I've been trying to make a php form, so users can send email. But due to my lack of php knowledge at this point, this is a bit hard to solve. So i've gathered some finished snippets of code, but it still does not work.
Heres the php code that i have in a file named "submit.php"
<?php
if(isset($_POST['submit'])){
$to = "example@example.com"; // this is your Email address
$from = $_POST['email']; // this is the sender's Email address
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$subject = "Form submission";
$subject2 = "Copy of your form submission";
$message = $first_name . " " . $last_name . " wrote the following:" . "
" . $_POST['message'];
$message2 = "Here is a copy of your message " . $first_name . "
" . $_POST['message'];
$headers = "From:" . $from;
$headers2 = "From:" . $to;
mail($to,$subject,$message,$headers);
mail($from,$subject2,$message2,$headers2); // sends a copy of the message to the sender
echo "Mail Sent. Thank you " . $first_name . ", we will contact you shortly.";
// You can also use header('Location: thank_you.php'); to redirect to another page.
}
?>
And heres the "form.php" that i have the html form in
<?php include('submit.php') ?>
<div class="main-wrapper">
<section class="contact-form">
<form action="" method="POST">
<h1>Contact</h1>
<fieldset>
<input maxlength="30" type="text" name="first_name" placeholder="John" required><br>
<input maxlength="30" type="text" name="last_name" placeholder="Smith" required><br>
<input maxlength="30" type="email" name="email" placeholder="john_doe@example.com" required>
</fieldset>
<fieldset>
<textarea maxlength="300" placeholder="Write your text here...." id="message" name="message" cols="40" rows="6" required></textarea>
<button name="submit" type="submit">Send Message</button>
</fieldset>
</form>
</section>
And also someone told me that there is no security for the form, "because it does not strip html tag"
And how to i fix that?
Your server should have the Sendmail configured or a different mail server.
To strip HTML you can use $message = strip_tags($message); $message2 = strip_tags($message2);
Or you can use htmlspecialchars to convert special chars to HTML entities.
Your form isn't submitting to the PHP script
change
<form action="" method="POST">
to
<form action="submit.php" method="POST">
Edit: I see you're including submit.php, so you might want to do this
<form action="form.php" method="POST">
This syntax has worked for me for many years:
In "From: $from<> "; the <> is where the name would normally go. Leave it there even if blank.
$mailheaders = "From: $from<>
";
$mailheaders .= "Reply-To: No1@noone.com
";
mail($to,$subject, $message, $mailheaders, "-fmailer@yoursite.com");
Also, in addition to adding error reporting and server configuration, your header needs additional properties. Otherwise, the email will end up in SPAM if sent at all. Consider added the following header information.
/* well formed hearder */
$headers = 'From: '.$senderemail."
";
$headers .= 'Reply-To: '.$senderemail."
";
$headers .= 'Return-Path: '.$senderemail."
";
/* additional header */
$headers .= 'MIME-Version: 1.0'."
";
$headers .= 'Content-Type: text/plain;'."
";
$headers .= 'X-Mailer: PHP/'.phpversion()."
";
Finally, you can use a comma delimited list in the $to attribute. So rather than running mail() twice, concatinate your to addresses.
$to = "john_doe@example.com,example@example.com";