Skip to content

Instantly share code, notes, and snippets.

@patotoma
Last active October 7, 2023 07:39
Show Gist options
  • Save patotoma/8860726 to your computer and use it in GitHub Desktop.
Save patotoma/8860726 to your computer and use it in GitHub Desktop.
secure php contact form
<!DOCTYPE html>
<?php error_reporting(0); ?>
<html lang="en">
<head>
<title>Secure contact form</title>
<meta charset="utf-8">
<style>
p {
margin: 0;
color: red;
}
</style>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$name = htmlspecialchars(stripslashes(trim($_POST['name'])));
$subject = htmlspecialchars(stripslashes(trim($_POST['subject'])));
$email = htmlspecialchars(stripslashes(trim($_POST['email'])));
$message = htmlspecialchars(stripslashes(trim($_POST['message'])));
if(!preg_match("/^[A-Za-z .'-]+$/", $name)){
$name_error = 'Invalid name';
}
if(!preg_match("/^[A-Za-z .'-]+$/", $subject)){
$subject_error = 'Invalid subject';
}
if(!preg_match("/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/", $email)){
$email_error = 'Invalid email';
}
if(strlen($message) === 0){
$message_error = 'Your message should not be empty';
}
}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
<label for="name">Name:</label><br>
<input type="text" name="name">
<p><?php if(isset($name_error)) echo $name_error; ?></p>
<label for="subject">Subject:</label><br>
<input type="text" name="subject">
<p><?php if(isset($subject_error)) echo $subject_error; ?></p>
<label for="email">Email:</label><br>
<input type="text" name="email">
<p><?php if(isset($email_error)) echo $email_error; ?></p>
<label for="message">Message:</label><br>
<textarea name="message"></textarea>
<p><?php if(isset($message_error)) echo $message_error; ?></p>
<input type="submit" name="submit" value="Submit">
<?php
if(isset($_POST['submit']) && !isset($name_error) && !isset($subject_error) && !isset($email_error) && !isset($message_error)){
$to = 'youremail@addres.com'; // edit here
$body = " Name: $name\n E-mail: $email\n Message:\n $message";
if(mail($to, $subject, $body)){
echo '<p style="color: green">Message sent</p>';
}else{
echo '<p>Error occurred, please try again later</p>';
}
}
?>
</form>
</body>
</html>

Secured PHP Contact Form

<?php
  if(isset($_POST['submit'])){
    $name = htmlspecialchars(stripslashes(trim($_POST['name'])));
    $subject = htmlspecialchars(stripslashes(trim($_POST['subject'])));
    $email = htmlspecialchars(stripslashes(trim($_POST['email'])));
    $message = htmlspecialchars(stripslashes(trim($_POST['message'])));
    if(!preg_match("/^[A-Za-z .'-]+$/", $name)){
      $name_error = 'Invalid name';
    }
    if(!preg_match("/^[A-Za-z .'-]+$/", $subject)){
      $subject_error = 'Invalid subject';
    }
    if(!preg_match("/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/", $email)){
      $email_error = 'Invalid email';
    }
    if(strlen($message) === 0){
      $message_error = 'Your message should not be empty';
    }
  }
?>

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
  <label for="name">Name:</label><br>
  <input type="text" name="name">
  <p><?php if(isset($name_error)) echo $name_error; ?></p>
  <label for="subject">Subject:</label><br>
  <input type="text" name="subject">
  <p><?php if(isset($subject_error)) echo $subject_error; ?></p>
  <label for="email">Email:</label><br>
  <input type="text" name="email">
  <p><?php if(isset($email_error)) echo $email_error; ?></p>
  <label for="message">Message:</label><br>
  <textarea name="message"></textarea>
  <p><?php if(isset($message_error)) echo $message_error; ?></p>
  <input type="submit" name="submit" value="Submit">
  <?php 
    if(isset($_POST['submit']) && !isset($name_error) && !isset($subject_error) && !isset($email_error) && !isset($message_error)){
      $to = 'youremail@addres.com'; // edit here
      $body = " Name: $name\n E-mail: $email\n Message:\n $message";
      if(mail($to, $subject, $body)){
        echo '<p style="color: green">Message sent</p>';
      }else{
        echo '<p>Error occurred, please try again later</p>';
      }
    }
  ?>
</form>

How to use:

  • Download contact.php file or just copy the code above to your *.php file.
  • Put the file to your website directory.
  • Change: $to = 'youremail@addres.com'; to your email address.

Feel free to modify code to suit your needs.

If you have any questions or innovations please leave me a comment.

patriktoma.studenthosting.sk

@adriandhart
Copy link

adriandhart commented Nov 13, 2018

Thanks for sharing this. I have a suggestion though. Purely for tidier code; you can eliminate the empty paragraph tags where errors would be displayed, below each input like this...

<?php if(isset($name_error)) echo '<p>' . $name_error . '</p>'; ?>

Thanks again :)

@Hovoaslanian
Copy link

Hi there,

what about if i want only to use PHP code and embed it to my own Template will it work?

@osazeblogger
Copy link

Thanks i love this 100%

@ChloeFrazer
Copy link

Thank you for sharing, it's been the perfect base to build from.

@JanekVerano
Copy link

Hello everybody,

I'm new to GitHub and I have very little experience. Can you tell me how this contact form is secure?
It seems to me, that it requires all fields to be filled out with appropriate data (like an email-address [A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4}) but I don't see, how bots should be stopped. Thank you for your assistance!

@BooneDawg
Copy link

I cannot get the email to be delivered to my email address I entered. I checked the email and it is correct.

@lhardt
Copy link

lhardt commented May 11, 2021

Wouldn't it be safer to use <form action="">?

@Shalu-patidar
Copy link

i add another input of phone but it is not display in url

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment