0

i'm having trouble with a validating a simple contact form (name, email, message). I have managed to use PHP to actually send the message to my email, however you can just enter in random words for the email and it will send. There no way to filter this, I want a valid email to be entered not just jibberish. Not quite sure what I'm doing wrong as I'm quite new to PHP. Also a way to perhaps stop spam/being hacked would be great too.

<?php


if ($_SERVER["REQUEST_METHOD"] == 'submit') {
  if (empty($_POST['name'])) {
    $nameErr = "Name is required";
  } else {
    $name = test_input($_POST['name']);
    // check if name only contains letters and whitespace
    if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
      $nameErr = "Only letters and white space allowed";
    }
  }

  if (empty($_POST['email'])) {
    $emailErr = "Email is required";
  } else {
    $email = test_input($_POST['email']);
    // check if e-mail address is well-formed
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
      $emailErr = "Invalid email format";
    }


  if (empty($_POST['message'])) {
    $message = "Message is required";
  } else {
    $message = test_input($_POST['message']);
  }

}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

if (isset($_POST['submit'])) {
   $name = $_POST['name'];
   $subject = $_POST['subject'];
   $emailFrom = $_POST['email'];
   $message = $_POST['message'];

   $emailTo = "domain@domain.com.au";
   $headers = "From: ".$emailFrom;
   $txt = "You have received an email from ".$name.".\n\n".$message;


   mail($emailTo, $subject, $txt, $headers);
   header("Location: index.php?mailsent");

}

?>

And the HTML. 

<form class="contact-form" action="contactform.php" method="post">
        <div class="row">
           <div class="col span-1-of-3">
              <label for="name">Name</label>
           </div>

           <div class="col span-2-of-3">
              <input type="text" name="name" placeholder="Your name" required>
           </div>
        </div>

        <div class="row">
           <div class="col span-1-of-3">
              <label for="email">Email</label>
           </div>

           <div class="col span-2-of-3">
              <input type="text" name="email" placeholder="Your e-mail" required>
           </div>
        </div>

        <div class="row">
           <div class="col span-1-of-3">
              <label for="subject">Subject</label>
           </div>

           <div class="col span-2-of-3">
        <input type="text" name="subject" placeholder="Subject">
           </div>
        </div>

        <div class="row">
           <div class="col span-1-of-3">
              <label>Message</label>
           </div>

           <div class="col span-2-of-3">
              <textarea name="message" placeholder="Message"></textarea>

              <button type="submit" name="submit">Send Mail</button>
           </div>
        </div>
     </form>

As mentioned I can successfully send myself an email but the validation doesn't work. After I hit submit it just displays the php code.

Any help is really appreciated and if you could suggest some good resources/books to learn php that'd be great too.

Thanks!

Pie
  • 25
  • 1
  • 4
  • You are setting error strings but you don't use them. Check if they are empty before you try to send the message. – jeroen Apr 12 '18 at 10:14

1 Answers1

1

change your html into this

<input type="email" name="email" placeholder="Your e-mail" required>

i think its work

oza quisba
  • 51
  • 6