PHP Formmail questions

Report · Jan 14, 2010

I've set up the following php formmail code for a contact form on a website. The form accepts the email, phone and question fields fine but I'm trying to add a "subscribe to email list" button. Can anyone tell me the code to check if the box has been checked?

<?php

$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));

mail("xxxxxxx@xxxxxxx.org","Website Contact Form submission","Form data:

Mathew, you have a question from: " . $_POST['name'] . "
Email: " . $_POST['email'] . "
Phone Number: " . $_POST['phone'] . "
Their question reads: " . $_POST['question'] . "

");

include("confirm.html");

?>

Report · Jan 14, 2010

You could use the isset function, something like this should work:

if (isset($_POST['subscribe']))

Report · Jan 14, 2010

Hmm, doesnt seem to be working. Also, when i put the code in and test it the redirect to my confirmation page does not come up. Instead it redirects directly to my php file and the message is not sent.

Report · Jan 14, 2010

The page with the form on it has a submit button right? If you use the sample of "isset" provided, then that submit button must be named "subscribe"! Please verify that is the case.

With the "isset" added to your code, it should look something like this.

<?php
if (isset($_POST['subscribe'])) {

$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));

mail("xxxxxxx@xxxxxxx.org","Website Contact Form submission","Form data:
Mathew, you have a question from: " . $_POST['name'] . "
Email: " . $_POST['email'] . "
Phone Number: " . $_POST['phone'] . "
Their question reads: " . $_POST['question'] . "
");

include("confirm.html");

} else {
echo "Sorry, you cannot come to this page without clicking the subscribe button";
}
?>

NOW - I still don't believe your code will work, as the message section opens and closes many times. You should gather your POST DATA before creating the email - then just enter in variables in the email. Like this:

<?php
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$question = $_POST['question'];

if (isset($_POST['subscribe'])) {

$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));

mail("xxxxxxx@xxxxxxx.org","Website Contact Form submission","Form data:
Mathew, you have a question from: $name
Email: $email
Phone Number: $phone
Their question reads: $question
");

include("confirm.html");

} else {
echo "Sorry, you cannot come to this page without clicking the subscribe button";
}
?>

The other value to grabbing your post data and assigning it to variables, is that you can VALIDATE it at the same time. That is a step completely missing here - but really, really important.

Good luck!

Report · Jan 14, 2010

This code is great, thanks for the help but there is one problem. I want users to have the option of subscribing to my email not forcing them too or giving them a message saying they have to subscribe to submit their info. I'm trying to get the code to simply tell me wether or not the checkbox has been clicked so i can add them to my distribution list.

Thanks for the help thus far though!

Report · Jan 15, 2010

Well, as the isset functions returns a boolean you can add this line to

your code. Note you must give the name "suscribe" to the checkbox, no to

the submit button

...

Their question reads: " . $_POST['question'] . "

Wants to suscribe: " . isset($_POST['subscribe']) . "

");

...

I agree with budeborton's approach of validating and assigning POST data

to vars

Report · Jan 15, 2010

Sorry, I misunderstood your problem/question.

1: Set the checkbox name to "subscribe" on the form, and make sure the submit name is set to "submit".

2: Set the checkbox "value when checked" to 1. (The user above mentioned a boolean check, and that works fine as well. I use a check value here as it makes the code very easy to understand)

Now try this idea:

<?php
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$question = $_POST['question'];
if ($_POST['subscribe'] == 1) {
$subscribe = "Yes";
} else {
$subscirbe = "No";
}

if (isset($_POST['submit'])) {

$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));

mail("xxxxxxx@xxxxxxx.org","Website Contact Form submission","Form data:
Mathew, you have a question from: $name
Email: $email
Phone Number: $phone
Their question reads: $question
Would like to subscribe: $subscribe
");

include("confirm.html");

}
?>

NOTE: I still include (and recommend) that you check to see if "submit" is set before processing the form, but I took out the "else" that said they had to subscribe.

Report · Jan 16, 2010

So the code works with out this line:

if (isset($_POST['submit']))

I dont uderstand why the code should check to see if the submit button "isset"? Wouldnt that always be set when the user presses the button? Anyway, after I took it out the code sucsessfully redirects and sends the proper notifications

Thanks again for all the help!

Report · Jan 16, 2010

The "isset" line is usually used when the mailing script is on the same page as the form itself. If the mailing script is in a separate page from the form, then you don't need it. That should not have stopped it from working though - unless you didn't have the submit button named "submit". To be honest, I think this line "$where_form_is="http:///".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));" would have actually stopped it - more than the "isset" line. I don't know where that came from - but as I look at it closer - it's not making any sense on it's own

When the script is on the same page as the form - then what the "isset" line does is stop the script from running - unless the form was submitted. So first visit, it would just display the form - after submitting the form it would run the script.

As a reminder, don't forget to validate all that input! Email scripts are easy for hackers to abuse, so you will want to validate those POST values.

Other than that - Glad to hear you got it running.

Report · Jan 21, 2010

Thanks again for all the help. I'm new to PHP and want to learn more about validating the form. Can you recomend a good resource to learn about PHP?

Report · Jan 21, 2010

I'm not a great PHP programmer myself, however I have learned some important things over the years, and validation is likely the most important thing you need to do. In a nutshell, anytime a user can enter anything on the site through a form, in a URL (variables), and even Cookies you need to make sure what they enter is cleaned. This is how script kiddies and hackers and spammers get their kicks.

Basic cleaning is done with things like "add slashes" or "mysql_real_espace_string". But the best method is to "deny everything" and only allow characters that are absolutely requried. This is done using "regex". In PHP it would be the PREG functions (don't use EREGI as it is deprecated in 5.3). So if you are asking for an email address, make sure the email address is formatted correctly. If you need a birthdate - make sure you only allow the proper format for a birthdate. If it is a content box, you likely only need to allow alpha numeric characters.

There is a lot of info on the web for this, and I can't really point you to any one place. If you search for "php validation", or "php form validation" or "php escaping input" you will find a lot to read. I particularly like the Site Point site (www.sitepoint.com). It seems to be a great resource for developers and the forums are very active.

Good luck!

Report · Jan 22, 2010

Seraph00 wrote:

Can you recomend a good resource to learn about PHP?

If you don't mind a bit of blatant self-promotion, you might want to take a look at my books: http://foundationphp.com/. "The Essential Guide to Dreamwever CS4 with CSS, Ajax, and PHP" has in-depth coverage of PHP as used in Dreamweaver. "PHP Solutions" deals with practical PHP in a software-neutral context. Take a look at the reviews on Amazon.com to see what people think.

There are also lots of free resources. However, you need to be careful with a lot of online tutorials. They might have been fine when originally written, but often fail to keep up to date with security issues. The best free online resource is the PHP documentation at www.php.net, which contains a lot of practical examples. However, it can be a bit daunting if you don't know what you're looking for. It's rather like trying to learn a foreign language with only a dictionary as your guide.

PHP Formmail questions

1 Correct answer