I have created a contact form for a client’s website. The purpose of this form is for visitors to enter some information about themselves and once they press submit, my client receives the information via email. However, the form is being submitted without any information coming through. Just emails with no contents.
Why is the contents not being sent through? I would really appreciate some guidance!
Please see my code below:
<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "me@email.com";
/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "questionnaire1.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$name = $_REQUEST['name'] ;
$telephone = $_REQUEST['telephone'] ;
$brand = $_REQUEST['brand'] ;
$target_demo = $_REQUEST['target_demo'] ;
$describe_product = $_REQUEST['describe_product'] ;
/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
$injections = array('(\
+)',
'(\\r+)',
'(\ +)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}
// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}
// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($target_demo) || empty($describe_product) || empty($telephone) || empty($brand) || empty($name)) {
header( "Location: $error_page" );
}
// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: $error_page" );
}
// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "me@email.com", "Client Questionnaire",
"From: $email_address" );
header( "Location: $thankyou_page" );
}
?>
Thanks so much ralph - this worked!
I have one follow up question. I am adding check boxes into the form and it’s giving me an error message when I submit the form in my browser. Here is the same code as above, including the additions that you provided. In bold, you will see the checkbox code I have included but it’s not working. Any advice?
<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "my@email.com";
/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "questionnaire1.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$name = $_REQUEST['name'] ;
$telephone = $_REQUEST['telephone'] ;
$brand = $_REQUEST['brand'] ;
$target_demo = $_REQUEST['target_demo'] ;
$describe_product = $_REQUEST['describe_product'] ;
/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
$injections = array('(\
+)',
'(\\r+)',
'(\ +)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}
$email_body =
"Name: $name\
\
" .
"-----------------------------------------------------------\
\
" .
"Brand: $brand\
\
" .
"-----------------------------------------------------------\
\
"
"Product Description: $describe_product" .
"-----------------------------------------------------------\
\
" .
"Target: $target_demo\
\
" .
"-----------------------------------------------------------\
\
" .
"Telephone of sender: $telephone\
\
";
[B]foreach($_POST['check'] as $value) {
$check_msg .= "Checked: $value\
";[/B]
}
// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}
// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($target_demo) || empty($describe_product) || empty($telephone) || empty($brand) || empty($name)) {
header( "Location: $error_page" );
}
// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: $error_page" );
}
// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Client Questionnaire",
$email_body, [B]$check_msg[/B], "From: $email_address" );
header( "Location: $thankyou_page" );
}
?>
You can’t just add things to the mail() function like that, as it expects only certain elements, including the email body contents where I added it. Add the collected data to the $email_body data instead. Using an array for the checkbox data is a good way to go, but I’ve done something simpler below. I’m not very good at this stuff, but I think something like this might suffice (changes in bold):
<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "my@email.com";
/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "questionnaire1.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$name = $_REQUEST['name'] ;
$telephone = $_REQUEST['telephone'] ;
$brand = $_REQUEST['brand'] ;
$target_demo = $_REQUEST['target_demo'] ;
$describe_product = $_REQUEST['describe_product'] ;
[B]if (isset($_POST['check'])) {
$check_boxes = $_POST['check'];
}
$check_selections = implode(', ', $check_boxes);[/B]
/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
$injections = array('(\
+)',
'(\\r+)',
'(\ +)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}
$email_body =
"Name: $name\
\
" .
"-----------------------------------------------------------\
\
" .
"Brand: $brand\
\
" .
"-----------------------------------------------------------\
\
"
"Product Description: $describe_product" .
"-----------------------------------------------------------\
\
" .
"Target: $target_demo\
\
" .
"-----------------------------------------------------------\
\
" .
[B]"Options checked: $check_selections\
\
" .
"-----------------------------------------------------------\
\
" .[/B]
"Telephone of sender: $telephone";
// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}
// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($target_demo) || empty($describe_product) || empty($telephone) || empty($brand) || empty($name)) {
header( "Location: $error_page" );
}
// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: $error_page" );
}
// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Client Questionnaire",
$email_body, "From: $email_address" );
header( "Location: $thankyou_page" );
}
?>
Thanks for that script. I implemented it and tried tweaking it slightly, but it’s pulling up a blank page when I submit the form.
I have pasted the PHP page below with your code included (in bold). Have I placed this right?
<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "my@email.com";
/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "questionnaire1.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";
/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$name = $_REQUEST['name'] ;
$telephone = $_REQUEST['telephone'] ;
$brand = $_REQUEST['brand'] ;
$target_demo = $_REQUEST['target_demo'] ;
$describe_product = $_REQUEST['describe_product'] ;
[B]if (isset($_POST['target'])) {
$check_selections = implode(', ', $_POST['target']);
}
echo $check_selections ;[/B]
/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
$injections = array('(\
+)',
'(\\r+)',
'(\ +)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}
$email_body =
"Name: $name\
\
" .
"-----------------------------------------------------------\
\
" .
"Brand: $brand\
\
" .
"-----------------------------------------------------------\
\
"
"Product Description: $describe_product" .
"-----------------------------------------------------------\
\
" .
"Target: $target_demo\
\
" .
"-----------------------------------------------------------\
\
" .
"Options checked: $check_selections\
\
" .
"-----------------------------------------------------------\
\
" .
"Telephone of sender: $telephone\
\
";
// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $feedback_page" );
}
// If the form fields are empty, redirect to the error page.
elseif (empty($email_address) || empty($target_demo) || empty($describe_product) || empty($telephone) || empty($brand) || empty($name)) {
header( "Location: $error_page" );
}
// If email injection is detected, redirect to the error page.
elseif ( isInjected($email_address) ) {
header( "Location: $error_page" );
}
// If we passed all previous tests, send the email then redirect to the thank you page.
else {
mail( "$webmaster_email", "Client Questionnaire",
$email_body, "From: $email_address" );
header( "Location: $thankyou_page" );
}
?>
Probably because you have error reporting turned off, and yet you echo a line and then try and do a header redirect.
Stop the redirect from happening.
If you see anything being returned such as the contents of
echo $check_selections ;
then go back and comment that out.
This blank page will be a recurring problem for you unless you turn on error_reporting:
for your entire server – as long as it is your DEV server – not your LIVE server!
or, for the directory you are working in
or, each page/script you are working on
For the latter then temporarily add these lines to the top of your script and you will find many helpful messages arriving.
<?php
// delete these lines before publishing!
error_reporting(E_ALL);
ini_set("display_errors", 1);
?>
If you notice a lot of messages now arriving at the top of your scripts, then imagine that these lines are all polluting your error log on your live server … not good when you want to track a particular error.
You can do a web search for each type of message to discover how to correct them, or just ask here.
If this guess of mine does indeed turn out to be correct (current form shows I am not doing too well in the guessing stakes at the moment ), that you do not have error reporting switched on, and you want to turn it on for your DEV server (that is best practice) then make the adjustments on your local php.ini file, restart your server and you are golden.
Search: [google]Turn on error reporting php.ini[/google]