How do I make contact form success message appear in same page

Question

My website is one pager with nav that links to different parts of the page within the same document. So my contact is at stie.com/#contact rather than site.com/contact.html

I have my contact form coded in html using post method linking to mail.php. Upon hitting the submit button I get redirected to site.com/mail.php where the "Your message was succesfully sent" is displayed. How do I get it so that it displays right on top of the contact form since I don't have a contact.html file to turn into a contact.php and put the php code right where I want the success message to display?

<div class="row">
<div class="12u">
<form method="post" action="mail.php">
<div>
<div class="row half">
<div class="6u">
<input type="text" name="name" id="name" placeholder="Name" />
</div>
<div class="6u">
<input type="email" name="email" id="email" placeholder="Email" />
</div>
</div>
<div class="row half">
<div class="12u">
<input type="text" name="subject" id="subject" placeholder="Subject" />
</div>
</div>
<div class="row half">
<div class="12u">
<textarea name="message" id="message" placeholder="Message"></textarea>
</div>
</div>
<div class="row">
<div class="12u">
<a href="#" class="button form-button-submit">Send Message</a>
<a href="#" class="button button-alt form-button-reset">Clear Form</a>
</div>
</div>
</div>
</form>
</div>

My Mail.php

<?php

//GET INFO FROM CONTACT FORM
$name = $_POST['name'];
$email = $_POST['email'];
$subject = $_POST ['subject'];
$message = $_POST['message'];
$from .= $_POST ['email'];
$to = 'email@site.com';

// compose headers
$headers = "From: $email\r\n";
$headers .= "Reply-To: $email\r\n";

//POST SUBMIT
if ($_POST['sumbit']);
    if ($name != '' && $subject != '' && $message !='' && $email != '') {                
            if (mail ($to, $subject, $from, $message, $headers)) { 
            echo '<p>Your message has been sent!</p>';
        } else { 
            echo '<p>Something went wrong, go back and try again!</p>'; 
        }
    } else {
        echo '<p>Please fill in all required fields!!</p>';
    }
?>

@esqew I will check out AJAX thanks for the tip! – tattvabodha Nov 12 '13 at 21:54 — tattvabodha, Nov 12 '13 at 21:54

score 1 · Answer 1 · answered Nov 12 '13 at 21:50

1

You can use URL parameters with PHP:

<?php

$confDisplay = 'display:none;';

// if the url param exists, display confirmation
if(isset($_GET["confirm"]) && $_GET["confirm"]==true){
  $confDisplay = 'display:inline;';
}

?>

    ...
    <div style="<?php echo $confDisplay; ?>">
    Your form has been submitted!
    </div>
    ...

Just set your form action URL to the same page with ?confirm=true at the end.

answered Nov 12 '13 at 21:50

John

11,985
3
45
60

will this work with the IF statements I have when the submit button is hit? I assume it will if I place it below the IF statement and configure each statement like you did above – tattvabodha Nov 12 '13 at 21:57
`$_GET["confirm"]` is asking whether 'confirm' is in your URL. It is false unless your page url is suffixed with the param like so:`mysite.php?confirm=true'. Visit your page without the confirm param to hide the confirmation div. It will only show if you have it int the url, which is why your form submit, and only the form submit action url includes it. Everything else just points to the page normally. – John Nov 12 '13 at 22:46
this method is good for passing naive parameters but its always susceptible to threat so avoid this, instead code html+php in the same page ! – Shivanshu Nov 13 '13 at 00:48
@John so with this method I can't display other messages beside "your form has been submitted!" right? – tattvabodha Nov 13 '13 at 06:32
@ShivanshuSrivastava could you provide details on how? I've been at this the whole day and get it to work – tattvabodha Nov 13 '13 at 06:33
@TurkDurk You can add anything you'd like, you just need to add multiple options/values for the parameter. If you are talking about incomplete form error messages, you don't need a param for that. Instead you'd just need to check `if($_POST['name']!==''){ echo 'Name field can not be blank!';}`. $_POST['something'] is the value of the 'something' named form field in your previously submitted form. – John Nov 13 '13 at 16:55
@John could you explain how I go about the
Your form has been submitted!
I place this in my index.html where I want it to appear. But it appears if I just load the page. I have never seen it used like this. – tattvabodha Nov 14 '13 at 04:09
@TurkDurk you are toggling the value of the PHP $confDisplay variable between 'display:none;' and 'display:inline;'. By printing these strings inside the div's `style=""` tag, you are controlling the visibility of that div, effectively setting it to `style="display:none;"` by default, and `style="display:inline;"` when the confirm URL parameter is true. – John Nov 14 '13 at 13:33

Any Body · Answer 2 · 2014-01-22T19:08:43.097

Make your action field empty. Put action="" instead of action="mail.php" Then include your mail.php content inside your contact page. As you know, you have to save that page as PHP, too; for example, mycontactform.php. In this way you have more control over the content and format of the "your message submitted" message. If you separate mail.php you can't address divisions in the mycontactform.php.

Security and vulnerability of PHP codes you are using should be addressed after you have completed the page coding and tested it as up and running in your desired format, since it needs more in-depth study of PHP conventions and usages. source: A Set of Step by Step Tutorials Using HTML5, CSS3 and PHP (8)

score 0 · Answer 3 · answered Nov 13 '13 at 00:45

0

Note that your script mail.php is vulnerable to headers injection attack. You need to escape your variable $_POST['email']. You have to remove the special characters \n and \r. This can be made easily by using the str_replace function.

answered Nov 13 '13 at 00:45

Linblow

449
5
7

I don't understand escape variable. I would lose some functionality if I removed \n and \r no? – tattvabodha Nov 13 '13 at 06:39
Each mail header is seperated by two special characters \r\n (CRLF). The header _From_ and _Reply-To_ defined in your code use directly the user's email address received from the contact form. The rule #1 is to never trust user input. The user could add those two special characters and inject mail headers easily. For example, he could type: addr@dom.tld\n\rBcc: xxx@yyy.tld, xxx2@yyy2.tld. It'll also send the mail to xxx@yyy.tld and xxx2@yyy2.tld and we don't want that. Some people could use that to spam addresses. Therefore you need to detect the character \n and \r and remove them. – Linblow Nov 13 '13 at 08:51
[What does "escape" mean](http://stackoverflow.com/questions/10646142/what-does-it-mean-to-escape-a-string). I shouldn't have used this word. – Linblow Nov 13 '13 at 08:52

How do I make contact form success message appear in same page

3 Answers3