This is my first time using PHP in a webpage. I am trying to set up a PHP based email form, but I am having some problems. The script seems to be working properly, but when I try to use the form I recieve the error message I created telling me that my email could not be sent. The message appears in a new page.

I would like to find out why the script is not being able to send messages to my email and I would like to find a way to have messages print to the screen like pop-up errors I would typically get on my computer, instead of in a new page.

My current PHP script looks like the following:

<?php
$to = "MY EMAIL HERE" ;
$from = $_REQUEST['Email'] ;
$name = $_REQUEST['Name'] ;
$headers = "From: $from";
$subject = "Form Submission";
$fields = array();
$fields{"Name"} = "Name";
$fields{"Email"} = "Email";
$fields{"Message"} = "Message";
$body = "We have received the following information:\n\n";
foreach($fields as $a => $b){ $body .= sprintf("%20s: %s\n",$b,$_REQUEST[$a]); }
$headers2 = "From: ME";
$subject2 = "Thank you for contacting us";
$autoreply = "Thank you for contacting us. Somebody will get back to you as soon as possible. If you have any more questions, please feel free to resubmit the contact form at any time.";
if($from == '') {print "You have not entered an email, please go back and try again";}
else {
if($name == '') {print "You have not entered a name, please go back and try again";}
else {
$send = mail($to, $subject, $body, $headers);
$send2 = mail($from, $subject2, $autoreply, $headers2);
if($send)
{print "Your message has been sent successfully. Thank you!";}
else
{print "We encountered an error sending your mail. Please make sure all fields are filled out correctly or try again later. Thank you."; }
}
}
?>

Any thoughts/suggestions/corrections would be appreciated. Thank you in advance.

You need to throw this code and use $_POST instead of $_REQUEST.
If you want to do a desktop like app use ajax....
Anyway here is a the correct headers for the mail function... also note that mail() can be hacked from user input per php docs.


$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=utf-8\r\n";
$headers .= 'From: "My site" <info@domain.com>';

Yes, if this code is anywhere on a publicly available web site take it down immediately - it's an open invitation to spammers to exploit with email header injection (http://en.wikipedia.org/wiki/E-mail_injection).
$from = $_REQUEST['Email'] ;
$name = $_REQUEST['Name'] ;
$headers = "From: $from";

There are plenty of simple php mail scripts around - find one that cleans the user-submitted information thoroughly before using it in the mail headers.

Edit: or better, use a library like phpmailer (http://phpmailer.sourceforge.net/).

Yes, if this code is anywhere on a publicly available web site take it down immediately - it's an open invitation to spammers to exploit with email header injection (http://en.wikipedia.org/wiki/E-mail_injection).


There are plenty of simple php mail scripts around - find one that cleans the user-submitted information thoroughly before using it in the mail headers.

Edit: or better, use a library like phpmailer (http://phpmailer.sourceforge.net/).
Agreed, PHPMailer all the way. It's probably one of the most commonly used PHP Mail libraries out there.

Thank you for all the help! I am glad I posted the source up here. I had no idea it was so easily exploitable. I am now attempting to use phpmailer, but I am somewhat confused with the installation. I am using the free T35 hosting right now, just to test the service (it seems pretty good so far). Am I supose to simply upload the phpmailer files I downloaded and follow the tutorial instructions from there, or is there something more I need to do to make this work? Sorry for being so green with all this. :rolleyes: Any help is appreciated!

- Just wanted to note...all I am trying to do is get a name, e-mail address, and small message from potential clients. Pretty simple. Thought maybe this info could help a bit.

I rewrote my php doc based on two tutorials for php contact forms I found here in the Programming Tutorials forum. I would appreciate it if someone could look over it and comment on safety and errors. Thanks! :wavey:


<?php
$to = "myemailhere" ;
$from = Trim(stripslashes($_POST['Email']));
$name = Trim(stripslashes($_POST['Name']));
$subject = "Form Submission";
$message = Trim(stripslashes($_POST['Message']));
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=utf-8\r\n";

$validationOK=true;
if (Trim($from)=="") $validationOK=false;
if (Trim($name)=="") $validationOK=false;
if (Trim($message)=="") $validationOK=false;
if (!$validationOK)
{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.html\">";
exit;
}

$Body = "";
$Body .= "Name: ";
$Body .= $name;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $from;
$Body .= "\n";
$Body .= "Messsage:";
$Body .= $message;
$Body .= "\n";

$headers2 = "From: MYDOMAIN";
$subject2 = "Thank you for contacting us";
$autoreply = "Thank you for contacting us.";

if(empty($email) || empty($name) || empty($message))
{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.html\">";
}

elseif(!eregi('^([._a-z0-9-]+[._a-z0-9-]*)@(([a-z0-9-]+\.)*([a-z0-9-]+)(\.[a-z]{2,3})?)$', $from))
{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.html\">";
}

else
{
$send = mail($to, $subject, $body, $headers);
$send2 = mail($from, $subject2, $autoreply, $headers2);
if($send)
{
print "<meta http-equiv=\"refresh\" content=\"0;URL=sent.html\">";
}
else
{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.html\">";
}
}
?>