WTFranklin

Hey, After putting that all the pages, in this line use this: <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" id="form1"> That server variable should use the current page the form is on, I'm sure as long as those variables are turned on in your php.ini file (usually are by default, as far as I know). Unless you mean to use this same validation script in all of your files and you don't want it to leave the page, which you can add target="_blank" in your form tag and that'll open in a new window leaving your other one in tact. I hope that helps!

Hey, honestly I don't think I'd be much help with the security, but I noticed the bit about preventing a blank email from being sent which I think I can help with. I'm assuming you have a js function for validateform() returning true. What I've done with something I've made like this before is have js check the form to make sure it's good, but also use php to make sure none of the fields are left blank. Very simplified compared to what you have, of course, but something like: $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email']; if(isset($first_name) && isset($last_name) && isset($email)) { mail($your, $headers, $and, $other_info); } That way it'll only send if all the variables are set. They could always enter irrelevant gibberish, but at least it wouldn't be a blank email. I hope that helps at least somewhat.