PHP code in form fields ?!?

Mandes the results are:

this is html
this is php

Some more questions:

  1. Where are you running this script? Local (on your own computer) or remote (a website) ?

Web Site

  1. Do you have any other php scripts running on the same server that work ok?


If you did what mandes asked (put that test script in a another file called test.php) and it gave that output, it means that it works ok.

It also means I have no idea why the .php file with your form doesn’t work :injured:

Post the contents of the entire page.

Post the contents of the entire page.

What contents ?

the entire contents of the script that you are having issues with.

There are two PHP files, this is one the other is CAPTCHA. This has HTML embedded within.

$your_email ='';// <<=== update to your email address

$errors = '';
$name = '';
$visitor_email = '';
$user_message = '';

	$name = $_POST['name'];
	$visitor_email = $_POST['email'];
	$user_message = $_POST['message'];
	///------------Do Validations-------------
		$errors .= "\
 Name and Email are required fields. ";	
		$errors .= "\
 Bad email value!";
	if(empty($_SESSION['6_letters_code'] ) ||
	  strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
	//Note: the captcha code is compared case insensitively.
	//if you want case sensitive match, update the check above to
	// strcmp()
		$errors .= "\
 The captcha code does not match!";
		//send the email
		$to = $your_email;
		$subject="New form submission";
		$from = $your_email;
		$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
		$body = "A user  $name submitted the contact form:\
		"Name: $name\
		"Email: $visitor_email \
		"Message: \
		"IP: $ip\
		$headers = "From: $from \\r\
		$headers .= "Reply-To: $visitor_email \\r\
		mail($to, $subject, $body,$headers);
		header('Location: thank-you.html');

// Function to validate against any email injection attempts
function IsInjected($str)
  $injections = array('(\
              '(\	+)',
  $inject = join('|', $injections);
  $inject = "/$inject/i";
    return true;
    return false;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" ""> 
	<title>Contact Us</title>
<!-- define some style elements-->
label,a, body 
	font-family : Arial, Helvetica, sans-serif;
	font-size : 12px; 
	font-family : Verdana, Helvetica, sans-serif;
	font-size : 12px;
	color: red;
<!-- a helper script for vaidating the form-->
<script language="JavaScript" src="scripts/gen_validatorv31.js" type="text/javascript"></script>	

echo "<p class='err'>".nl2br($errors)."</p>";
<div id='contact_form_errorloc' class='err'></div>
<form method="POST" name="contact_form" 
action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> 
<label for='name'>Name: </label><br>
<input type="text" name="name" value='<?php echo htmlentities($name) ?>'>
<label for='email'>Email: </label><br>
<input type="text" name="email" value='<?php echo htmlentities($visitor_email) ?>'>
<label for='message'>Message:</label> <br>
<textarea name="message" rows=8 cols=30><?php echo htmlentities($user_message) ?></textarea>
<img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ><br>
<label for='message'>Enter the code above here :</label><br>
<input id="6_letters_code" name="6_letters_code" type="text"><br>
<small>Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh</small>
<input type="submit" value="Submit" name='submit'>
<script language="JavaScript">
// Code for validating the form
// Visit [JavaScript Form Validation : quick and easy!](
// for details
var frmvalidator  = new Validator("contact_form");
//remove the following two lines if you like error message box popups

frmvalidator.addValidation("name","req","Please provide your name"); 
frmvalidator.addValidation("email","req","Please provide your email"); 
frmvalidator.addValidation("email","email","Please enter a valid email address"); 
<script language='JavaScript' type='text/javascript'>
function refreshCaptcha()
	var img = document.images['captchaimg'];
	img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
Code from the <a href=''
>php contact form</a> article.

None of those issues would account for the problems he reported… so to expand on my statement “The problems you report are not from the code you posted.”

I see nothing wrong with that code at all. It runs fine on my server. Can you post a screenshot of exactly what errors you are seeing?

Single line statements within php tags don’t require a semicolon although it’s certainly good practice :slight_smile:

I’m seeing PHP code in the input fields.

But no php code anywhere else on the page? Only in the input fields?

Works perfectly on my server…

That is sitepoint link.

But no php code anywhere else on the page? Only in the input fields?


Create the following page


<?php phpinfo(); ?>

And post a link to that page here so we can go look.


Also post a link to your form page so we can see that…

This is the results from test.php. Here is the [URL=“”]link to the form.

Your page is .htm not .php

Oh Duh!

Ok, so TWICE you gave an incorrect answer to a question that would have solved the problem quickly, and then you posted code different from what your were ACTUALLY testing.