Simple e-mail form script

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
simpleaspen
Forum Newbie
Posts: 2
Joined: Fri Dec 04, 2009 12:06 pm

Simple e-mail form script

Post by simpleaspen »

I am a VERY beginner PHP user but I am trying to create a simple but secure script for mailing from a contact form. It is working with one web hosting but not when I loaded it on another. So any suggestions on how to make it more secure or work better would be appreciated. I am trying to make it work for PHP 4 or 5 since that is what seems to be supported on most web hosts I work with. Here is my process form code:

Code: Select all

 
<?php
//set e-mail recipient
$myemail = "simpleaspen@gmail.com";
 
// Assign variables, check input, and give error message for required fields.
$name = check_input($_POST['name'], "Please enter your name.");
$email = check_input($_POST['email'], "Please enter a valid e-mail address.");
$mesg = check_input($_POST['message']);
$extra = check_input($_POST['extra']);
 
//If checkbox is chosen send 'yes', if not chosen send 'no'
if($_POST[newsletter]==""){ 
  $nletter="no"; 
}else{ 
  $nletter="yes"; 
}
 
 
//If e-mail is not valid show error message 
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))
{
    show_error("E-mail address not valid.  Please correct the e-mail address and resubmit.");
}
 
// Build the email (replace the address in the $to section with your own)
$to = "$myemail";
$subject = "River Rags Contact Form";
$mesg = "$name said: 
            $mesg
            sign up for newsletter?  $nletter";
            
$headers = "From: $email";
 
//honeypot field
if ($_POST["extra"] == "") { 
// Send the mail using PHPs mail() function
mail($to, $subject, $mesg, $headers);
 
/* Redirect visitor to the thank you page */
echo('Thank you!  Your message has been sent.  Return to the<a href="http://www.riverragsdesigns.com"> River Rags Designs website</a>.');
exit();
}
/* Functions we used */
function check_input($data, $problem='')
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if ($problem && strlen($data) == 0)
    {
        show_error($problem);
    }
    return $data;
}
function show_error($myError)
{
?>
    <html>
    <body>
 
    <b>Please correct the following error:</b><br />
    <?php echo "$myError <br />"; 
    echo('Return to the<a href="http://www.riverragsdesigns.com/contact.html">River Rags Designs</a> contact form.');
    ?>
 
    </body>
    </html>
<?php
exit();
}
 
?>
 
Please be honest, I really am trying to learn. Sorry this is a very beginner question. Thanks!
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Post by Jonah Bron »

Hice code, but remember to properly indent conditional statements (IFs, WHILEs, etc). I think placing a user-provided un-parsed email directly into the header could be a security risk, because the user could use you form to send spam email.
Griven
Forum Contributor
Posts: 165
Joined: Sat May 09, 2009 8:23 pm

Re: Simple e-mail form script

Post by Griven »

Your web host may have email functionality like this disabled in order to keep themselves from becoming unwilling spambots. I recommend contacting the hosting provider or reading up on their documentation in order to find out what's keeping it from sending your emails.

In addition, you should check out the PEAR Mail extension, as it offers more functionality than the generic PHP mail() function.
simpleaspen
Forum Newbie
Posts: 2
Joined: Fri Dec 04, 2009 12:06 pm

Re: Simple e-mail form script

Post by simpleaspen »

Thanks for the critiques. I will certainly look into the PEAR mail and maybe parsing the e-mail.
I appreciate you taking the time to help me out with this.

I did solve the hosting problem. The "From" address had to be a domain name e-mail address that was defined in the hosting control panel. Our client called the hosting company to see if there were any setting that could be preventing the e-mails but they said that the settings were not the problem. I guess that is just how support goes sometimes.
Post Reply