Lesson 8 - E-mail form in PHP

PHP Basic constructs E-mail form in PHP

In the previous lesson, More on Conditions in PHP - Casting, composing, and switches, we finished up learning about conditions in PHP. In today's lesson, we're going to be making an e-mail form as promised. Anyone who visits our website will be able to enter a message and the form will send it to us via e-mail. It's a very useful widget for our website and helps our visitors contact us easily.

The HTML part

The application will be split up into 2 parts as always. In this case, both parts will be in the same file - mailform.php. Mainly because we want to be able to access the form while processing its data. If the user fills something in wrong, we'll print an error message above the form.

The HTML part will contain a form with the following fields:

  • Name - The visitor's name (in order to know who's contacting us)
  • E-mail address - The visitor's e-mail address (to be able to reply to him/her)
  • Message - The message that the visitor entered
  • Anti-spam filter - Spam protection

All of the above should be clear to you all, except for the anti-spam filter. Let's talk about spam before we move on.

Spam

When you upload a page that contains a form to the Internet, after some time, bots will appear send ads through the form. This is mainly due to the form needing to send data to an external source. If a bot inserts a URL into the form, mostly pornography, and loans, the visitors would be sent to the ad's URL.

We can defend against spam very effectively at this point in time. We use Turing tests, commonly known as Captchas, to protect web forms from bots. The whole point is to ask a question that could only be answered by a human being. The first wave of captchas displayed images with a few letters and numbers on it and took it for granted that spam bots couldn't read images. As time passed, spammers developed substantially effective OCR readers that could read images even better than humans do. What we will do is keep it simple and secure because there is nothing easier than to ask a question that spam-bots can't answer. "What's the current year?" will do the trick for us.

Form

Now, let's go ahead and create a new project. The code for an HTML site with a form looks something like this:

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Contact form</title>
    </head>
    <body>
        <p>You can contact me by using form below.</p>

        <form method="POST">
            <table>
                <tr>
                        <td>Your name</td>
                        <td><input name="name" type="text" /></td>
                </tr>
                <tr>
                        <td>Your e-mail</td>
                        <td><input name="email" type="email" /></td>
                </tr>
                                <tr>
                        <td>Current year</td>
                        <td><input name="abc" type="number" /></td>
                </tr>
                </table>
                <textarea name="message"></textarea><br />

            <input type="submit" value="Send" />
        </form>

    </body>
</html>

The result:

Contact form
localhost/mailĀ­form.php

I placed the form fields on a table so that it would be aligned properly. Doing so is a common approach used to style a form quickly. As you may have noticed, the form lacks an action parameter that submits the data in the same .php file. The field for entering the current year is labeled "abc" to be more confusing for robots (feel free to choose your own input name).

The PHP part

At the very beginning of the file, we'll add in the PHP directive so that we can get right to programming:

<?php

?>

Validation

Remember that every form absolutely must have some sort of validation. Validations check whether a form is filled in properly. We still haven't gone over what is necessary in order to check whether the entered values are correct, but you do know enough to check whether they're empty or not.

Other than empty fields, there is another problem we could easily run into - unsubmitted forms. We have to keep in mind that people might pull the form up and not submit it. Remember that we have both the processing and the rendering located in the same script, so the user is able to display the form and not submit it. Based on what you learned in the previous lesson, you know that when we write:

if ($_POST)

The condition would only be true if the array is not empty.

We should be also aware that the form could also have been left unsubmitted entirely. We'll have to check whether all of the necessary variables are present in the $_POST array. For that, we use the isset() function.

BEWARE! - Lots of beginners use the following code for form validation:

if ($_POST['name'])
{
        // ...
}

Doing so is totally wrong and if the form wasn't submitted PHP will print a very nasty error since we'd be trying to read from a non-existing variable. The same people who do this usually "solve" the error by turning off PHP error reporting instead of fixing the code. You will later find them on forums asking why they can't find mistakes in their code anymore. Save yourself the grief and don't be like them :)

While on the topic of error reporting, your local server (your desktop computer) has to have it turned ON and the production server (the one on the Internet) has to have it OFF. This configuration allows you to find most errors and prevent attackers from breaking your application thanks to visible error messages. Error reporting can be turned on/off in php.ini. However, in some cases, you won't have access to it on the production server (for which you will have to go through your web host administration panel to do the needed changes).

Here is a more appropriate way of validating a form:

$notice = "";
if ($_POST) // There is something in _POST array and the form was submitted
{
        if (isset($_POST['name']) && $_POST['name'] &&
                isset($_POST['email']) && $_POST['email'] &&
                isset($_POST['message']) && $_POST['message'] &&
                isset($_POST['abc']) && $_POST['abc'] == date('Y'))
        {
                // Then we'll send the email...
        }
        else
                $notice = "The form was not filled properly";
}

The entire code is wrapped in a condition that checks whether anything was sent to $_POST at all. If nothing was submitted, it will not process anything. The next condition checks whether each field has been submitted and contains text. Here, we also check whether the entered year is the current one. As you may have guessed, the $notice variable is for when the user in cases a validation wasn't successful. The notice is later printed in the HTML part of the script.

Processing

Sending the e-mail itself is relatively straightforward. To do so, we use the mb_send_mail() function which supports UTF-8 encoding (which the mail() function does not). We'll talk about functions with the "mb_" prefix later. For now, all you need to know is that you will most likely need to set-up an encoding at the very beginning of the file before using them:

<?php
mb_internal_encoding("UTF-8");

Now, let's move add content to the condition that validates the forn, send the e-mail, and set the $notice variable:

$header = 'From:' . $_POST['email'];
$header .= "\nMIME-Version: 1.0\n";
$header .= "Content-Type: text/html; charset=\"utf-8\"\n";
$address = '[email protected]';
$subject = 'New e-mail form message';
$success = mb_send_mail($address, $subject, $_POST['message'], $header);
if ($success)
{
        $notice = 'E-mail was successfully sent, I will respond as soon as I can.';
}
else
        $notice = 'E-mail was not sent, make sure you have entered your email address correctly.';

An email header requires several variables, an address to send the email to (use your own) and a subject. Don't worry about the header. All it is is the specifications that the email requires, nothing more to it. The main thing here is the variable on the first line that holds the sender's address. The e-mail will look like it was sent from that address even though it was sent by our code from our website. The mb_send_mail() function returns true when an e-mail was successfully sent and false if it wasn't. We store its value in the $success variable and assign the $notice based on the result.

Modifying the form

Let's move back to our form. We'll insert another PHP directive right above the form tag. Here, we'll print the $notice variable, after checking whether it is empty:

<?php
        if ($notice)
                echo('<p>' . $notice . '</p>');
?>

Done! Your form is now able to send e-mails and display whether the action was successful or not. You might need to upload it to your web host in order for it to work. In XAMPP, the default e-mail sending settings will not work unless you set it up manually. If you have trouble setting it up, don't worry, just upload the script to a web host and try it online.

Contact form
localhost/mailĀ­form.php

In the next lesson, Improving the e-mail form in PHP, we'll finish working on this form. If you feel like you got any part of today's lesson wrong, the code can be downloaded below.


 

Download

Downloaded 81x (1.17 kB)
Application includes source codes in language PHP

 

 

Article has been written for you by David Capka
Avatar
Do you like this article?
1 votes
The author is a programmer, who likes web technologies and being the lead/chief article writer at ICT.social. He shares his knowledge with the community and is always looking to improve. He believes that anyone can do what they set their mind to.
Unicorn College The author learned IT at the Unicorn College - a prestigious college providing education on IT and economics.
Activities (10)

 

 

Comments

Avatar
Tabish Ali
Member
Avatar
Tabish Ali:2/8/2017 6:16

having problem with my code sir . i have uploaded my script in web server to execute , but encountered a problem.

Reply 2/8/2017 6:16
there is no limit to learn.
Avatar
David Capka
ICT.social team
Avatar
Replies to Tabish Ali
David Capka:2/8/2017 6:45

You cannot send emails from free hosting services. You have to buy a webhosting, it's very cheap, check e.g. HostGator - http://www.hostgator.com/

Reply 2/8/2017 6:45
You can walk through a storm and feel the wind but you know you are not the wind.
Avatar
Tabish Ali
Member
Avatar
Replies to David Capka
Tabish Ali:2/8/2017 6:46

ok thanks...

Reply 2/8/2017 6:46
there is no limit to learn.
Avatar
Nasiru Deen
Member
Avatar
Nasiru Deen:9/13/2017 14:29

when i click on send button from my form page, my emailform.php comes empty from my server. i thought i will recieve the "E-mail was successfully sent, I will respond as soon as I can"

 
Reply 9/13/2017 14:29
Avatar
Nasiru Deen
Member
Avatar
Replies to Nasiru Deen
Nasiru Deen:9/13/2017 14:58

Oh Good!, I have figured it out thanks

 
Reply 9/13/2017 14:58
Avatar
John Dooe
Member
Avatar
John Dooe:3. August 12:29

i discover this site yesterday and so far i found the content here very interesting i am not able to do online payment so i will just skip the premium content with the hope that i don't get confuse as i move on. will definitely come back everyday and learn as long as i could.

Reply 3. August 12:29
Life is simple, don't make it complicated.
Avatar
David Capka
ICT.social team
Avatar
Replies to John Dooe
David Capka:3. August 14:56

Is there any problem with the payment or you don't have money?

Reply 3. August 14:56
You can walk through a storm and feel the wind but you know you are not the wind.
Avatar
John Dooe
Member
Avatar
John Dooe:3. August 15:43

i leave in a country where it is hard to make online payment mostly due to scamming and i currently don't have any bank account, service like paypal and the likes are not officially allowed here, most of the online payments are done here via visa or master card.
I'm going to open an account in the coming months. Even though i currently don't have any revenues, i will be able to at least afford buy points until then will learn free the stuff.

Reply 3. August 15:43
Life is simple, don't make it complicated.
To maintain the quality of discussion, we only allow registered members to comment. Sign in. If you're new, Sign up, it's free.

8 messages from 8 displayed.