This code delivers the emails successfully from the Form, except the sent text displays in the email all bunched together like so:
this is the test message text from formHello name - Thank you…
How can I remedy that? What might be better is if the “this is the test message text from form” could appear somewhere after the “Hello name - Thank you…”
I’ve tried several attempts to change how it displays in the email, but no luck.
If you are inserting any of this code into a DB i would recommend putting some sort of escape string on those values as you will be vulnerable to SQL injections.
To space out the lines use <br> to break to the next line and use x 2 to leave a line between your text.
In terms of layout, i would suggest something like this…
<?php
if($_POST){
$subject = "Form From ChrisJ";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= 'From: ChrisJ <noreply@example.com>' . "\r\n";
$to = $email;
$body = "
Hello $name
<br><br>
Thank you for submitting the form...
<br><br>
We will be in touch in due course.";
mail($to, $subject, $body, $headers);
}
?>
to your code and filled in the From Chrisj email, and proceeded with submitting the Form, but the email is not being sent.
isn’t to: $email; supposed to capture the email entered into the Form?
Also, my original code sends the Form “message” to the email entered into the Form, and to $to = ‘chris@…com’;
So, please enlighten me as to what I might be missing, in testing your “something like this”. Thanks
Hi @oli_d111,
The problem with your example is that in a properly coded form, the POST 'd fields will always be isset, so those checks are pointless since it will always run. What you need to do is trim the POST array and then check for empty.
Agreed however you could also use “required” attribute within the input which will prevent the form from being submitted until data has been populated in that particular field.
Well, not necessarily. What if the user enters blank spaces? Remember, “NEVER trust user input”.
Additionally, that also assumes that the POST request will always come from your form. There are many ways to make a POST request. You still need the proper code to handle the actual request, regardless of how/where it was sent from. In the case you want to “force” the use of your form you would then implement CSRF but you would still need to implement the trim/check for empty code.
Your message field was called $_POST['message'] at the beginning, have you changed the html to use note instead?
That suggests that it isn’t getting into the main if() block at all, since both the mail sending and redirect are in there.
And the “from” address, you change that too of course.
Is your database connection string contained in $con, and do you include your database connection code? As I understand it (I don’t use mysqli, so never quite sure) that you need to have a database connection in your mysqli_real_escape_string() calls.
Have you tried adding echo statements throughout the code, so you can see how far the code is getting, check values are what they should be, and so on?