Jump to content

Help me, please, find my error in HTML Email Form w/ PHP


shankarees

Recommended Posts

Hi,  grin.gif

As a beginner in PHP, I am creating a Contact form and handler PHP for my website.

1.  I have created both the Form and the PHP handler, but I keep getting the below when I submit, instead of "Message was sent":
http://xxxxx.org contact.html xxx.xxx.x.xx /contact/submit xxxxx.org Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36

Here are the PHP code and HTML code.  I CANNOT see my mistake(s) and THANKS:

 

PHP:
<?php

$Name = $_POST['Name'];
$email = $_POST['email']);
$CityCountry = $_POST['CityCountry'];
$url = $_POST['url']);
$OtherHow = $_POST['OtherHow']);
$MessageQuestion = $_POST['MessageQuestion'];
$to = "xxxxxxxx@xxxxxx.xxx";
$subject = "xxxxxxx";

mail ($to, $subject, $MessageQuestion, "From: " .$Name);
echo "THANK YOU - YOUR MESSAGE HAS BEEN SENT"

?>

----------------------------------------------------------
HTML:
<!doctype html>
<html>
<head>
<metacharset="UTF-8">
<title>Contact Phoenicia</title>
</head>
<body>
  <form action="xxxx.php" method="post" name="form1" id="form1">
  <p>
    <label for="Name">Name:</label>
    <br>
  <input name="Name" type="text" required id="Name" form="form1" size="50">
  </p>
  <p>
    <label for="email">Email:</label>
    <br>
    <input name="email" type="email" required id="email" form="form1" size="50">
</p>
  <p>
    <label for="CityCountry">City and Country:</label>
    <br>
    <input name="CityCountry" type="text" required id="CityCountry" form="form1" size="50">
  </p>
  <p>
    <label for="url">Your Website's URL (optional):</label>
    <br>
<input name="url" type="text" id="url" form="form1" size="50">
<br>
  <label><br>
  </label>
  <label for="OtherHow">How did you locate PhoeniciaOrg?:</label>
  <br>
  <input name="OtherHow" type="text" id="OtherHow" form="form1" size="50">
</p>
  <p>
    <label for="MessageQuestion">Message or Qustion:</label>
    <br>
    <label for="MessageQuestion">
    </label>
    <textarea name="MessageQuestion" cols="80" rows="8" required id="MessageQuestion" form="form1"></textarea>
  </p>
    <input name="submit" type="submit" id="submit" form="form1" formaction="submit" formmethod="POST" value="Submit">
    <input name="reset" type="reset" id="reset" form="form1" value="Reset">
</form>
</body>
</html>

2. Also, I would love to add re-CAPTCHA to the form, is there an easy way to incorporate it?

 

Thank you.

Link to comment
Share on other sites

<input name="submit" type="submit" id="submit" form="form1" formaction="submit" formmethod="POST" value="Submit">
The formaction attribute is supposed to list the PHP page you want the form data submitted to. Right now it's just "submit", which probably isn't a PHP file.

 

Assuming xxxx.php up in the <form> tag is correct, then you don't need a formaction attribute on the submit button.

 

 

 

Once you get that working, and I realize you're just learning, look up information about mail header injection. Your script would be vulnerable to spammers that can rewrite the email to send any message they want.

 

-John

Link to comment
Share on other sites

Turn on php error checking.

 

Do some checking to see if you actually HAVE a posted form before you blindly just grab the items that may not exist.  Your script does the grabbing before it even sends out the form.  How is that even possible???  You should check if you have a POST and if not, then simply send out the html.  If you do have a POST then you can do the receiving and editing and build the email.

 

But most importantly - turn on error checking and resolve the error(s) that I can see in your code.  And please post the code PROPERLY next time.

Link to comment
Share on other sites

Thanks, John. Your response is clear. The handler is a separate PHP file and its code is included in my initial message. Since you say the script is vulnerable, I will drop it and use another scripting language.

 

ginerjm, I see no need to be rude or are you one of those programmers who can't communicate with people politely? I did did NOT blindly grab anything. I followed a tutorial step by step. Further, I do not have an error checker to begin with and there will NOT be a next time. I will not be posting any code "PROPERLY" whatever that means. I just wish you can be a human being and respond humanly rather being an asshole.

 

I am unsubscribing from this forum.

Link to comment
Share on other sites

Apparently you didn't read my statements as being helpful.  Your script does everything that I said it did.  You begin by attempting to "grab" input values form a non-existent POST array the very first time you execute it.  That is because there is NO form input to be retrieved since no form was sent to the client yet.  So - yes - you are 'blindly grabbing' data that does not yet exist.  Before doing this kind of thing one should CHECK if the form data has been submitted by looking at the REQUEST_METHOD to ascertain what is happening.  Personally I always check to see which submit button was clicked on as well to know what is expected of my script at that point.

 

Hopefully you now understand what I said and know that I wasn't being rude or non-responsive.  OTOH - if you left here mad at the world, good luck in your next endeavor in life.

 

Oh - and you should learn that not all tutorials are to be followed blindly.  In this case the one you used, if it was indeed written that way, is not the best way to write this kind of task.  Words to the wise programmer - Never Assume Anything.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.