Decent contact form! Review

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
User avatar
iFlex
Forum Commoner
Posts: 41
Joined: Sat May 30, 2009 3:44 am

Decent contact form! Review

Post by iFlex »

Ok this is the best contact form ever and it so I think ill share it with you.

It sends an email (Normaly via your webhosts mail server) with the contacts name, email, message and IP address.
Im work on anti-spam code for well anti-spam.

Code: Select all

<?php 
if(isset($_POST['contact'])) 
//Uses the isset function to determine if the forms been posted or not. 
{ 
$name = $_POST['name']; 
$email = $_POST['email']; 
$subj = $_POST['subj']; 
$msg = $_POST['msg']; 
$ip = $_SERVER['REMOTE_ADDR']; 
//Creates variables for the post data and the users ip address. 
if(!$name || !$email || !$msg) 
//Checks for blank fields. 
{ 
die("Error! Some fields were left blank! Please go back."); 
//Alert the user. and kill the script. 
} 
else 
//There's no blank fields so we continue.. 
{ 
$mail = "YOUREMAILHERE!"; 
//Change to youe email address.. 
$subject = "Contact from $name ($subj)"; 
//The subject of the email.. 
$messg = " 
Name: $name 
Email Address: $email 
IP Address: $ip\n 
Message: 
$msg"; 
//The email message.. 
mail("$mail", $subject, $messg); 
//Uses the mail function to send the email. 
echo("Thank you message here.."); 
//The thank you message. 
} 
} 
else 
//The form hasn't been submitted.. 
{ 
echo("<p align=\"center\"><strong>Contact us..</strong></p> 
<p>Use the form below to submit your queries directly to our inbox.</p> 
<p><form method=\"post\"> 
<table width=\"600\" cellspacing=\"2\" cellpadding=\"0\"> 
<tr><td width=\"150\">Your Name:</td> 
<td width=\"450\"><input type=\"text\" name=\"name\" size=\"30\" /></td></tr> 
<tr><td width=\"150\">Email Address:</td> 
<td width=\"450\"><input type=\"text\" name=\"email\" size=\"30\" /></td></tr> 
<tr><td width=\"150\">Subject:</td> 
<td width=\"450\"><select name=\"subj\"> 
<option>Option 1..</option> 
<option>Option 2..</option> 
<option>Option 3..</option></select></td></tr> 
<tr><td width=\"150\">Your Message:</td> 
<td width=\"450\"><textarea name=\"msg\" cols=\"50\" rows=\"7\"></textarea></td></tr> 
<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"contact\" value=\"Contact Us\" /></td></tr> 
</table></form></p>"); 
//The form.. 
} 
?>
Things you need to change:

Your email, where is sais YOUREMAIL here change that to your email.

Options, 10, 9, 8th line from the bottom are options, change theese to something like, general issue, important matter, other...

The thankyou message- Change it to something like 'Thankyou for your email'
And thats it I think.

Enjoy

-Flex
Last edited by iFlex on Sun May 31, 2009 4:35 am, edited 2 times in total.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Very good contact form!

Post by onion2k »

No validation of the content, inflexible design, lack of quoting or cleansing of data, die()ing if the user misses required fields (seriously?), no indication of which fields are required, table based HTML layout, horrible variable names ($messg? Why not $message?)...

That's one of the worst contact forms I've seen in a long time.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Very good contact form!

Post by Christopher »

onion2k wrote:That's one of the worst contact forms I've seen in a long time.
Well .... not the worst ... but close.

I think cleaning and escaping the input is a must have change. The whole thing should probably be put into a function or class to make it a little more usable and modular. Probably have it return a string so this form can be inserted into a page. And since the form is structured it would be a lot nicer if you could define/configure everything at the top in one place -- like the options for the Subject'. Dying on an error is not a good practice. It should redisplay the form, maintaining any values entered, and show the error message to allow the user to fix the problem. Also it is a best practice to redirect to the success page to prevent resubmission by refreshing.
(#10850)
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: Very good contact form!

Post by jaoudestudios »

Your php could be improved even before considering classes or functions.

Html Tables for layout, seriously?!?! Inline styles? The html wont even validate to w3c.

Needs some work!
anand
Forum Commoner
Posts: 80
Joined: Fri May 22, 2009 11:07 am
Location: India
Contact:

Re: Very good contact form!

Post by anand »

Hi, I tried modifying the script. Please check how it is now and please tell me if there is any flaws in it or not.

P.S. The only change I have done in HTML is adding an "$alert". Other than that, I haven't edited the HTML part.

Code: Select all

<?php
if(isset($_POST['contact']))
//Uses the isset function to determine if the forms been posted or not.
{
function filter($str)
 {
 $str = addslashes($str);
 $str = htmlentities($str);
 return $str;
 }
 
$name = filter($_POST['name']);
$email = filter($_POST['email']);
$subj = filter($_POST['subj']);
$msg = filter($_POST['msg']);
$ip = $_SERVER['REMOTE_ADDR'];
//Creates variables for the post data and the users ip address.
if(!$name || !$email || !$msg)
//Checks for blank fields.
{
$alert ="Error! Some fields were left blank! Please try again.");
$show_form=1;
//Alert the user. and sends user back to contact page.
}
else
//There's no blank fields so we continue..
{
$mail = "YOUREMAILHERE!";
//Change to youe email address..
$subject = "Contact from $name ($subj)";
//The subject of the email..
$messg = "
Name: $name
Email Address: $email
IP Address: $ip\n
Message:
$msg";
//The email message..
mail("$mail", $subject, $messg);
//Uses the mail function to send the email.
echo("Thank you message here..");
$show_form=0;
//The thank you message.
}
}
else
//The form hasn't been submitted..
{
 
$contents = <<<CONTENT
<p align="center"><strong>Contact us..</strong></p>
<p>Use the form below to submit your queries directly to our inbox.</p>
<p>$alert</p>
<p><form method="post">
<table width="600" cellspacing="2" cellpadding="0">
<tr><td width="150">Your Name:</td>
<td width="450"><input type="text" name="name" size="30" /></td></tr>
<tr><td width="150">Email Address:</td>
<td width="450"><input type="text" name="email" size="30" /></td></tr>
<tr><td width="150">Subject:</td>
<td width="450"><select name="subj">
<option>Option 1..</option>
<option>Option 2..</option>
<option>Option 3..</option></select></td></tr>
<tr><td width="150">Your Message:</td>
<td width="450"><textarea name="msg" cols="50" rows="7"></textarea></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="contact" value="Contact Us" /></td></tr>
</table></form></p>
CONTENT;
$show_form=1;
//The form..
}
if($show_form) {echo $contents; }
?>
Waiting for replies from experts.

Regards,
Anand
User avatar
iFlex
Forum Commoner
Posts: 41
Joined: Sat May 30, 2009 3:44 am

Re: Very good contact form!

Post by iFlex »

anand wrote:Hi, I tried modifying the script. Please check how it is now and please tell me if there is any flaws in it or not.

P.S. The only change I have done in HTML is adding an "$alert". Other than that, I haven't edited the HTML part.

Code: Select all

<?php
if(isset($_POST['contact']))
//Uses the isset function to determine if the forms been posted or not.
{
function filter($str)
 {
 $str = addslashes($str);
 $str = htmlentities($str);
 return $str;
 }
 
$name = filter($_POST['name']);
$email = filter($_POST['email']);
$subj = filter($_POST['subj']);
$msg = filter($_POST['msg']);
$ip = $_SERVER['REMOTE_ADDR'];
//Creates variables for the post data and the users ip address.
if(!$name || !$email || !$msg)
//Checks for blank fields.
{
$alert ="Error! Some fields were left blank! Please try again.");
$show_form=1;
//Alert the user. and sends user back to contact page.
}
else
//There's no blank fields so we continue..
{
$mail = "YOUREMAILHERE!";
//Change to youe email address..
$subject = "Contact from $name ($subj)";
//The subject of the email..
$messg = "
Name: $name
Email Address: $email
IP Address: $ip\n
Message:
$msg";
//The email message..
mail("$mail", $subject, $messg);
//Uses the mail function to send the email.
echo("Thank you message here..");
$show_form=0;
//The thank you message.
}
}
else
//The form hasn't been submitted..
{
 
$contents = <<<CONTENT
<p align="center"><strong>Contact us..</strong></p>
<p>Use the form below to submit your queries directly to our inbox.</p>
<p>$alert</p>
<p><form method="post">
<table width="600" cellspacing="2" cellpadding="0">
<tr><td width="150">Your Name:</td>
<td width="450"><input type="text" name="name" size="30" /></td></tr>
<tr><td width="150">Email Address:</td>
<td width="450"><input type="text" name="email" size="30" /></td></tr>
<tr><td width="150">Subject:</td>
<td width="450"><select name="subj">
<option>Option 1..</option>
<option>Option 2..</option>
<option>Option 3..</option></select></td></tr>
<tr><td width="150">Your Message:</td>
<td width="450"><textarea name="msg" cols="50" rows="7"></textarea></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="contact" value="Contact Us" /></td></tr>
</table></form></p>
CONTENT;
$show_form=1;
//The form..
}
if($show_form) {echo $contents; }
?>
Waiting for replies from experts.

Regards,
Anand
That reruns an error

Code: Select all

Parse error: syntax error, unexpected ')' in /public_html/scripts/contact.php on line 21
So change

Code: Select all

$alert ="Error! Some fields were left blank! Please try again.");
to

Code: Select all

$alert ="Error! Some fields were left blank! Please try again.";
. Otherwise you get incorect syntax.

Thanks for the mod.
User avatar
iFlex
Forum Commoner
Posts: 41
Joined: Sat May 30, 2009 3:44 am

Re: Decent contact form! Review

Post by iFlex »

Also it seems to return a blank pange when testing the script. Ill look into that.
Post Reply