PHP form to email explained
It is a common requirement to have a form on almost any web site.
In this article, we will create a PHP script that will send an email when a web form is submitted.
There are two parts for the web form:
- The
HTML form code for the form. The HTML code below displays a standard
form in the web browser. If you are new to HTML coding, please see: HTML form tutorial
- The PHP script for handling the form submission. The script receives the form submission and sends an email.
HTML code for the email form:
The form contains the following fields:
name, email and message.
name and email are single-line text input fields where as message is a text area field (multi-line text input).
You can have different types of input fields in a form. Please see the
HTML form input examples page for details.
On hitting the submit button, the form will be submitted to "form-to-email.php". This form is submitted through the
POST method
Accessing the form submission data in the PHP script
Once
your website visitor has submitted the form, the browser sends the form
submission data to the script mentioned in the 'action' attribute of
the form. (for the current form, the script is
form-to-email.php)
Since
we have the form submission method mentioned as POST in the form
(method='post') we can access the form submission data through the
$_POST[]
array in the PHP script.
The following code gets the values submitted for the fields: name, email and message.
Composing the email message
Now, we can use the above PHP variables to compose an email message. Here is the code:
The
'From' address, the subject and the body of the email message are
composed in the code above. Note the way the body of the message is
composed using the variables.
If a visitor 'Anthony' submits the form, the email message will look like this:
"You have received a new message from the user Anthony.
Here is the message:
Hi,
Thanks for your great site. I love your site. Thanks and Bye.
Anthony."
Sending the email
The PHP function to send email is
mail()
.
For more details, see the
PHP mail() page.
The
headers parameter is to provide additional mail parameters ( like the from address, CC, BCC etc)
Here is the code to send the email:
Notice
that we put your email address in the 'From' parameter and the
visitor's email address in the 'Reply-To' parameter. The 'From'
parameter should indicate the origin of the email. If you put the
visitor's email address in the 'From' parameter, some email servers
might reject the email thinking that you are impersonating someone.
Sending the email to more than one recipients
If you want to send the email to more than one recipients, then you just need to add these in the "$to" variable.
You can use the CC (carbon copy) and BCC (Blind Carbon Copy) parameters as well. The CC and BCC emails are added in the
'headers' parameter.
Sample code:
Securing the form against email injection
Spammers
are looking for exploitable email forms to send spam emails. They use
the form handler script as a 'relay'. What they do is to submit the form
with manipulated form values. To secure our form from such attacks, we
need to validate the submitted form data.
All the values that go in the '
headers'
parameter should be checked to see whether it contains \r or \n. The
hackers insert these characters and add their own code to fool the
function.
Here is the updated code:
In general, any value used in the header should be validated using the code above.
Better, complete validations could be done using the
PHP form validation script here.
PHP form to email complete code
The link below contains the complete form, validation and emailing code.
Download the PHP form to email code