Form phobia but i need to get over it

Hi from 13 degrees C blue skies York UK :smile:

Ok i need ad a form to this page with the classic elements:

Tel number etc…

And when completed ping back a unique url confirmation page. But last time i tried to do a contact form I had to take strong medication to surpress my frustration as i found the whole exerciae totally baffling. 2 years on i want another go but is there a good idiots guide out there to help me navigate the path of php form building?

Any insights welcome :slight_smile:

It shouldn’t really be that much of a problem if you break it down into steps. So you’re basically:

Get post data from html form
Sanitise and check data
If data is good:
  store in database
  generate unique URL (however you do that)
  redirect user to URL (or email it to them, and redirect to general "thanks" page)
  probably notify yourself somehow (unless db update achieves this)
end if

Thanks droopsnoot you know what your doing I aint got a clue, looks like I’m going to need more hand holding :frowning:

@Nightwing I take it you are new to PHP

Below is a complete form that when submitted will post to the same page, form action=“” when left blank will post to itself. Just upload it and point your browser to it.

In the form is a hidden field named “form_action” with the value “send_form”

This part if (isset($_POST[‘form_action’]) && $_POST[‘form_action’] == ‘send_form’){
checks to see if the form was submitted and if it was, it will echo out the POSTed data.
Everything within the {} will be owned by the if statement.

As you can see, all data from the form can be retreived using $_POST[‘name’].

In general forms have a name and value as in, name=“email”
the value is what you entered into the form field for email.

The name will always be the same and you need to get the value that gets “attached” to the name.

This is where the term variable comes in, $_POST[‘email’] is a variable because its value is constantly changing.

In the PHP section, everything in the echo that is enclosed in single quotes is taken as a literal or to put it another way, what you see is what you get.
Then to switch into process mode to get the email address out of $_POST[‘email’], a period or dot is used to get the value out of $_POST[‘email’] and then to switch back to literal mode another dot is used followed by single quotes.

If you look at the code you will see what I mean.

Play with the code below and add more form fields and echo out the results.
Change form action=“” to form action=“./page2.php” and then move thePHP section to page2.php

The best tool for debugging forms is,

echo'<pre>'; print_r($_POST); echo '</pre>';

Go ahead and add that to the PHP below, just before the echo and after the { and then submit the form.
Don’t let forms intimidate you, they are your friend.
In the end you will want to do more than just echo out the results but this will give you a good understanding of the basics of form data.

if (isset($_POST['form_action']) && $_POST['form_action'] == 'send_form'){
echo 'data that was POSTed<br>name<br> '.$_POST['name'].'<br>email<br>'.$_POST['email'].' phone '.$_POST['phone'].'<br>';
} // action

<form action="" method="post">
<input type="text" name="name">
<input type="text" name="email">
<input type="text" name="phone">
<input type="hidden" name="form_action" value="send_form">
<input name="Submitf" type="submit" value="Srnd">

Big thank you will give this a whirl shortly and update here :slight_smile:

Here where I am so far:

Designed the form (badly) now how to figure out how to get the info entered in the for to arrive in a specific e-mail address :slight_smile:

email-data-crunch.php is not telling you anything, place,

echo'<pre>'; print_r($_POST); echo '</pre>';

At the top of the page, now you have visuals on what you posted.
Now below that,

echo $_POST['surname'];

That will give you an idea of how to work with posted data.

Sending an email from email-data-crunch.php is fairly simple.

$headers = "From: " . $_POST['name'] . " <" . $_POST['email'] . ">";
$headers  .= "\nMIME-Version: 1.0\n"; // optional
$headers .= "Content-type: text/html; charset=iso-8859-1\n"; // optional but nice if you want to use html in the message
$subject = 'MyTestEmail'; 
$message = $_POST['textbox'];
$recipient = '';
mail( $recipient, $subject, $message, $headers);

It should work out of the box, just change ‘’.


you prevent email header injection. Google it, fairly straight forward.
Make sure your POSTED vars are what you expect.

if you don’t secure this script, you could potentially have an open email relay ready for everyone to exploit.
In time, you will eventually be flooded by “email form spam”, that’s another topic and can be prevented.

Hi and thank you for your reply.

Just so i understand correctly, am i right in saying I need to replace the code I have now in email-data-crunch.php with what you have above? I am a total beginner I’m afraid so I get easily confused :frowning:

Then I’ll deal with the security issue :slight_smile:

Exactly, email-data-crunch.php is what will process the data posted from the form.
Sure, replace the code (What is your code now?)
with what I have submitted.
replace ‘’ with your email address and you should get an email.

1 Like

Big success but more to do!

Good news the form on page is sending through to the target e-mail address but…

Not all the info entered in the form fields passes through to the email address. The only info that gets to the email address is the text box.

So my question is… “What do I have to do the the file so all info entered in the contact form arrives in the email address? Please.”

Files below,
Thank in advance :smile:

contact-us-test-form.php (7.7 KB)email-data-crunch.php (405 Bytes)

I did the very basics, now for your next leap,
In your form for example

data_crunch.php has just the basics

Add this to the $message

$message = 'telephone is '.$_POST['tel'].'<br>message is '. $_POST['textbox'];

Since you use text/html, <br> its fine to use. Actually if you use a <table> you can better organize the mail for display.

will try tomorrow and update, appreciate the baby steps!

HI @lorenw lorenw :smile:

Regarding: Missing data

Ok more progress but missing data being sent through to the target e-mail address. Below is a scree grab of the code etc:

If any one can assit Id be eternally gratefull!

We page:

Try giving all of the inputs “name” attributes with the values being what you look for in the $_POST array,
And try giving the inputs (other than the textarea) value attributes eg.
Also, the label “for” should be the same as its inputs id value

      <form method="post" action="email-data-crunch.php">
        <label for="name">First Name</label>
        <input type="name" required/>
        <label for="surname">Surname</label>
        <input type="surname" />
        <label for="tel">Tel</label>
        <input type="tel" required/>
        <label for="email">e-mail</label>
        <input type="email" required/>
        <label for="textbox">Additional information</label>
        <textarea name="textbox"></textarea>
        <input type="submit" />

Thanks @Mittineague I am a total beginner with php so what may sound like sense to the initiated to me sounds like swahili.

So are you saying my php bit needs changing? (see below)

<?php $headers = "From: " . $_POST['name'] . " <" . $_POST['email'] . ">"; $headers .= "\nMIME-Version: 1.0\n"; // optional $headers .= "Content-type: text/html; charset=iso-8859-1\n"; // optional but nice if you want to use html in the message $subject = 'Conserve sales enquiry'; $message = 'name is: '.$_POST['name'].'
telephone is: '.$_POST['tel'].'
message is: '. $_POST['textbox']; $recipient = ''; mail( $recipient, $subject, $message, $headers); ?>

Please go gentle, I’m afraid I do not not what you mean when you say:

“Try giving all of the inputs “name” attributes with the values being what you look for in the $_POST array” :frowning:

But a genuine thank you for taking time out to look at this :slight_smile:

Maybe later, but first you should fix the HTML
That is,

  • give all inputs both name and id attributes
  • give all inputs except the textarea a value atribute
1 Like

In other words the form should be something like:

<form method="post" action="email-data-crunch.php">
        <label for="name">First Name</label>
        <input type="text" name="name" id="name" value="" required/>
        <label for="surname">Surname</label>
        <input type="text" name="surname" id="surname" value=""/>
        <label for="tel">Tel</label>
        <input type="tel" name="tel" id="tel" value="" required/>
        <label for="email">e-mail</label>
        <input type="email" name="email" id="email" value="" required/>
        <label for="textbox">Additional information</label>
        <textarea name="textbox id="textbox""></textarea>
        <input type="submit" value="Submit"/>

The for on the label matches the id on the input and the name on the input is the field that gets passed to the server.

Also if you are serving the page as HTML then get rid of the / at the end of the input fields and if you are serving it as XHTML then add the missing / to the br tags or add a closing br tag.


I just noticed

<input type="name" required="">

should be something like

<input type="text" name="name">
<input type="text" name="phone">

(type=“text” will give you a text box to type in and forms can have several “types” such as type=“radio”, type=“button” etc…)

Then once POSTed you get the value of name=“phone” by doing.
(the name in italics above is called an attribute)

 echo   $_POST['phone']; // this will give you something like 7278440789

I’m keeping this as simple as possible just to understand forms.
id=“phone” and value=“” are not needed to POST this form.

(Now if you have a check box, you will need a value as in

<input type="checkbox" name="subscribe" value="yes">


Forms consist of “name” and “value” pairs which you can see in the checkbox example (You will also see it referred to as “key” and “value” pairs).

In my example the “name” or “key” is “phone” and the value automatically becomes whatever was entered into the text box.
becomes $_POST[‘name’] since the name is “name”
becomes $_POST[‘phone’] since the name is “phone”

1 Like

Good catch.

I had assumed the page was HTML5 but it is XHTML so it shouldn’t use the newer input types.

Again, true. An id is not needed unless the input has a label using it or if it’s used as a CSS and / or JavaScript selector.

I usually always put a value because I have often needed one for a JavaScript, but it is optional

Why not - XHTML5 has the same new types as HTML5. The only difference between the two is that the tags need the / to close them in XHTML, XHTML doesn’t need the doctype tag and the MIME type is different.

 <label for="tel">Tel</label>
        <input type="tel" name="tel" id="tel" required/>

The id is required in that code because the for=“tel” is referencing id=“tel” and so the code will be brooken if the id isn’t there. It is needed for the HTML to work even though the id doesn’t get submitted with the form.