In the previous tutorial, you saw how simple it is to capture and display submitted form data. In this tutorial, you'll learn to create a basic contact form for your website where users can provide comments and feedback via email. We'll utilize the PHP mail() function for sending emails.
We'll also implement essential security measures such as sanitizing and validating user inputs. This ensures that users can't input potentially harmful data that could compromise website security or cause application errors.
Below is a comprehensive PHP script that:
*) are missing or inputs are incorrect, it redisplays the form with error messages.Copy and save the following code into "contact.php" in your project's root directory:
<?php
// Functions to filter user inputs
function filterName($field){
// Sanitize user name
$field = filter_var(trim($field), FILTER_SANITIZE_STRING);
// Validate user name
if(filter_var($field, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+$/")))){
return $field;
} else{
return FALSE;
}
}
function filterEmail($field){
// Sanitize e-mail address
$field = filter_var(trim($field), FILTER_SANITIZE_EMAIL);
// Validate e-mail address
if(filter_var($field, FILTER_VALIDATE_EMAIL)){
return $field;
} else{
return FALSE;
}
}
function filterString($field){
// Sanitize string
$field = filter_var(trim($field), FILTER_SANITIZE_STRING);
if(!empty($field)){
return $field;
} else{
return FALSE;
}
}
// Define variables and initialize with empty values
$nameErr = $emailErr = $messageErr = "";
$name = $email = $subject = $message = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate user name
if(empty($_POST["name"])){
$nameErr = "Please enter your name.";
} else{
$name = filterName($_POST["name"]);
if($name == FALSE){
$nameErr = "Please enter a valid name.";
}
}
// Validate email address
if(empty($_POST["email"])){
$emailErr = "Please enter your email address.";
} else{
$email = filterEmail($_POST["email"]);
if($email == FALSE){
$emailErr = "Please enter a valid email address.";
}
}
// Validate message subject
if(empty($_POST["subject"])){
$subject = "";
} else{
$subject = filterString($_POST["subject"]);
}
// Validate user comment
if(empty($_POST["message"])){
$messageErr = "Please enter your comment.";
} else{
$message = filterString($_POST["message"]);
if($message == FALSE){
$messageErr = "Please enter a valid comment.";
}
}
// Check input errors before sending email
if(empty($nameErr) && empty($emailErr) && empty($messageErr)){
// Recipient email address
$to = 'webmaster@example.com';
// Create email headers
$headers = 'From: '. $email . "\r\n" .
'Reply-To: '. $email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
// Sending email
if(mail($to, $subject, $message, $headers)){
echo '<p class="success">Your message has been sent successfully!</p>';
} else{
echo '<p class="error">Unable to send email. Please try again!</p>';
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Contact Form</title>
<style type="text/css">
.error{ color: red; }
.success{ color: green; }
</style>
</head>
<body>
<h2>Contact Us</h2>
<p>Please fill in this form and send us.</p>
<form action="contact.php" method="post">
<p>
<label for="inputName">Name:<sup>*</sup></label>
<input type="text" name="name" id="inputName" value="<?php echo $name; ?>">
<span class="error"><?php echo $nameErr; ?></span>
</p>
<p>
<label for="inputEmail">Email:<sup>*</sup></label>
<input type="text" name="email" id="inputEmail" value="<?php echo $email; ?>">
<span class="error"><?php echo $emailErr; ?></span>
</p>
<p>
<label for="inputSubject">Subject:</label>
<input type="text" name="subject" id="inputSubject" value="<?php echo $subject; ?>">
</p>
<p>
<label for="inputComment">Message:<sup>*</sup></label>
<textarea name="message" id="inputComment" rows="5" cols="30"><?php echo $message; ?></textarea>
<span class="error"><?php echo $messageErr; ?></span>
</p>
<input type="submit" value="Send">
<input type="reset" value="Reset">
</form>
</body>
</html>You might wonder what the code was doing. Let's dive right in.
filterName() function (line no-03) validates input as a person's name. A valid name can only consist of alphabetical characters (a-z, A-Z).filterEmail() function (line no-14) validates input as an email address.filterString() function (line no-25) sanitizes input by removing HTML tags and special characters. It doesn't validate the input against any criteria.action="contact.php" attribute (line no-111) within the <form> tag specifies that the same contact.php file both displays the form and processes its data.value attribute of <input> and <textarea> tags, like <?php echo $name; ?>, displays prefilled values when the form is redisplayed due to validation errors..error class, e.g., <span class="error"><?php echo $nameErr; ?></span>, displays errors for the corresponding field.Everything else has been covered in previous chapters. To learn more about sanitization and validation filters, please refer to the PHP Filter reference.
Note: Setting up a mail server on your machine is necessary for the PHP mail() function to function properly. If you only intend to implement form validation, you can replace the mail section (lines 81 to 94) with your own custom code.
Sign up to receive the latest updates and exclusive offers right in your inbox.