PHP "contact form" error.

[ignatius]

Hello,

I have a PHP script intended to send an e-mail to someone. It works fine and everything, but throws an "Error" message. Even though it works.

 

<?php

$name = $_POST['name'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];

$mailheader = "From:".$name."<".$email.">\r\n";

$recipient = "some@emailaddress.net";

mail($recipient, $subject, $message, $mailheader) or die("Error!");

echo'

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Contact form</title>
    <link href="https://fonts.googleapis.com/css2?family=Playfair+Display:wght@600&family=Poppins&display=swap" rel="stylesheet">
    <link rel="stylesheet" href="style.css">
</head>
</html>
';?>

 

[ginerjm]

And you want us to tell you ???

Would be nice if you told US what the error says.

[ignatius]

I was being literal. The error message is "Error."

[benanamen]

mail returns true or false, neither of which you check for.

[ginerjm]

Are you sure you have all of the values for the send?  Nothing missing?  Is your 'from' address set in those headers and does it belong to your domain?

[ignatius]

Yes. "$email" is the from address.

[ginerjm]

Well the problem is clearly with the call to mail.  Echo out all the values involved and let's see them.

[ignatius]

26 minutes ago, ginerjm said:

Well the problem is clearly with the call to mail.  Echo out all the values involved and let's see them.

Comment you mean?

[mac_gyver]

these emails are NOT being sent from the email address that is entered in the form (except perhaps during testing when you enter your own email address at your web hosting.) they are being sent from the mail server at your web hosting. the From: mail header MUST correspond to your sending mail server's domain.

you can put the entered email address in a Reply-to: mail header, after validating that it is exactly and only one properly formatted email address, to prevent mail header injection.

the mail() call is current failing with an error, causing the or die() code to be executed. if you remove that and set php's error_reporting to E_ALL and display_errors to ON, preferably in the php.ini on your system, php will help you by reporting and displaying all the errors it detects.

your post method form processing code should -

1. detect if a post method form has been submitted.
2. keep the input data as a set in an array variable, i.e. don't write out code copying variables to other variables for nothing.
3. trim all the data at once. after you do item #2 on this list, you can accomplish this using one single line of code.
4. validate all inputs, storing user/validation errors in an array, using the field name as the array index.
5. after the end of the validation logic, if there are no errors (the array will be empty), use the submitted form data.
6. apply htmlentities() to any value that gets used in a html context, to help prevent any html, css, javascript in the value from being rendered.
7. do not put the raw form data in the subject field.
8. test the returned value from the mail call. if it is a true value, the sending mail server at least accepted the email and will attempt to send it. you would use this condition to display any success message. if it is a false value, it means that the sending mail server didn't accept the email. you would set up a generic failure message for the user in this case. if you are logging all php errors, the error that is returned to php by the sending mail server will get logged. you can also use error_get_last() if you want to specifically get and log the error information.
9. after successfully completing the post method form processing code, with no errors, perform a redirect to the exact same url of the current page to cause a get request for that page. this will prevent the browser from attempting to resubmit the form data.
10. to display a one-time success message, store it in a session variable at item #9 on this list, then test, display, and clear the session variable at the appropriate location in the html document.

 

 

[ginerjm]

Huh?  Comment?  I asked you to echo out the values you are using for the mail call. and post them here.

[ignatius]

I apologize. I'm a newb to PHP. This is all above my head.

[ignatius]

1 hour ago, ginerjm said:

Huh?  Comment?  I asked you to echo out the values you are using for the mail call. and post them here.

Echo was a weird word to ask to see the results of the code. To me at least.

[ginerjm]

And you still haven't done it.  I give up.

[ignatius]

Ok. How do I do what you asked me to? The results of the form.php are "Error." That's all that comes up on the screen.

[mac_gyver]

php has a command named echo. someone asking you to echo a value, means to literally add an echo command in front of a variable so that you can see what value it actually is, and than can show others. this debugging step lets you confirm that you actually have expected values as input for the code to use.

the or die(...) output you are getting means that the mail() call failed with a php error of some kind. please review the other replies you have gotten in this thread.

[ignatius]

Thank you for that clarification. I will work on it some more when I have more time.