Strange issue with a simple PHP contact form, press submit, nothing happens!

General PHP Help
#1

I’ve created a simple contact form that users can use to enter their e-mail and a message, and this is then e-mailed to me. Here is the semi-working URL: Contact Lord Draconis

And the complete source: Contact Form - Pastebin.com

But when I click send, it simply refreshes the page, and no e-mail is sent!

Help please, I’m stumped!

#2

There is no field named email, so, your code is failing. You would know this if you had server-side validation logic. You would also know this if php’s error_reporting was set to E_ALL (it should always be set to this value) and display_errors was set to ON (set to this value when debugging code) or log_errors was set to ON (set to this value when code is running on a live/public server) and you are checking the error log file.

Client-side validation is a nicety for legitimate visitors. Data submitted to your site can come from anywhere, not just your form/links, can be set to anything, and cannot be trusted. You must validate input data on the server before using it.

Some points for the posted code -

  1. You must test if a post method form was submitted before referencing any of the form data. The current code will display/log a bunch of unnecessary errors every time the page is requested.
  2. Don’t copy variables to other variables for nothing. This is just a waste of typing. Keep the form data as a set, in an array variable, then use elements in this array variable throughout the rest of the code.
  3. Once you do item #2 on this list, you can trim all the data at once, using one single line of code.
  4. Validate each input separately, storing user/validation errors in an array, using the field name as the main array index.
  5. After the end of the validation logic, if there are no errors, the array holding the errors is empty, use the submitted form data.
  6. You must apply htmlentities() to all values used in a html context - email body, form fields, right before they get used, to help prevent cross site scripting.
  7. You must test the return value from the mail() call, and setup a message for the user (add it to the array holding the user/validation errors) if the call fails.
  8. After using the form data, if there are no errors, perform a redirect to the exact same url of the current page to cause a get request for that page. This prevent the browser from trying to resubmit the form data.
  9. To display a one-time success message, store it in a session variable, then test, display, and clear that session variable at the appropriate location in the html document.
  10. Every redirect needs an exit/die statement to stop php code execution.
  11. If there are errors at item #5 or #8 on this list, the code will continue on to display the html document, where you would test for and display any errors in the array holding the user/validation errors, redisplay the form, populating the form fields with any existing data so that the user doesn’t need to keep reentering values over and over.
  12. You should validate your resulting web pages at validator.w3.org There are missing elements and out of date markup.
  13. To get a form to submit to the same page it is on. leave the entire action attribute out of the form tag.
1 Like
#3

One problem is $email is undefined. You have an input that is missing the name attribute. I suspect that is where email should have been set. name='email'

1 Like
#4

Okay, wow! I think I need to look for a much more secure, pre-made script. My hand coded one seems to be very lacking. lol

Thanks for the help!

Sponsor our Newsletter | Privacy Policy | Terms of Service