I’m working on a client site that includes 2 basic PHP forms. They’re simple contact forms that call a contact.php file and includes some code to require some fields have data entered before the form can successfully be submitted. The complete code is:
<?php
$to = "email@anycompany.com";
$subject = "Website Contact form submission";
$email = $_REQUEST['email'] ;
$name = $_REQUEST['name'] ;
$company = $_REQUEST['company'] ;
$phone = $_REQUEST['phone'] ;
$message = $_REQUEST['message'] ;
$headers = "From: $email";
$body = "From: $name \
\
Company: $company \
\
Email: $email \
\
Phone: $phone \
\
Message: $message";
if (empty($email) || empty($name) || empty($message)) { echo "<script language=javascript>window.location = '/contact-fail/';</script>"; die();}
$sent = mail($to, $subject, $body, $headers) ;
$sent = mail($to, $subject, $body, $headers) ;
if($sent)
{echo "<script language=javascript>window.location = '/contact-sent/';</script>";}
else
{echo "<script language=javascript>window.location = '/contact-fail/';</script>";}
?>
And it appears to work. The form submits the data to an email address, so I tested it using my own email address and blank forms don’t send any data.
Since I changed the recipient email address to the client’s and launched the updated php files, the client tells me they’re still getting blank forms coming through. Completely blank, no data in any field. How is that possible?
Is there some way that the “die” can be bypassed and the form still sent despite the if(empty) code? Or is there a better way to prevent blank form submissions in php?