1

I have a form page that I need to gather all input data and send them to my email. How do I do this using only html, css, php, or javascript?

here is what the page looks like https://www.dropbox.com/s/zjhqrldyprrofnl/FORM.PNG?dl=0

here is my php code

<?php 
$DATE = $_POST['DATE'];
$TIME = $_POST['TIME'];
$NAME = $_POST['NAME'];

$formcontent="From: $NAME \n Message: $DATE and $TIME";
$recipient = "rickyj250@gmail.com";
$subject = "Contact Form";
$mailheader = "From: $NAME \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
echo "<script type='text/javascript'>alert('The Rocco's Team will contact 
you soon!')</script>";
?>

I've tried different types of get and actions methods but so far no luck.

Here is the HTML code

<div class="tab-pane fade show active" id="submit" role="tabpanel" aria-labelledby="submit-tab">
         <div class="card-body text-center">

            <br>
            <h5 class="card-title"><u> DATE & TIME </u></h5>
            <h7>Order ready by:</h7>

            <form method="post" action="form.php">
             <div class=" container form-group">
                 <div class="col-12">
                    <input class="form-control" type="date" value="2012-12-12" id="DATE">
                  </div>

                  <div class="col-12">
                    <input class="form-control" type="time" value="13:45:00" id="TIME">
                  </div>
                </div>



              <h5 class="card-title"><u>ENTER INFO</u></h5>

        <div class="container">

            <div class="row" style="justify-content: center;">


                <div class="input-group col-12">
                  <div class="input-group-prepend">
                    <span class="input-group-text" id="NAME">First & Last Name</span>
                  </div>
                  <input type="text" class="form-control">
                  <input type="text" class="form-control">
                </div>


        <div class="container">
            <div class="row">


                <div class="input-group col-12">
                  <div class="input-group-prepend">
                    <span class="input-group-text" id="EMAIL">Email</span>
                  </div>
                  <input type="text" class="form-control" aria-label="Default" aria-describedby="inputGroup-sizing-default">
                 </div>

                </div>

        </div>


                 <div class="input-group col-12">
                  <div class="input-group-prepend">
                  <span class="input-group-text">Phone Number</span>
                 </div>
                    <input class="form-control" type="tel" value="1-(555)-555-5555" id="PHONE">
                  </div>


            </div>
        </div>

        <div class="container">
            <div class="row">

            <div class="form-group col-12"><br>
                <h5 class="card-title"><u>ENTER YOUR ORDER</u></h5>
                <textarea class="form-control" placeholder="# of pizzas and toppings   Type of pasta and sauce    Full or Half Orders    ETC.." id="ORDER" rows="5"></textarea>
              </div>
                </form>

                        </div>
                    </div>

        <div class="container">
            <button type="button" class="btn btn-secondary btn-lg btn-block">Reset</button>
            <button type="submit" class="btn btn-primary btn-lg btn-block">Submit</button>
        </div>
        <br>


                </div> <!-- END OF SUBMIT CARD BODY-->
    </div><!-- END OF SUBMIT FORM-->

I want the form data to be formatted into an ordered email.

Ricky Jaime
  • 63
  • 6
  • 2
    Please post code as text, not images. – Nick Feb 10 '19 at 23:58
  • 1
    Sorry, fixed it! – Ricky Jaime Feb 11 '19 at 00:03
  • 1
    don't you think it's something very common in web development? I am pretty sure you will find a lot of examples in the net – Temani Afif Feb 11 '19 at 00:04
  • Thanks for the reply. As I stated, I've tried multiple methods but no luck. – Ricky Jaime Feb 11 '19 at 00:05
  • You would have a hard time using GET if your PHP code is reading it from POST. POST certainly seems like the correct method to use for this form submission. I would suggest moving your
    tag to be the parent of your entire structure of that make up the interface. Then on your "Submit" button change the type to be type="submit"
     – tzengia Feb 11 '19 at 00:05
  • Expanding-Dev -- Thanks! I put the form tag to be parent of all inputs and changed the submit type. When I click submit nothings happens – Ricky Jaime Feb 11 '19 at 00:11
  • 1. You don't have any inputs that have name: `DATE`, `TIME`, or `NAME`, 2. You have multiple forms and each form have 1 input field inside, when you click submit, only 1 form will be sent, not all forms inside your HTML code. I guess that you are learning how HTML's form works, so start with a simple example before adding any bootstrap styling: https://www.w3schools.com/html/html_forms.asp –  Feb 11 '19 at 00:12
  • I changed the code so there is only one form element. Instead of ID= for the inputs, I am changing them to name= – Ricky Jaime Feb 11 '19 at 00:18
  • Possible duplicate of [How to create an email form that can send email using html](https://stackoverflow.com/questions/8239782/how-to-create-an-email-form-that-can-send-email-using-html) – But those new buttons though.. Feb 11 '19 at 00:21

1 Answers1

2

First off, you're using too many form elements!
(See this stack overflow post).

Use one form tag with the entire form interface (the textareas and buttons) inside or it.

Also, add the type="submit" to your Submit button.

You'll also have to add another line to your PHP code to grab the "ORDER" textareas value. 

$ORDER = $_POST['ORDER'];

And then you can append that to the email as you'd like. But one more thing to consider: This form is extremely vulnerable and dangerous!

You are taking input straight from the user (who could be a malicious hacker) and feeding it straight to your email. That's not good! Even a very inexperienced hacker could exploit this and type in malicious code into the "DATE" field (or any of the other fields) and submit it. When you open up the email, wham! His code executes and the hacker does his evil deeds to your computer. Please read up on input sanation/HTML character escaping for PHP. You should end up wrapping your $DATE and other PHP variables you grab from POST with htmlspecialchars(). For example:. 

$ORDER = htmlspecialchars($_POST['ORDER']);

Now hackers can't put malicious code into your ORDER field as it will be escaped and not executed when you open the email on your computer.

W3Schools has an alright explanation about handling input securely from forms.

Also as your pointed out, you need to use name and not id for your input fields (I missed that at first too, whoops).

Also, make sure that your webserver has mail sending capability. Not every server has that ability.

tzengia
  • 352
  • 5
  • 12
  • Can I ask, why is it only the date input field that is supposedly vulnerable and no other? – ptts Feb 11 '19 at 00:22
  • 1
    @ptts All of the input fields are vulnerable, I was only using the DATE field as an example. I'll clarify my answer. – tzengia Feb 11 '19 at 00:23
  • 1
    Thanks! I fixed all of the things you mentions. and really, thanks for the info and references I can read up on. Helping me learn big time! – Ricky Jaime Feb 11 '19 at 00:32
  • @RickyJaime I hope it works! Also please accept the answer if it did work for you – tzengia Feb 11 '19 at 00:33
  • I have "
    " as the main form element. Is there something I'm missing here? also the submit button doesnt do anything
     – Ricky Jaime Feb 11 '19 at 00:35
  • I had the "name=" inside of the span element instead of the input element but still no luck emailing – Ricky Jaime Feb 11 '19 at 00:44
  • @RickyJaime you want to have the name on the input tag, not the span, and are you use you should have "/action.php" and not just "action.php"? Finally, you want your submit and reset buttons to be inside of the form tag as well in order for submit to work – tzengia Feb 11 '19 at 00:45
  • Okay, awesome! sorry for the bunch of small mistakes (Im very new to this) but the submit button works now, but the only thing is the php page is opening when submit is clicked instead of anything else being done. – Ricky Jaime Feb 11 '19 at 00:59
  • @RickyJaime When you say "PHP page is opening" do you mean that you see the PHP code? Or are you seeing a blank page? If you can see the PHP code from your web browser then maybe you need to make sure your server had PHP installed correctly – tzengia Feb 11 '19 at 01:02