You are here: Home » All Posts » Email Forms » PHP form to email explained

PHP form to email explained

in Email Forms

It is a common requirement to have a form on almost any web site.

In this article, we will create a PHP script that will send an email when a web form is submitted.

There are two parts for the web form:

  1. The HTML form code for the form. The HTML code below displays a standard form in the web browser. If you are new to HTML coding, please see: HTML form tutorial
  2. The PHP script for handling the form submission. The script receives the form submission and sends an email.


HTML code for the email form:

<form method="post" name="myemailform" action="form-to-email.php">

Enter Name:	<input type="text" name="name">

Enter Email Address:	<input type="text" name="email">

Enter Message:	<textarea name="message"></textarea>

<input type="submit" value="Send Form">
</form>

The form contains the following fields:
name, email and message.

name and email are single-line text input fields where as message is a text area field (multi-line text input).

You can have different types of input fields in a form. Please see the HTML form input examples page for details.

On hitting the submit button, the form will be submitted to “form-to-email.php”. This form is submitted through the POST method

Accessing the form submission data in the PHP script

Once your website visitor has submitted the form, the browser sends the form submission data to the script mentioned in the ‘action’ attribute of the form. (for the current form, the script is form-to-email.php)

Since we have the form submission method mentioned as POST in the form (method=’post’) we can access the form submission data through the $_POST[] array in the PHP script.

The following code gets the values submitted for the fields: name, email and message.

<?php
  $name = $_POST['name'];
  $visitor_email = $_POST['email'];
  $message = $_POST['message'];
?>

Composing the email message

Now, we can use the above PHP variables to compose an email message. Here is the code:

<?php
	$email_from = 'yourname@yourwebsite.com';

	$email_subject = "New Form submission";

	$email_body = "You have received a new message from the user $name.\n".
                            "Here is the message:\n $message".
?>

The ‘From’ address, the subject and the body of the email message are composed in the code above. Note the way the body of the message is composed using the variables.

If a visitor ‘Anthony’ submits the form, the email message will look like this:

"You have received a new message from the user Anthony.
Here is the message:
Hi,
Thanks for your great site. I love your site. Thanks and Bye.
Anthony."

Sending the email

The PHP function to send email is mail().

mail(to,subject,message,headers)

For more details, see the PHP mail() page.

The headers parameter is to provide additional mail parameters ( like the from address, CC, BCC etc)

Here is the code to send the email:

<?php

  $to = "yourname@yourwebsite.com";

  $headers = "From: $email_from \r\n";

  $headers .= "Reply-To: $visitor_email \r\n";

  mail($to,$email_subject,$email_body,$headers);

 ?>

Notice that we put your email address in the ‘From’ parameter and the visitor’s email address in the ‘Reply-To’ parameter. The ‘From’ parameter should indicate the origin of the email. If you put the visitor’s email address in the ‘From’ parameter, some email servers might reject the email thinking that you are impersonating someone.

Sending the email to more than one recipients

If you want to send the email to more than one recipients, then you just need to add these in the “$to” variable.

<?php
  $to = "name1@website-name.com, name2@website-name.com,name3@website-name.com";

  mail($to,$email_subject,$email_body,$headers);
?>

You can use the CC (carbon copy) and BCC (Blind Carbon Copy) parameters as well. The CC and BCC emails are added in the ‘headers’ parameter.

Sample code:

<?php
$to = "name1@website-name.com, name2@website-name.com,name3@website-name.com";

$headers = "From: $email_from \r\n";

$headers .= "Reply-To: $visitor_email \r\n";

$headers .= "Cc: someone@domain.com \r\n";

$headers .= "Bcc: someoneelse@domain.com \r\n";

mail($to,$email_subject,$email_body,$headers);
?>

Securing the form against email injection

Spammers are looking for exploitable email forms to send spam emails. They use the form handler script as a ‘relay’. What they do is to submit the form with manipulated form values. To secure our form from such attacks, we need to validate the submitted form data.

All the values that go in the ‘headers‘ parameter should be checked to see whether it contains \r or \n. The hackers insert these characters and add their own code to fool the function.

Here is the updated code:

<?php
function IsInjected($str)
{
    $injections = array('(\n+)',
           '(\r+)',
           '(\t+)',
           '(%0A+)',
           '(%0D+)',
           '(%08+)',
           '(%09+)'
           );
               
    $inject = join('|', $injections);
    $inject = "/$inject/i";
    
    if(preg_match($inject,$str))
    {
      return true;
    }
    else
    {
      return false;
    }
}

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}
?>

In general, any value used in the header should be validated using the code above.

Better, complete validations could be done using the PHP form validation script here.

PHP form to email complete code

The link below contains the complete form, validation and emailing code.

Download the PHP form to email code

Be Sociable, Share!
Daniel February 29, 2012 at 11:18 am

please how do i create the html code for the bcc and cc..?

Carl March 2, 2012 at 12:31 am

Want to see how we get a thank you

funnypainters March 4, 2012 at 5:52 pm

Thnx, cool form

slavko March 4, 2012 at 8:28 pm

There are so many idiots like i am. So, can you do me a favor and publish COMPLETE code in ONE PART for page with form so that we can “copy” & “paste” it in our editor?
Thank you!

Montegobay salon March 11, 2012 at 4:24 am

i would love to incorporate this into my contact page

Bobby March 15, 2012 at 12:03 am

Thank you so much!!! This was extremely helpful. The validation was a nice touch. I had been receiving spam messages from time to time.

Liz March 20, 2012 at 12:26 am

Hi, Thanks a lot for this! This is my first ever php project. Is there a way to test using MAMP? …I guess, I should say, I tested it in MAMP and didn’t receive any emails. Do I need to have it on a real server to get emails to go through?

Heather March 20, 2012 at 2:35 pm

Thanks for this simple explanation and sample code. So many of these tutorials simply don’t work, but this one works perfectly! Thanks for sharing.

Jeremy March 24, 2012 at 1:39 am

I copied the coding to my contact form, and when the submit button is pressed it got to “404 web page not found.” What am I missing?

Comments on this entry are closed.

Previous post:

Next post: