Page 1 of 1

Decent contact form! Review

Posted: Sat May 30, 2009 4:47 am
by iFlex
Ok this is the best contact form ever and it so I think ill share it with you.

It sends an email (Normaly via your webhosts mail server) with the contacts name, email, message and IP address.
Im work on anti-spam code for well anti-spam.

Code: Select all

<?php 
if(isset($_POST['contact'])) 
//Uses the isset function to determine if the forms been posted or not. 
{ 
$name = $_POST['name']; 
$email = $_POST['email']; 
$subj = $_POST['subj']; 
$msg = $_POST['msg']; 
$ip = $_SERVER['REMOTE_ADDR']; 
//Creates variables for the post data and the users ip address. 
if(!$name || !$email || !$msg) 
//Checks for blank fields. 
{ 
die("Error! Some fields were left blank! Please go back."); 
//Alert the user. and kill the script. 
} 
else 
//There's no blank fields so we continue.. 
{ 
$mail = "YOUREMAILHERE!"; 
//Change to youe email address.. 
$subject = "Contact from $name ($subj)"; 
//The subject of the email.. 
$messg = " 
Name: $name 
Email Address: $email 
IP Address: $ip\n 
Message: 
$msg"; 
//The email message.. 
mail("$mail", $subject, $messg); 
//Uses the mail function to send the email. 
echo("Thank you message here.."); 
//The thank you message. 
} 
} 
else 
//The form hasn't been submitted.. 
{ 
echo("<p align=\"center\"><strong>Contact us..</strong></p> 
<p>Use the form below to submit your queries directly to our inbox.</p> 
<p><form method=\"post\"> 
<table width=\"600\" cellspacing=\"2\" cellpadding=\"0\"> 
<tr><td width=\"150\">Your Name:</td> 
<td width=\"450\"><input type=\"text\" name=\"name\" size=\"30\" /></td></tr> 
<tr><td width=\"150\">Email Address:</td> 
<td width=\"450\"><input type=\"text\" name=\"email\" size=\"30\" /></td></tr> 
<tr><td width=\"150\">Subject:</td> 
<td width=\"450\"><select name=\"subj\"> 
<option>Option 1..</option> 
<option>Option 2..</option> 
<option>Option 3..</option></select></td></tr> 
<tr><td width=\"150\">Your Message:</td> 
<td width=\"450\"><textarea name=\"msg\" cols=\"50\" rows=\"7\"></textarea></td></tr> 
<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"contact\" value=\"Contact Us\" /></td></tr> 
</table></form></p>"); 
//The form.. 
} 
?>
Things you need to change:

Your email, where is sais YOUREMAIL here change that to your email.

Options, 10, 9, 8th line from the bottom are options, change theese to something like, general issue, important matter, other...

The thankyou message- Change it to something like 'Thankyou for your email'
And thats it I think.

Enjoy

-Flex

Re: Very good contact form!

Posted: Sat May 30, 2009 7:46 am
by onion2k
No validation of the content, inflexible design, lack of quoting or cleansing of data, die()ing if the user misses required fields (seriously?), no indication of which fields are required, table based HTML layout, horrible variable names ($messg? Why not $message?)...

That's one of the worst contact forms I've seen in a long time.

Re: Very good contact form!

Posted: Sat May 30, 2009 3:52 pm
by Christopher
onion2k wrote:That's one of the worst contact forms I've seen in a long time.
Well .... not the worst ... but close.

I think cleaning and escaping the input is a must have change. The whole thing should probably be put into a function or class to make it a little more usable and modular. Probably have it return a string so this form can be inserted into a page. And since the form is structured it would be a lot nicer if you could define/configure everything at the top in one place -- like the options for the Subject'. Dying on an error is not a good practice. It should redisplay the form, maintaining any values entered, and show the error message to allow the user to fix the problem. Also it is a best practice to redirect to the success page to prevent resubmission by refreshing.

Re: Very good contact form!

Posted: Sat May 30, 2009 4:22 pm
by jaoudestudios
Your php could be improved even before considering classes or functions.

Html Tables for layout, seriously?!?! Inline styles? The html wont even validate to w3c.

Needs some work!

Re: Very good contact form!

Posted: Sun May 31, 2009 1:18 am
by anand
Hi, I tried modifying the script. Please check how it is now and please tell me if there is any flaws in it or not.

P.S. The only change I have done in HTML is adding an "$alert". Other than that, I haven't edited the HTML part.

Code: Select all

<?php
if(isset($_POST['contact']))
//Uses the isset function to determine if the forms been posted or not.
{
function filter($str)
 {
 $str = addslashes($str);
 $str = htmlentities($str);
 return $str;
 }
 
$name = filter($_POST['name']);
$email = filter($_POST['email']);
$subj = filter($_POST['subj']);
$msg = filter($_POST['msg']);
$ip = $_SERVER['REMOTE_ADDR'];
//Creates variables for the post data and the users ip address.
if(!$name || !$email || !$msg)
//Checks for blank fields.
{
$alert ="Error! Some fields were left blank! Please try again.");
$show_form=1;
//Alert the user. and sends user back to contact page.
}
else
//There's no blank fields so we continue..
{
$mail = "YOUREMAILHERE!";
//Change to youe email address..
$subject = "Contact from $name ($subj)";
//The subject of the email..
$messg = "
Name: $name
Email Address: $email
IP Address: $ip\n
Message:
$msg";
//The email message..
mail("$mail", $subject, $messg);
//Uses the mail function to send the email.
echo("Thank you message here..");
$show_form=0;
//The thank you message.
}
}
else
//The form hasn't been submitted..
{
 
$contents = <<<CONTENT
<p align="center"><strong>Contact us..</strong></p>
<p>Use the form below to submit your queries directly to our inbox.</p>
<p>$alert</p>
<p><form method="post">
<table width="600" cellspacing="2" cellpadding="0">
<tr><td width="150">Your Name:</td>
<td width="450"><input type="text" name="name" size="30" /></td></tr>
<tr><td width="150">Email Address:</td>
<td width="450"><input type="text" name="email" size="30" /></td></tr>
<tr><td width="150">Subject:</td>
<td width="450"><select name="subj">
<option>Option 1..</option>
<option>Option 2..</option>
<option>Option 3..</option></select></td></tr>
<tr><td width="150">Your Message:</td>
<td width="450"><textarea name="msg" cols="50" rows="7"></textarea></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="contact" value="Contact Us" /></td></tr>
</table></form></p>
CONTENT;
$show_form=1;
//The form..
}
if($show_form) {echo $contents; }
?>
Waiting for replies from experts.

Regards,
Anand

Re: Very good contact form!

Posted: Sun May 31, 2009 4:42 am
by iFlex
anand wrote:Hi, I tried modifying the script. Please check how it is now and please tell me if there is any flaws in it or not.

P.S. The only change I have done in HTML is adding an "$alert". Other than that, I haven't edited the HTML part.

Code: Select all

<?php
if(isset($_POST['contact']))
//Uses the isset function to determine if the forms been posted or not.
{
function filter($str)
 {
 $str = addslashes($str);
 $str = htmlentities($str);
 return $str;
 }
 
$name = filter($_POST['name']);
$email = filter($_POST['email']);
$subj = filter($_POST['subj']);
$msg = filter($_POST['msg']);
$ip = $_SERVER['REMOTE_ADDR'];
//Creates variables for the post data and the users ip address.
if(!$name || !$email || !$msg)
//Checks for blank fields.
{
$alert ="Error! Some fields were left blank! Please try again.");
$show_form=1;
//Alert the user. and sends user back to contact page.
}
else
//There's no blank fields so we continue..
{
$mail = "YOUREMAILHERE!";
//Change to youe email address..
$subject = "Contact from $name ($subj)";
//The subject of the email..
$messg = "
Name: $name
Email Address: $email
IP Address: $ip\n
Message:
$msg";
//The email message..
mail("$mail", $subject, $messg);
//Uses the mail function to send the email.
echo("Thank you message here..");
$show_form=0;
//The thank you message.
}
}
else
//The form hasn't been submitted..
{
 
$contents = <<<CONTENT
<p align="center"><strong>Contact us..</strong></p>
<p>Use the form below to submit your queries directly to our inbox.</p>
<p>$alert</p>
<p><form method="post">
<table width="600" cellspacing="2" cellpadding="0">
<tr><td width="150">Your Name:</td>
<td width="450"><input type="text" name="name" size="30" /></td></tr>
<tr><td width="150">Email Address:</td>
<td width="450"><input type="text" name="email" size="30" /></td></tr>
<tr><td width="150">Subject:</td>
<td width="450"><select name="subj">
<option>Option 1..</option>
<option>Option 2..</option>
<option>Option 3..</option></select></td></tr>
<tr><td width="150">Your Message:</td>
<td width="450"><textarea name="msg" cols="50" rows="7"></textarea></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="contact" value="Contact Us" /></td></tr>
</table></form></p>
CONTENT;
$show_form=1;
//The form..
}
if($show_form) {echo $contents; }
?>
Waiting for replies from experts.

Regards,
Anand
That reruns an error

Code: Select all

Parse error: syntax error, unexpected ')' in /public_html/scripts/contact.php on line 21
So change

Code: Select all

$alert ="Error! Some fields were left blank! Please try again.");
to

Code: Select all

$alert ="Error! Some fields were left blank! Please try again.";
. Otherwise you get incorect syntax.

Thanks for the mod.

Re: Decent contact form! Review

Posted: Sun May 31, 2009 4:45 am
by iFlex
Also it seems to return a blank pange when testing the script. Ill look into that.