Contact form not sending full submission data via php

Question

I have an HTML contact form that uses javascript for a change function. I have a dropdown for the subject and based on what option the person chooses different fields are displayed. For example if they choose Bug report different fields appear than selecting Add my group. Whenever a user fills out the form not and it gets emailed to me their answers to the questions based on the subject theyve selected dont get emailed to me.

I have included the code below, any help appreciated.

HTML

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
<script type="text/javascript">
    $(function () {
        $("#select").change(function () {
            if ($(this).val() == "subject1") {
                $("#EVENT").show();
            } else {
                $("#EVENT").hide();
            }
            if ($(this).val() == "subject2") {
                $("#GROUPCLUBS").show();
            } else {
                $("#GROUPCLUBS").hide();
            }
            if ($(this).val() == "subject3") {
                $("#DIRECTORY").show();
            } else {
                $("#DIRECTORY").hide();
            }
            if ($(this).val() == "subject4") {
                $("#BUG").show();
            } else {
                $("#BUG").hide();
            }                     
        });
    });
</script>

<form name="contactform" method="post" action="contact.php">
<table width="450px">
<tr>
 <td valign="top">
  <label for="name">Name *</label>
 </td>
 <td valign="top">
  <input  type="text" name="name" maxlength="50" size="30">
 </td>
</tr>
<tr>
 <td valign="top">
  <label for="email">Email Address *</label>
 </td>
 <td valign="top">
  <input  type="text" name="email" maxlength="80" size="30">
 </td>
</tr>

<tr>
 <td valign="top">
<label for="subject">Subject *</label>
</td>
 <td valign="top">

<select name="subject" id="select">
  <option value="">-- select an option --</option>
  <option value="subject1">Add an Event</option>
  <option value="subject2">Add my Group or Club</option>
  <option value="subject3">I want listed in the Business Directory</option>
  <option value="subject4">Submit a Bug Report</option>
  <option value="subject5">Other Questions</option>
</select>

<div id="EVENT" style="display: none">
    <label for="EventDate">Event Date</label>
    <input type="text" name="eventdate" />
<br>
    <label for="EventTime">Event Time</label>
    <input type="text" name="eventtime" />
<br>
    <label for="EventLocation">Event Location</label>
    <input type="text" name="eventlocation" />
<br>
    <label for="EventDescription">Event Description</label>
    <input type="text" name="eventdescription" />
<br>
    <label for="Ticketinfo">Ticket Information</label>
    <input type="text" name="eventticketinfo" />
<br>
    <label for="ExtraInfo">Extra Info</label>
    <input type="text" name="extrainfo" />
<br>
    <label for="Website">Website</label>
    <input type="text" name="website" />
<br>
    <label for="ContactInfo">Contact Info</label>
    <input type="text" name="contact" />
</div> 


<div id="GROUPCLUBS" style="display: none">
    <label for="ClubDescription">Club Description</label>
    <input type="text" name="clubdescription" />
<br>
    <label for="Meet">When does the club meet?</label>
    <input type="text" name="meeting" />
<br>
    <label for="Location">Location</label>
    <input type="text" name="location" />
<br>
    <label for="Cost">Cost of joining</label>
    <input type="text" name="cost" />
<br>
    <label for="ExtraInfo">Extra Info</label>
    <input type="text" name="extrainfo" />
<br>
    <label for="ContactInfo">Contact Info</label>
    <input type="text" name="contact" />
</div> 


<div id="DIRECTORY" style="display: none">
    <label for="BusinessDescription">Business Description</label>
    <input type="text" name="businessdescription" />
<br>
    <label for="BusinessLocation">Business Location</label>
    <input type="text" name="location" />
<br>
    <label for="OpeningHours">Opening Hours</label>
    <input type="text" name="openinghours" />
<br>
    <label for="Website">Website</label>
    <input type="text" name="website" />
<br>
    <label for="ContactInfo">Contact Info</label>
    <input type="text" name="contact" />
</div> 


<div id="BUG" style="display: none">
    <label for="device">Device</label>
    <input type="text" name="device" />
<br>
    <label for="info"></label>
    <strong>Please provide more details in the message box below</strong>
</div> 
</td>
</tr>


<tr>
 <td valign="top">
  <label for="message">Message *</label>
 </td>
 <td valign="top">
  <textarea  name="message" maxlength="1000" cols="25" rows="6"></textarea>
 </td>
</tr>
<tr>
 <td colspan="2" style="text-align:center">
  <input type="submit" value="Submit"> 
 </td>
</tr>
</table>
</form>

PHP

<?php

if(isset($_POST['email'])) {

    $email_to = "david@davidsthompson.co.uk";
    $email_subject = "New Contact Form";

    function died($error) {
        // your error code can go here
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error."<br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }


    // validation expected data exists
    if(!isset($_POST['name']) ||
        !isset($_POST['email']) ||
        !isset($_POST['subject']) ||
        !isset($_POST['message'])) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
    }



    $name = $_POST['name']; // required
    $email_from = $_POST['email']; // required
    $subject = $_POST['subject']; // required 
    $message = $_POST['message']; // required 

    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';


    $string_exp = "/^[A-Za-z .'-]+$/";

  if(!preg_match($string_exp,$name)) {
    $error_message .= 'The Name you entered does not appear to be valid.<br />';
  }

  if(!preg_match($email_exp,$email_from)) {
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }

    if(strlen($subject) < 2) {
    $error_message .= 'The Subject you entered does not appear to be valid.<br />';
  }


  if(strlen($message) < 2) {
    $error_message .= 'The Message you entered does not appear to be valid.<br />';
  }

  if(strlen($error_message) > 0) {
    died($error_message);
  }

    $email_message = "Form details below.\n\n";


    function clean_string($string) {
      $bad = array("content-type","bcc:","to:","cc:","href");
      return str_replace($bad,"",$string);
    }



    $email_message .= "Name: ".clean_string($name)."\n";
    $email_message .= "Email: ".clean_string($email_from)."\n";
    $email_message .= "Subject: ".clean_string($subject)."\n";
    $email_message .= "Message: ".clean_string($message)."\n";

// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  
?>

<!-- include your own success html here -->

Thank you for contacting us. We will be in touch with you very soon.

<?php

}
?>

From the picture below you can see the information fields arnt being emailed.

Image

Answer 1

You need to send your collected variables to your email body like so..

After this...

$email_message .= "Message: ".clean_string($message)."\n";

Add this...

$email_message .= "Event Date: ".clean_string($_POST['eventdate'])."\n";
$email_message .= "Event Time: ".clean_string($_POST['eventtime'])."\n";
//etc...

Repeat this for the form fields that you want to see in the email.

You should never really accept raw input from $_POST like you have and should instead filter it to prevent against attacks.

Also I notice you are attempting to prevent email header injection which is a great (and advised) practice however, change your str_replace function to str_ireplace to ensure someone can't enter BCC (etc) and not just bcc (lowercase) into your form fields.