Picnic Website Code Tutorials

PHP Contact Form Validation & Security Tutorial

Here is a working example.

Here is an updated version with all the bells and whistles too Form To Email - The Ultimate Guide!

This PHP script validates any and all input fields that you choose, and has many security measures built in, plus a few extra nice features. A while back when I was looking for php formmail scripts, I was somewhat unhappy with what I was finding. Sure there are a lot of scripts and resources on the subject, but to a novice, they were all confusing at best! Even if you managed to figure out how to implement the whole process, most, if not all of the scripts are absolutely huge and nearly impossible to maintain, edit, and/or customize. Most of the scripts I was coming across where all like ten pages worth of php code - that’s way to big for my taste. I like to know exactly what I am putting on my server.

So...I set out to put together one of my own. And, what I ended up building is a pretty awesome script that is extremely simple to implement, and edit your own personal information into. I'm by no means a php expert - far from it actually. However, the script below is built from the ground up by piecing together the best snippet of code from each of the best available scripts online. Also, equally as important to me, was removing all the excess bloat from the scripts. What’s left, is a lean, mean, PHP Formail Machine! I'm quite proud of it if you can't tell.

Step 1) Create a formmailerror.php file and place it in your root folder. Within this page put a sentence or two in it like this: There was an error in the information you entered. You either failed to fill in all of the required information, or made a mistake while typing. You may try again by using the back button in your browser.

Step 2) Create a thankyou.php file and place it in your root folder. Within this page put a phrase in it like this: Thank You!

Step 3) Create a formmail.php file and place it in your root folder. Within this page place the script below. Note: Do not put any other code on this page, such as, doctypes, <html> tags, or etc.

Step 4) Input your own personal information into the script below anywhere you see comments instructing you to do so (i.e. there are five sections you will need to customize, all clearly labeled).

Step 5) Add action="formmail.php" to the <form> tag on your contact page so it looks like the snippit directly below. Thats it - your welcome!

<form  method="post" action="formmail.php">
		

The Script

<?php
// Input Your Personal Information Here
$mailto = 'YourEmail.com' ;
$from = "YourDomain.com Formmail" ;
$formurl = "http://YourDomain.com/formmail.php" ;
$errorurl = "http://YourDomain.com/formmailerror.php" ;
$thankyouurl = "http://YourDomain.com/thankyou.php" ;
// End Edit

// prevent browser cache
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); 

function remove_headers($string) { 
  $headers = array(
    "/to\:/i",
    "/from\:/i",
    "/bcc\:/i",
    "/cc\:/i",
    "/Content\-Transfer\-Encoding\:/i",
    "/Content\-Type\:/i",
    "/Mime\-Version\:/i" 
  ); 
  if (preg_replace($headers, '', $string) == $string) {
    return $string;
  } else {
    die('You think Im spammy? Spammy how? Spammy like a clown, spammy?');
  }
}

$uself = 0;
$headersep = (!isset( $uself ) || ($uself == 0)) ? "\r\n" : "\n" ;

if (!isset($_POST['email'])) {
	header( "Location: $errorurl" );
	exit ;
}

// Input Your Personal Information Here
$name = remove_headers($_POST['name']);
$email = remove_headers($_POST['email']);
$subject = remove_headers($_POST['subject']);
$comments = remove_headers($_POST['comments']);
$http_referrer = getenv( "HTTP_REFERER" );
// End Edit

if (!preg_match("/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i",$email)) {
header( "Location: $errorurl" );
    exit ;
}

// Input Your Personal Information Here
if (empty($name) || empty($email) || empty($subject) ||empty($comments)) {
   header( "Location: $errorurl" );
   exit ;
}
// End Edit

if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
	header( "Location: $errorurl" );
	exit ;
}
if (get_magic_quotes_gpc()) {
	$comments = stripslashes( $comments );
}

// sets max amount of characters in comments area (edit as nesesary)
if (strlen($comments) > 1250) {
$comments=substr($comments, 0, 1250).'...';
}
// End Edit

$message =
	"This message was sent from:\n" .
	"$http_referrer\n\n" .
	
	// Input Your Personal Information Here
	"Name: $name\n\n" .
	"Email: $email\n\n" .
	"Subject: $subject\n\n" .
	"Comments: $comments\n\n" .
	"\n\n------------------------------------------------------------\n" ;
	// End Edit

mail($mailto, $from, $message,
	"From: \"$name\" <$email>" . $headersep . "Reply-To: \"$name\" <$email>" . $headersep );
header( "Location: $thankyouurl" );
exit ;

?>
		

The above script will output this in your email.

This message was sent from:
http://www.YourDomain.com/contact.php

Name: Bob

Email: Bob@gmail.com

Subject: Awesome!

Comments: This is so easy!
		

Notes: First, any file using php needs to have a .php extention in order to work. Second, and almost a moot point these days, your hosting provider must support php in order for this to work.

Sponsors

Top Donators

Friends of Mine