PHP Form to email explained

This article shows how to send the form submissions by email using PHP.

First we create the HTML form for sending the message; then we create the form handler for the email form in PHP.

Following is the HTML code for a simple HTML email form. Here we are getting the values for "name", "email address" and "message" from the user. On hitting the submit button the form will be submitted to "form-to-email.php". The method we used to send the form values is "POST".
Use this code to create the form in the first page.

<form method="POST" name="form1" action="form-to-email.php"> Enter Name: <input type="text" name="name"> Enter Email Address: <input type="text" name="email"> Enter Message: <textarea name="message"></textarea> <input type="submit" value="Send Form"> </form>

Getting the form submission data from the email form

After the user has submitted the form on the first page, user will be taken to the form-to-email.php. This is the page where we need to take the necessary steps to email the data submitted in the form. The very first step is to extract the values that were submitted by the user.

As you know that we had used "POST" method while defining the form. Now we need to check the $_POST array for all the submitted values. Below is the simple code that will get the values of "name", "email address" and "message" that were entered by the user.

<?php $name = $_POST['name']; $email_address = $_POST['email']; $message = $_POST['message']; ?>

In the above PHP code we have extracted the values of "name", "email address" and "message" into the variables namely $name, $email_address and $message, respectively. Now, we can use this information to compose the email message.

Composing the email message

Now, we can use the above PHP variables to compose a simple email message. Below is the simple and self explanatory PHP code for this.

<?php $email_from = $email_address; $email_subject = "New Email From ABC Site"; $email_body = "You have received a new message from the user " . $name . " . Below is the message:<br>" . $message; ?>

In the above code we have defined 3 variables. First variable is "$email_from". This variable is storing the email address of the user that has submitted the form. We need this value to pass with our email message. The next important variable is the "$email_subject". This variable is storing the Subject of your email that will be sent. Next and the most important variable is the "$email_body". This is the actual text of the email message that will be sent. We have incorporated the name and message of the user in this email body by using the $name and $email_address variables.

This email message will be like this:

"You have received a new message from the user Anthony. Below is the message:
Hi, Thanks for your great site. I love your site. Thanks and Bye.
Anthony."

Now, we have created all the required variables with the appropriate values. We just need to use these variables to send email one or more recipients.

Sending the email to one or more recipients

Sending an email is really easy using PHP. You just need to write a single line of code to send the email. We will be using the simple PHP mail() function to send the email. The syntax of mail() function is as follows:

mail(to,subject,message,headers)

Here "to" is the email address where the email will be sent. "subject" is the subject of the email. "message" is the email body. "headers" is the part where we can provide information like the email address of the sender.

Below is the PHP code that will send our form values to a single email address using the above mail() function.

<?php $to = "YourEmail@domain.com"; $headers = "From: $email_from"; mail($to,$email_subject,$email_body,$headers); ?>

As you can see in above code that we are simply inserting the pre-constructed variables in the mail() function to send the email. "$to" variable is holding the email address of recipient. In "$headers" variable we have added the email address of sender. The "$email_body" and "$subject" variables are holding the subject and message of the email.

If you want to send the email to more than one recipients, then you just need to add these in the "$to" variable. Given below is the PHP code to send the email to more than one recipients.


	 <?php 

	  $to = 'YourEmail@domain.com' . ', ';    // Note the comma  

	  $to = 'YourEmail2@domain.com' . ', ';    // Note the comma 

	  $to = 'YourEmail3@domain.com'

	  $headers = 'From: $email_from'; 

      mail($to,$email_subject,$email_body,$headers);

	  
	 ?>

Securing the form against email injection

Spammers can use the contact us forms that can send the emails, like we created one, above. Spammers can inject the email addresses in the form's fields that can alter the "headers" variable used in the mail() function. As a result, the emails can be sent to multiple other recipients by using your 'Contact us' form.

To prevent this email injection we need to test the values of our form fields before using them in the PHP's mail() function. The easiest way to check email injection is to search the values of the form for the presence of new line characters(\r\n).

Following is the PHP code that checks for the presence of new line characters in the form values. If any values is found, the mail() function is not called and the user is taken to the original page again. Otherwise, the email is sent.

<?php if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email_address ) ) { header('Location: first_page.html' ); } ?>

If any new line character is found in the "name" and "email address" the user is redirected again to the first page to enter the form values again. Otherwise, the email will be sent to the recipients. This code must be placed before the use of mail() function. You may have noted that we have not checked the "$message" variable for email injection. That is because the message is not used in creating the headers. Email injection exploits the headers.

PHP Form to email sample code

Here is the full source code for form-to-email.php.

<?php /////////// Getting the form values///////// $name = $_POST['name']; $email_address = $_POST['email']; $message = $_POST['message']; /////////// Checking for Email Injection///////// if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email_address ) ) { header('Location: first_page.html' ); } /////////// Making the Email Message///////// $email_from = $email_address; $email_subject = "New Email From ABC Site"; $email_body = "You have received a new message from the user " . $name . " . Below is the message:<br>" . $message; /////////// Sending the Email using the mail() function///////// $to = "YourEmail@domain.com"; $headers = "From: $email_from"; mail($to,$email_subject,$email_body,$headers); echo "Your message was sent successfully"; ?>



Email forms
	How to get email from html form submission Email form using 'mailto' Form to email using PHP Email form with file attachment in PHP
Form mail scripts
	Form mail script selection guide Perl based form mail
Contact Forms
	PHP based email contact form Secure your HTML contact form using captcha
PHP Form
	PHP form validation script PHP form tutorial: first steps PHP form processing PHP form 'GET' PHP form 'POST' Handling checkbox in PHP form processor Handling select box in a PHP form Using PHP_SELF in the action field of a form How to submit a form using PHP Creating a registration form using PHP Making a login form using PHP Creating a multi-page order form using PHP Passing PHP form variables from one page to other


Copyright © 2008 html-form-guide.com . All rights reserved.