I wrote a php page that send the form data to my email.
The problem is that when the user click on submit, he automatically moved to a blank php page. I want that instead of moving to a blank php page, the user stay on the same page and instead of the form fields, he see a message like "thank you for contacting us". How can I do this? and how can I style this message?
In addition, all the form data appears on the email subject (not in the body of the message). there is any way to change it?
Here is the PHP:
<?php
error_reporting(E_ALL);
ini_set("display_errors", "On");
$subject="Message from Web";
$sender=$_POST["user-name"];
$senderEmail=$_POST["email"];
$senderPhone=$_POST["phone"];
$senderCompany=$_POST["company"];
$message=$_POST["message"];
$mailBody="Name: $sender\nEmail: $senderEmail\nPhone: $senderPhone\nCompany: $senderCompany\n\n$message";
mail('mymail#gmail.com', $mailBody, $sender);
$thankYou="<p>Thank you! Your message has been sent.</p>";
?>
<form method="post">
<input type="text" name="to-e-mail">
<input type="text" name="subject">
<textarea name="message">
</textarea>
<input type="submit" value="send">
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$headers = 'From: sender#mail.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($_POST['to-e-mail'],$_POST['subject'],$_POST['message'],$headers);
print 'thank you for contacting us';
}
?>
Very simple example how to send mail with php.
Please check the security requirements.
Related
I have an html form like this:
<form method="get" action="save.php">
<input type="email" id="email" name="email"/>
<input type="submit" name="submit" value="Submit" />
</form>
and in save.php i have something like this:
<?php
session_start();
$email = $_REQUEST['email'];
$email_content = "Thank you for your subscription";
mail($email,"Thank you",$email_content);
header("Location:thankyou.php");
?>
Now in save.php file i need to send this e-mail but also to echo a script that runs a js function. For example
<?php
echo "<script>";
echo "<script src='my_path_to_file/file.js'></script>";
echo "var subscriberEmail = '" . $email . "';";
echo "mySubscribe(subscriberEmail);";
echo "</script>";
?>
Now, if i place the echoing of the script before mail(), then i don't go to thankyou.php, mail() is not executed, i don't go to thankyou.php but script function works. If i place echoing of script after mail, then mail is sent, i go to thankyou.php but script function is not executed at all.
Any ideas to make both happen?
Thank you in advance
It's becouse echo command send content to browser, and header redirect will never works.
You could try to use comething like that:
<?php
echo "<script>";
echo "<script src='my_path_to_file/file.js'></script>";
echo "var subscriberEmail = '" . $email . "';";
echo "mySubscribe(subscriberEmail);";
echo "document.location.href='thankyou.php';";
echo "</script>";
?>
It means, move redirect command from php code to javascript.
Possibly some error in mySubscribe(subscriberEmail); function. Thats is why if you put script before email and header("Location:thankyou.php"); it not sending mail and redirects you. And also if you put script before, $email variable is not set yet
I am trying to send an email when an html button is clicked then redirect to an html confirmation page. All my code is in the same php file except for the confirmation page. It redirects with no problem just doesn't send email on button click. It was working at one point but it would send the email as soon as the page loaded. I've searched the internet for days and here is what I'm currently trying:
<form action="confirm.html" method="post" name= "confirm">
<?php
echo('<input type="button" value="Submit" onclick="this.form.submit();">');
?>
</form>
<?php
$to="mail#hello.com";
$subject= "New Application";
$message= "Name: ".$Name;
$headers= "";
mail($to, $subject, $message, $headers);
echo "<body onload=\"self.close();\">";
?>
I am trying to send an email when an html button is clicked then redirect to an html confirmation page.
The above code will send an email as soon as the page loads. If you want to send an email when the form has been submitted, you will need to wrap your emailing code in a post-checking block, the send a location header for the redirect.
You also need some named element with a value to include in the post, for example:
<input type="button" name="submit" value="Submit" />
Then in your PHP you can use
<?php
if (isset($_POST['submit'])) {
// Your email() code
// Redirect to another page
header("Location: http://example.com/confirmation.php");
die();
} else {
// echo/include your form here
}
Be sure to put this code at the top of your PHP page before any HTML has been written or else header() will not function correctly.
I have a form, something like:
<form action="" method="post">
<label class="reg_label" for="name">Name:</label>
<input name="name" type="text" class="text_area" id="name"/>
.... etc...
</form>
To submit the form, the user must also first complete a CAPTCHA. This works great, and only allows form submission for perfect matches. Reloading the page will result in a new CAPTCHA. Pressing the "back" button will also display a new CAPTCHA.
When the user submits the form, it is verified via javascript, and that all works dandy, and then it is submitted (and emailed) via a separate php script:
<?php
include('connect_to_mysql.php');
$webMaster = 'my#email.com';
$name = mysqli_real_escape_string($db_conx, $_POST["name"]);
$phone = mysqli_real_escape_string($db_conx, $_POST["phone"]);
$email = mysqli_real_escape_string($db_conx, $_POST["email"]);
$message = mysqli_real_escape_string($db_conx, $_POST["message"]);
$emailSubject = 'Contact Form Submission';
$body = <<<EOD
Name: $name
Email: $email
Phone: $phone
Message:
$message
EOD;
$headers = "From: $email\r\n";
$success = mail($webMaster, $emailSubject, $body, $headers);
header('Location: ../thankyou.html');
?>
This all works as expected, and I am satisfied with the escape strings for now. The form catches non-emails, and the CAPTCHA works every time. But some clown just sent me 128 SIMULTANEOUS form submissions, and I am wondering how this individual did it.
Every field was filled out "9999.9". When I try it, I get errors for the name, phone number and email. I can't even submit the form with that data. Even if I could, I would only be able to send it once because of the CAPTCHA (PHP).
The only hole I can see, and it IS a hole (just tried it), is to type in the URL of the external script directly. So, a bad guy could write his own script, assign the variables (to POST) and then call my contact function 128 times.
While I'm working on righting that wrong, are there any other obvious gaping holes that someone could use for multiple form submissions like that, while bypassing the CAPTCHA (which is PHP)? Obviously just turn off JS to get around the validation.
I can post more code if needed, but just assume the JS is turned off, leaving only the PHP CAPTCHA check - which has nothing to do with the actual submission of the form, and changes on BOTH "back" and "reload" operations.
Thanks in advance.
CAPTCHA CODE
Captcha.php
<?php
session_start();
$rand = md5(rand(0,999));
$value = substr($rand, 10, 5);
$_SESSION['cap_key'] = $value;
... do some drawing stuff to make the CAPCHA, which is an IMAGE and cannot be read without some fancy character-recogntion code...
?>
Within the contact form file (called when form submitted)
<?php
session_start();
if ($_POST['submit'])
{
if ($_POST['captcha'] == $_SESSION['cap_key']) // Success
{
include('scripts/contact.php');
}else if($cap != 'Eq') // If wrong captcha entered
{
... reload page after sanitizing the inputs...
}
}
?>
But like I said, the CAPTCHA changes every reload of the page.
Thanks again.
I have following code at s.php:
<?php
session_start();
if (isset($_POST['Submit'])) {
$_SESSION['p'] = $_POST['p'];
}
?>
<form action="s2.php" method"post">
<input type="text" name="p"/>
<input type="submit" name="Submit" value="Submit!" />
</form>
And At s2.php
<?php
session_start();
?>
<?php
echo 'This is especially for ='.$_SESSION['p'];
?>
After entering value in input field and clicking the submit button, it take to next page and change the browser link to some thing like /s2.php?p=inputvalue&Submit=Submit.
I want to show the value at s2.php that was entered in the input field at s.php.
I have placed the echo code, but nothing shows up (I have tested on different servers).
The problem is solved. Thank you.
Solution: at s2.php (action page) we have to use the following code:
echo 'This is especially for ='.$_POST['p'];
Thanks
I a have PHP form where I collect a bunch of values from text inputs, but for one input I have the input filled in via javascript (user selects a date from a calendar, that date then populates a text input). I've setup a simplified version of this:
<?php
$displayForm = true;
if ($_POST['submitFlag'] == 1) {
// Form was submitted. Check for errors and submit.
$displayForm = false;
$installationTime = $_POST['installation-time'];
// send e-mail notification
$recipients = "test#test.com";
$subject = "Test Email - Test Form Submission";
$message = wordwrap('Someone has filled out the secure form on test.com. Here\'s what they had to say:
Installation Time: ' . $installationTime .'
');
$headers = "From: test#test.com";
mail($recipients, $subject, $message, $headers);
// Output thank you message
?>
<h2>Thank You!</h2>
<?php if($installationTime == NULL){echo 'test failed: value submitted was null.';}else{echo 'test passed: value submitted was not null.';} ?>
<p>Your form has been submitted. Thank you for your interest in test.com.</p>
<?php
}
if ($displayForm) {
// If form was not submitted or errors detected, display form.
?>
<div class="note"><span class="required">*</span> Click me to set value of input.</div>
<form name="contactForm" id="contactForm" method="post" enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>?state=submit">
<label for="installation-time" class="service-time">The time you have selected for installation is: <span class="required">*</span></label>
<input type="text" name="installation-time" id="installation-time" disabled value="<?php echo $_POST['installation-time']; ?>" />
<input type="hidden" name="submitFlag" id="submitFlag" value="1" />
<input type="submit" name="submit" id="submit" value="Sign-Up" />
</form>
<?php
} // End of block displaying form if needed.
?>
And then in jQuery I do one of these:
$('.note').click(function(){
$('#installation-time').val('test string');
});
When I submit the form, the PHP variable that's supposed to collect that value is null. Every other input in the form works, and if I remove the javascript and manually enter the exact same text that I had set with JavaScript into the input it works as well.
The question really is why populating a field with javascript as opposed to manually typing the exact same string into a text input would break things. Again there are no errors and the input is populated correctly on the front end. Somehow posting the form just doesn't pick up on the value when it's set by javascript vs. typed manually. There has to be something really fundamental I'm missing here.
Any idea what's going on here? I've spent hours puzzling over this to no avail.
Update:
Code updated, test page:
http://dev.rocdesign.info/test/
Solution: can't post a disabled input. I actually tested that back in the beginning and must have missed that removing the "disabled" on the input made it work, so I mistakenly ruled it out and moved on.
Thanks for the responses everyone. And for anyone else with this problem: use a hidden input to post the value.