Redircting mail.php script

Question

I would like to keep the mail.php script separate from the thank you page and have it redirect there after the script has run. My following script is causing an error - headers already sent...

What do I need to change to get the header call to work correctly?

 <?php 
session_start();
if(isset($_SESSION['captcha_value']) && isset($_POST['text3'])){
  if($_SESSION['captcha_value'] != $_POST['text3']){
    echo "invalid captcha";
    die();  
  }
}else{
  echo "invalid captcha";
  die();
}
?>





<?php require_once('../inc/header-scripts.php'); ?>

<?php
if(isset($_POST['email'])) {

    // EDIT THE 2 LINES BELOW AS REQUIRED
    $email_to = "me@mysite.com";
    $email_subject = "NEW MESSAGE";


    function died($error) {
        // your error code can go here
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }

    // validation expected data exists
    if(!isset($_POST['first_name']) ||

        !isset($_POST['email']) ||
        !isset($_POST['telephone']) ||
        !isset($_POST['comments']))


        {
        died('We are sorry, but there appears to be a problem with the form you submitted.');      
    }

    $first_name = $_POST['first_name']; // required

    $email_from = $_POST['email']; // required
    $telephone = $_POST['telephone']; // not required
    $comments = $_POST['comments']; // required

    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
    $string_exp = "/^[A-Za-z .'-]+$/";
  if(!preg_match($string_exp,$first_name)) {
    $error_message .= 'The First Name you entered does not appear to be valid.<br />';
  }

  if(strlen($comments) < 2) {
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }



  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "";

    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }

    $email_message .= "First Name: ".clean_string($first_name)."\n";

    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Telephone: ".clean_string($telephone)."\n";
    $email_message .= "Comments: ".clean_string($comments)."\n";


// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers); 



?>

<!-- include your own success html here -->



<?php
}
?>


<?php
header('location: thank-you.php');
?>

Answer 1

You have a lot of extra space, along with an HTML comment. Take out all but the opening and closing PHP braces, and remove the HTML comment line. Be aware that if the captcha fails, it's going to stay on that page without redirecting. You might want to save the error somehow ($_SESSION or $_GET variables) and redirect to the previous page.

<?php 
session_start();
if(isset($_SESSION['captcha_value']) && isset($_POST['text3'])){
  if($_SESSION['captcha_value'] != $_POST['text3']){
    echo "invalid captcha";
    die();  
  }
}else{
  echo "invalid captcha";
  die();
}

require_once('../inc/header-scripts.php'); 

if(isset($_POST['email'])) {

    // EDIT THE 2 LINES BELOW AS REQUIRED
    $email_to = "me@mysite.com";
    $email_subject = "NEW MESSAGE";


    function died($error) {
        // your error code can go here
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }

    // validation expected data exists
    if(!isset($_POST['first_name']) ||

        !isset($_POST['email']) ||
        !isset($_POST['telephone']) ||
        !isset($_POST['comments']))
        {
        died('We are sorry, but there appears to be a problem with the form you submitted.');      
    }

    $first_name = $_POST['first_name']; // required

    $email_from = $_POST['email']; // required
    $telephone = $_POST['telephone']; // not required
    $comments = $_POST['comments']; // required

    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
    $string_exp = "/^[A-Za-z .'-]+$/";
  if(!preg_match($string_exp,$first_name)) {
    $error_message .= 'The First Name you entered does not appear to be valid.<br />';
  }

  if(strlen($comments) < 2) {
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }



  if(strlen($error_message) > 0) {
    died($error_message);
  }
    $email_message = "";

    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }

    $email_message .= "First Name: ".clean_string($first_name)."\n";

    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Telephone: ".clean_string($telephone)."\n";
    $email_message .= "Comments: ".clean_string($comments)."\n";


// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers); 
}

header('location: thank-you.php');
?>