Building a secure contact form

Originally Posted by enigma Simple way is like this; PHP Code: <?php if($email == "") { echo "You must enter your email!"; } else { mail(); } ?> But you add as many error check as you like. Expanding on the above.. PHP Code: <?php if($name == "") { echo "Give me your name dammit!"; } if($subject == "") { echo "Enter a subject!"; } if($email == "") { echo "You must enter your email!"; } else { if($comments == ""){ echo "Comments - Empty!"; } else { mail(); } ?>

Well, not only have you not finished an if statement in there, that's a horrid way of doing it. Just use elseifs, otherwise they could send an email without entering a name or a subject.

Originally Posted by ncmason In something like this, how would I be able to use CSS for the fonts? PHP Code: echo "<span class=\"red\">Provide a name please!</span>";  Code: .red { color: red; margin-bottom: 10px; }

Edited.

Thanks Vizon. I was trying this earlier and I had the quote mark one spot off. I was close, but no cigar

Appreciate it,
Mason

No problem, you may have to throw a "display: block;" in there to make the margin work.

Thanks for the tip! It works.

I'm still working on making the form not send me an email with empty fields.

Update us with your code.

My 3 problems now are:

1. Getting the success page to come up only upon valid completion of the forms.

2. Only send an email if the forms are complete.

3. When the user sees the "go back and try it again" page, I want it to automatically go back to the form.

Thanks,
Mason

Originally Posted by ncmason PHP Code: <?php // Pick up the form data and assign it to variables     $name = $_POST['name'];     $email = $_POST['email'];     $url = $_POST['url'];     $comments = $_POST['comments']; // Build the email      $to = 'mason@masonsklut.com';     $subject = "Comment";     $message = "Name: $name" . "\n"  . "E-mail: $email" . "\n" . "URL: $url" . "\n" . "Comment: $comments";     $headers = "From: $name" . "\r\n" .         "Reply-To: $email"; // Send the mail using PHPs mail() function     mail($to, $subject, $message, $headers); // Mail header removal     function remove_headers($string) {        $headers = array(         "/to\:/i",         "/from\:/i",         "/bcc\:/i",         "/cc\:/i",         "/Content\-Transfer\-Encoding\:/i",         "/Content\-Type\:/i",         "/Mime\-Version\:/i"        );        $string = preg_replace($headers, '', $string);       return strip_tags($string);     }  // Pick up the cleaned form data     $name = remove_headers($_POST['name']);     $email = remove_headers($_POST['email']);     $url = remove_headers($_POST['url']);     $comments = remove_headers($_POST['comments']);      // Field verification         if($name == "") {           echo "<span class=\"text\"><p>Provide a name please!</p></span>";           }          if($subject == "") {           echo "<span class=\"text\"<p>Enter a subject!</p></span>";           } else {          if($email == "") {           echo "<span class=\"text\"<p>You must enter your email!</p></span>";           } else {           mail();           } } ?> My 3 problems now are: 1. Getting the success page to come up only upon valid completion of the forms. 2. Only send an email if the forms are complete. 3. When the user sees the "go back and try it again" page, I want it to automatically go back to the form. Thanks, Mason

1. Just put a redirect under the mail function to a page that you make that says success.

2. Use the elseifs like Andrew said

3. Just use one echo to say "please enter information for all fields" if the email doesn't go through.

1. I'm not sure how to use the elseifs with three variables ($name, $subject, $email).

2. The "header" method for redirect won't work because I have <html> on the same page. Ideas?

Thanks,
Mason

Well for the redirect just use a div saying success and then reveal it when the mail message goes through. I'm not an expert so does this make sense guys?