Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

How To Create a Simple Contact Us Page in PHP

Every website should have a "Contact Us" form, with spam as horrific as it is in this day age webmasters can no longer feel safe just pasting there email address on the websites. I created what I consider to be a bare bones contact us form, which you can see a very similar example of. Also, make sure to scroll past the source code to view some recommended changes and additions to the form.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<html>
<body>
 
<?php
if (isset($_POST['Name'])) {
   $message = '';
   foreach ($_POST as $key => $value) {
      $message .= '<b>'.$key.':</b> '.nl2br(htmlspecialchars(trim($value)))."<br>\n";
   }
 
   $to = 'example@example.com';
   $from = 'example@example.com';
 
   $subject = 'New Message: '.$_POST['subject'];
 
   $headers  = 'MIME-Version: 1.0' . "\n";
   $headers .= 'Content-type: text/html; charset=UTF-8'."\n";
   $headers .= 'From: '. $from ."\n";
   $headers .= 'Reply-To: '. $from ."\n";
   $headers .= 'Return-Path: '. $from ."\n";
 
   mail($to, $subject, $message, $headers);
   echo '<b>Your message has been sent</b>';
   exit();
}
?>
 
<form method="post" action="<? echo $_SERVER['REQUEST_URI'] ?>">
<table>
<tr>
   <td align="right">Name:</td>
   <td><input type="text" name="Name" value=""></td>
</tr>
<tr>
   <td align="right">Email Address:</td>
   <td><input type="text" name="Email" value=""></td>
</tr>
<tr>
   <td align="right">Subject:</td>
   <td><input type="text" name="Subject" value=""></td>
</tr>
<tr>
   <td align="right">Message:</td>
   <td><textarea name="Message" rows="10" cols="30"></textarea></td>
</tr>
<tr>
   <td>&nbsp; </td>
   <td><input type="submit" value="Send Message"></td>
</tr>
</table>
</form>
 
</body>
</html>

Recommended changes to the above script

  • Add additional fields, I used a for each loop for a reason, so you can add as many fields as you want to without having to add them individually to the email message. For example, if we wanted to allow the user to enter their order number we can just add the following at line 38:
    38
    39
    40
    41
    
    <tr>
       <td align="right">Order Number:</td>
       <td><input type="text" name="OrderNumber" value=""></td>
    </tr>
  • Add additional data, it’s always a good idea to copy the users IP address and username (if they are logged in). One thing I like to do is append this additional information into the message. For example, if my site relies on sessions, I would append that to my emails, which you can accomplish by adding this:
    $message .= "<hr><pre>". print_r($_SESSION, true) ."</pre>";

    If your site uses cookies, then you can replace $_SESSION with $_COOKIES and for overkill if you wanted to record the server data you could also append the $_SERVER data.

  • Verify data before sending it, all of the info that the user entered above was never checked for accuracy. Obviously we can never make a foolproof checker, but we can eliminate 99% of common mistakes (IMO). There’s the simple and the more advanced method of verifying user input, they are…
    • Checking string length using the strlen function. For example, let’s take the shortest email address we can think of that would still be technically valid, x@x.ca this comes out to 6 characters. So trimming off any white space
      if (strlen(trim($_POST['Email'])) < 6)

      then we know we have an invalid email address. We might also want to check that the name, message, etc length is at least 2 characters long.

    • Regular expressions can be used to verify that accurate information was entered. For example, if we wanted to check for an email address we could do that by doing something similar to
      $isValidEmailAddr = ereg('^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$', $_POST['Email']);

      if this is true, then we have a valid email address. Just remember, that not all regular expressions are created equally.

  • Add a free CAPTCHA to prevent being flooded with spam. Add this little captcha at the end of the form and if it’s not entered correctly you will need to refill in all of the users old information into the form

Leave a Reply