0

So I have tried to add a contact form to my html website. it looks good but my php script that is supposed to send the email does not work. I try to click on my submit button and I get a HTTP ERROR 405. Here's the code.

<?php

$name = $_POST['name'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];

$mailheader = "From:".$name."<".$email.">\r\n";

$recipient = "kangaroo379@icloud.com";

mail($recipient, $subject, $message, $mailheader) or die("Error!");

echo'
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Contact form</title>
    <link href="https://fonts.googleapis.com/css2?family=Playfair+Display:wght@600&family=Poppins&display=swap" rel="stylesheet">
    <link rel="stylesheet" href="style.css">
</head>
<body>
    <div class="container">
        <h1>Thank you for contacting me. I will get back to you as soon as possible!</h1>
        <p class="back">Go back to the <a href="index.html">homepage</a>.</p>
        
    </div>
</body>
</html>
';


?>

I am new to this. Does anyone know what I did wrong

UltraDog
  • 3
  • 2
  • 405 error comes from the webserver, not PHP. It means "method not allowed". What do you have in the `method=` attribute of the form. – Barmar Oct 18 '22 at 21:27
  • I'm hosting from localhost so that would be weird – UltraDog Oct 18 '22 at 21:28
  • Check your webserver log. – Barmar Oct 18 '22 at 21:28
  • How do I do that? – UltraDog Oct 18 '22 at 21:30
  • @UltraDog "Server" in this case doesn't mean a piece of hardware, it means a piece of software. If you're running PHP, you must be running some software as a web server - Apache, Nginx, and Microsoft IIS are the most popular. Barmar is saying that the 405 response is likely coming from that software, before it even runs your PHP, so you need to find the error logs for that. How you do that depends what the software is, and how you've installed it. – IMSoP Oct 18 '22 at 21:31
  • https://blog.codeasite.com/how-do-i-find-apache-http-server-log-files/ – Barmar Oct 18 '22 at 21:31
  • Webserver == localhost – Barmar Oct 18 '22 at 21:31
  • Im on windows so the website steps do not work for me – UltraDog Oct 18 '22 at 21:33
  • I'm only using the vs code live server extension. So I do not know where it stores the logs – UltraDog Oct 18 '22 at 21:35
  • 1
    @UltraDog There is no "only" about that - nobody looking at your question could have guessed that you are using that particular software, so it would be very valuable to [edit] it into your description of what you've tried. Perhaps searching for existing questions mentioning it will help you at least find the lugs. (I've never used it myself, so can't help specifically.) – IMSoP Oct 18 '22 at 21:48
  • `I'm only using the vs code live server extension`...that's the problem then. That only provides a super-simplistic webserver which can respond to simple GET requests. It's designed to just demo static or Javascript-driven front-end pages. It cannot accept POST requests and it cannot execute PHP code. – ADyson Oct 18 '22 at 22:09
  • You need an actual webserver (such as Apache, IIS or Ngnix) with PHP installed on it, and serve your pages via that on `http://localhost`. (You can use the Live Server extension, together with [this extension](https://github.com/ritwickdey/live-server-web-extension) to get "live reload" functionality with your server-side pages (similar to what you get out of the box with static pages), but you still require the actual webserver to process the requests and execute the PHP. – ADyson Oct 18 '22 at 22:10
  • Also, you really, really need to properly sanitize your input from those forms or it can create some very nasty cross-scripting vulnerabilities. Name, email, subject and message should be sanitized for special characters that could cause arbitrary code execution. – Trent Three Oct 18 '22 at 22:53
  • 1
    @TrentThree No. XSS is stopped by _output_ sanitising, not _input_ sanitising. htmlspecialchars() can be used, but only when echoing the data into a _HTML document_. Santising in this way at input effectively corrupts the data. Such data residing in a database poses no XSS threat, for instance. Nor would it if, for example, a script were to pull it out and write it to a CSV file. So if it were being sent in a HTML email, it would make sense to sanitise it before putting into the email (although mail readers generally don't execute JS anyway), but it appears to be plain text mail in this case. – ADyson Oct 18 '22 at 23:19
  • @TrentThree See also https://stackoverflow.com/questions/16965318/when-to-use-htmlspecialchars, https://stackoverflow.com/questions/4882307/when-to-use-htmlspecialchars-function and https://stackoverflow.com/questions/129677/how-can-i-sanitize-user-input-with-php – ADyson Oct 18 '22 at 23:22

0 Answers0