mail Header Injection
mail($recipient, $subject, $mailBody, "From: $Name <$Email>");
$thankYou="<p>Thank you! Your message has been sent.</p>";
}
So your form is bad because you don't validate anything, you don't check to see of the mail command actually returned a successful result, and it's vulnerable to Mail Header Injection.
First, validate the $Name:
$Name=$_POST["Name"];
if (!preg_match('/^[a-zA-Z_\-]+$/', $Name)) {
die("sorry! Name is not valid");
}
Second, validate $Email
$Email = $_POST["Email"];
if (!filter_var($Email, FILTER_VALIDATE_EMAIL)) {
die("Sorry, email is not valid");
}
Third, check the result of your mail function. If it returns FALSE or an otherwise empty value, something went wrong -- although we probably won't be able to find out what without asking a sysadmin to look at a mail log.
if (!mail($recipient, $subject, $mailBody, "From: $Name <$Email>")) {
die("OH NO. The mail function did not work.");
}
Consider reading the manual on the mail function:
Returns TRUE if the mail was successfully accepted for delivery, FALSE otherwise.
It is important to note that just because the mail was accepted for delivery, it does NOT mean the mail will actually reach the intended destination.