Create a Simple PHP Contact Us Form


A "Contact Us" form is essential for most websites, allowing users to send inquiries or feedback.
This tutorial will guide you through creating a simple yet effective PHP Contact Us form with built-in validation and sanitisation.

Below is the code with explanations to help you understand how everything works.


1. Clean and Sanitize Inputs


The cleanvars() function sanitises user input to protect against SQL injection and other vulnerabilities.
PHP Code
  1. <?php
  2. function cleanvars($content) { // Declare the cleanvars function
  3. $content = htmlspecialchars($content, ENT_QUOTES, 'UTF-8'); // Escape HTML characters
  4. $content = strip_tags($content); // Strip HTML tags
  5. $content = addslashes($content); // Add slashes to escape special characters
  6. return $content; // Return the sanitized content
  7. }
  8. ?>




2. The PHP Contact Form Script


This is the main script to handle the form submission, validate inputs, and send the email.
contactus.php
  1. <?php
  2. echo 'Contact Us'; // Display the page title
  3.  
  4. if (isset($_POST['contact'])) { // Check if the form has been submitted
  5. $name = cleanvars($_POST['name']); // Sanitize the name input
  6. $email = cleanvars($_POST['email']); // Sanitize the email input
  7. $subject = cleanvars($_POST['subject']); // Sanitize the subject input
  8. $message = cleanvars($_POST['message']); // Sanitize the message input
  9.  
  10. // Validate form inputs
  11. if (empty($name)) {
  12. echo 'Please enter your name.';
  13. } else if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
  14. echo 'Please enter a valid email address.';
  15. } else if (empty($subject)) {
  16. echo 'Please enter the subject.';
  17. } else if (empty($message)) {
  18. echo 'Please enter your message.';
  19. } else {
  20. // Send the email
  21. $to = 'YOUR_EMAIL@example.com'; // Replace with your email
  22. $headers = 'From: ' . $email;
  23. if (mail($to, $subject, $message, $headers)) {
  24. echo 'Mail sent successfully.';
  25. } else {
  26. echo 'Failed to send mail. Please try again.';
  27. }
  28. }
  29. } else {
  30. // Display the form
  31. echo '
  32. <center>
  33. <form method="post">
  34. <table width="80%" border="0">
  35. <tr>
  36. <td width="30%"><b>Your Name</b></td>
  37. <td width="70%"><input type="text" name="name" /></td>
  38. </tr>
  39. <tr>
  40. <td width="30%"><b>Your Email</b></td>
  41. <td width="70%"><input type="text" name="email" /></td>
  42. </tr>
  43. <tr>
  44. <td width="30%"><b>Subject</b></td>
  45. <td width="70%"><input type="text" name="subject" /></td>
  46. </tr>
  47. <tr>
  48. <td width="30%"><b>Message</b></td>
  49. <td width="70%"><textarea name="message"></textarea></td>
  50. </tr>
  51. <tr>
  52. <td width="30%"></td>
  53. <td width="70%"><input type="submit" name="contact" value="Contact Us" /></td>
  54. </tr>
  55. </table>
  56. </form>
  57. </center>';
  58. }
  59. ?>



3. Important Notes


  • Sanitization and Validation: Always sanitize user inputs to prevent security vulnerabilities like XSS and SQL injection. This script uses `htmlspecialchars` and `filter_var` for sanitization and validation.
  • Replace Placeholder Email: Update `YOUR_EMAIL@example.com` with your own email address to receive form submissions.
  • Use SSL/TLS for Emails: To improve email delivery reliability, consider using a library like PHPMailer to send emails with SMTP and SSL/TLS.
  • Add CAPTCHA: To prevent spam, consider adding a CAPTCHA to the form (e.g., Google reCAPTCHA).
Liquidsteel's Avatar
Views:
3,345
Rating:
Posted on Sunday 22nd December 2024 at 12:24 PM
DanielXP
DanielXP's Avatar
Reformatted this tutorial and tidied the code up a bit
Posted on Sunday 4th May 2008 at 12:50 PM
ShadowMage
ShadowMage's Avatar
Added a different cleanvars function then what he probably has but hey, it should work =)
Posted on Sunday 2nd December 2007 at 05:04 PM
cyruswu
cyruswu's Avatar
Remove cleanvars who needs cleanvars.

It's not eve na defined function. Get rid of it.
Posted on Friday 16th November 2007 at 03:47 AM
-=InSaNe=-
-=InSaNe=-'s Avatar
Allready put that in. I dont have a free host, dont worry.
Posted on Thursday 15th November 2007 at 07:59 PM
darklight19
darklight19's Avatar
You may also want to log IP's too.
Posted on Thursday 15th November 2007 at 07:58 PM
darklight19
darklight19's Avatar
without bot verification someone can spam you and use your email send limit. Most free host are set to about 400-500 emails. If you go above that you can get a fine, or get shut down. 110mb.com is this way, I think they fine you $2,000. So make sure you use bot verification before using this. If you don't know how to do that look at this tutorial (https://www.visualbuilder.com/viewpages.php?art_id=1286&pageorder=1)
Posted on Wednesday 14th November 2007 at 08:13 PM
ShadowMage
ShadowMage's Avatar
You will need to add bot verification so you dont get spammed. xD
Posted on Wednesday 14th November 2007 at 05:47 PM
DanielXP
DanielXP's Avatar
It works for Liquidstell because he has the cleanvars() function.

You could add it your self or remove the cleanvars(.....)

Liquidsteel: Send a email with the cleanvars function to us. Subject: "TM265"
Posted on Wednesday 14th November 2007 at 03:16 PM
-=InSaNe=-
-=InSaNe=-'s Avatar
To lazy to fix it. Still does not work :S
Posted on Wednesday 14th November 2007 at 03:33 AM
Liquidsteel
Liquidsteel's Avatar
:S it works for me. :P