Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
secure php contact form
<!DOCTYPE html>
<?php error_reporting(0); ?>
<html lang="en">
<head>
<title>Secure contact form</title>
<meta charset="utf-8">
<style>
p {
margin: 0;
color: red;
}
</style>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$name = htmlspecialchars(stripslashes(trim($_POST['name'])));
$subject = htmlspecialchars(stripslashes(trim($_POST['subject'])));
$email = htmlspecialchars(stripslashes(trim($_POST['email'])));
$message = htmlspecialchars(stripslashes(trim($_POST['message'])));
if(!preg_match("/^[A-Za-z .'-]+$/", $name)){
$name_error = 'Invalid name';
}
if(!preg_match("/^[A-Za-z .'-]+$/", $subject)){
$subject_error = 'Invalid subject';
}
if(!preg_match("/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/", $email)){
$email_error = 'Invalid email';
}
if(strlen($message) === 0){
$message_error = 'Your message should not be empty';
}
}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
<label for="name">Name:</label><br>
<input type="text" name="name">
<p><?php if(isset($name_error)) echo $name_error; ?></p>
<label for="subject">Subject:</label><br>
<input type="text" name="subject">
<p><?php if(isset($subject_error)) echo $subject_error; ?></p>
<label for="email">Email:</label><br>
<input type="text" name="email">
<p><?php if(isset($email_error)) echo $email_error; ?></p>
<label for="message">Message:</label><br>
<textarea name="message"></textarea>
<p><?php if(isset($message_error)) echo $message_error; ?></p>
<input type="submit" name="submit" value="Submit">
<?php
if(isset($_POST['submit']) && !isset($name_error) && !isset($subject_error) && !isset($email_error) && !isset($message_error)){
$to = 'youremail@addres.com'; // edit here
$body = " Name: $name\n E-mail: $email\n Message:\n $message";
if(mail($to, $subject, $body)){
echo '<p style="color: green">Message sent</p>';
}else{
echo '<p>Error occurred, please try again later</p>';
}
}
?>
</form>
</body>
</html>

Secured PHP Contact Form

<?php
  if(isset($_POST['submit'])){
    $name = htmlspecialchars(stripslashes(trim($_POST['name'])));
    $subject = htmlspecialchars(stripslashes(trim($_POST['subject'])));
    $email = htmlspecialchars(stripslashes(trim($_POST['email'])));
    $message = htmlspecialchars(stripslashes(trim($_POST['message'])));
    if(!preg_match("/^[A-Za-z .'-]+$/", $name)){
      $name_error = 'Invalid name';
    }
    if(!preg_match("/^[A-Za-z .'-]+$/", $subject)){
      $subject_error = 'Invalid subject';
    }
    if(!preg_match("/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/", $email)){
      $email_error = 'Invalid email';
    }
    if(strlen($message) === 0){
      $message_error = 'Your message should not be empty';
    }
  }
?>

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
  <label for="name">Name:</label><br>
  <input type="text" name="name">
  <p><?php if(isset($name_error)) echo $name_error; ?></p>
  <label for="subject">Subject:</label><br>
  <input type="text" name="subject">
  <p><?php if(isset($subject_error)) echo $subject_error; ?></p>
  <label for="email">Email:</label><br>
  <input type="text" name="email">
  <p><?php if(isset($email_error)) echo $email_error; ?></p>
  <label for="message">Message:</label><br>
  <textarea name="message"></textarea>
  <p><?php if(isset($message_error)) echo $message_error; ?></p>
  <input type="submit" name="submit" value="Submit">
  <?php 
    if(isset($_POST['submit']) && !isset($name_error) && !isset($subject_error) && !isset($email_error) && !isset($message_error)){
      $to = 'youremail@addres.com'; // edit here
      $body = " Name: $name\n E-mail: $email\n Message:\n $message";
      if(mail($to, $subject, $body)){
        echo '<p style="color: green">Message sent</p>';
      }else{
        echo '<p>Error occurred, please try again later</p>';
      }
    }
  ?>
</form>

How to use:

  • Download contact.php file or just copy the code above to your *.php file.
  • Put the file to your website directory.
  • Change: $to = 'youremail@addres.com'; to your email address.

Feel free to modify code to suit your needs.

If you have any questions or innovations please leave me a comment.

patriktoma.studenthosting.sk

@ntot

This comment has been minimized.

Copy link

ntot commented Apr 10, 2017

Hello, amazing and well written script. Just one question, how can I redirect people to a new page when they successfully submit the page? When I see the success message, if I refresh the page it sends me the same details again. Thank you for the good work.

Peter

@patotoma

This comment has been minimized.

Copy link
Owner Author

patotoma commented Apr 10, 2017

hello @ntot,

for redirecting you can either use php header function

or just redirect using javascript like this:

echo '<script>window.location = "http://www.google.com/";</script>';
@ntot

This comment has been minimized.

Copy link

ntot commented Apr 10, 2017

Thank you, so just to confirm since I am not a PHP expert... Would it be:

    <?php 
        if(isset($_POST['submit']) && !isset($name_error) && !isset($subject_error) && !isset($email_error) && !isset($message_error)){
          $to = 'youremail@addres.com'; // edit here
          $body = " Name: $name\n E-mail: $email\n Message:\n $message";
          if(mail($to, $subject, $body)){
            echo 'header('Location: http://www.example.com/');';
          }else{
            echo '<p>Error occurred, please try again later</p>';
          }
        }
      ?>
@patotoma

This comment has been minimized.

Copy link
Owner Author

patotoma commented Apr 11, 2017

@ntot not quite like that, you don't want to use echo for such things. Echo is for printing content out so it can be read by the clients browser. Header is a php function so there is no point in printing it out. What you want to do is something like this:

if(mail($to, $subject, $body)){
    header('Location: http://www.example.com/');
}

Example with using echo would be printing out some javascript code so it can be interpreted by the clients browser:

if(mail($to, $subject, $body)){
    echo '<script>window.location = "http://www.google.com/";</script>';
}
@ntot

This comment has been minimized.

Copy link

ntot commented Apr 12, 2017

Thank you for getting back to me @patotoma, I tried the header location as you said but get the: cannot modify header information, header already sent error, any ideas? Also the JS solution is good however if you press the back button the details from the form are still there so you can spam the form.

@patotoma

This comment has been minimized.

Copy link
Owner Author

patotoma commented Apr 16, 2017

@ntot take a look at this in order to fix the cannot modify header information error. Also that thing with the form when you press back button the form is re-submitted, that's normal browser behaviour, if you need to disable that you need to handle form submitting in some other way and with additional logic.

@lena9393

This comment has been minimized.

Copy link

lena9393 commented Jun 9, 2018

Hi, Could you perhaps provide a php code snippet that would need to be added to the contact form if I wanted to attach a file and send together with the email? I would be very grateful.

<label for="image">Image:</label><br> <input type="file" name="image">

@sharonkangas

This comment has been minimized.

Copy link

sharonkangas commented Jul 23, 2018

Hi! Thanks so much for sharing this code. I would love to use it on my personal website, but am running into a couple problems. If I save the code as a stand-alone page , it works like a charm. But if I incorporate it into my one-page scrolling website, it no longer works. Specifically, it (1) provides no error messages for invalid entries, and (2) then after submitting, instead of the "message sent" message and an email in my inbox, it tries to redirect me to a non-existent webpage: www....com/<?php%20echo%20htmlspecialchars($_SERVER[
I can share my index.html file if you'd like to have a look. Thanks in advance for any insight you can share.

@sharonkangas

This comment has been minimized.

Copy link

sharonkangas commented Jul 23, 2018

I actually seem to have solved the problem myself. I didn't realize until minutes ago that any page with php code had to use the .php file extension. I made that change and now it works! Thanks again!

@ghost

This comment has been minimized.

Copy link

ghost commented Sep 26, 2018

Your form isn't sending emails to the email addresses like xxx@domain i.e., business emails.

@adriandhart

This comment has been minimized.

Copy link

adriandhart commented Nov 13, 2018

Thanks for sharing this. I have a suggestion though. Purely for tidier code; you can eliminate the empty paragraph tags where errors would be displayed, below each input like this...

<?php if(isset($name_error)) echo '<p>' . $name_error . '</p>'; ?>

Thanks again :)

@Hovoaslanian

This comment has been minimized.

Copy link

Hovoaslanian commented Jun 11, 2019

Hi there,

what about if i want only to use PHP code and embed it to my own Template will it work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.