Skip to content

PHP Programming

PHP Contact Form Basics

A very important part of the whole functionality of the form is the action parameter. This is basically where all user input is forwarded to after the visitors presses the submit button. Creating and laying out the form is easy, you can also use CSS (cascading style sheet) to make your form look much nicer too. The harder part is creating the PHP script that comes into play when the user presses submit. A very basic contact form only needs to consist of one or two text input fields that the visitor fills out, and a submit button which sends the message. When the submit buttons is pressed, the data the user entered into the text fields is sent to your PHP script that was specified in the forms “action” property i.e. action=”myscript.php”. The “method” property is how to sends the data to your script, either in the url bar at the top like the GET method e.g. “”, or POST which puts the user input into an associative array.

It is in that script where all the action happens. The most basic task that you will want your form to do is to send you an email containing all the information the user typed in, such as their name and message, both of which would have been filled out in the corresponding fields on your form. To do this basic operation, we first need to get that data from the input fields of the form, we do that using the following script:

< ?
$visitors_name = $_GET[‘name’];

$visitors_message = $_GET[‘message’];

This block of code simply takes the input that was stored in the url bar at the top and puts that data into variables “$visitors_name” and “visitors_message”. The text in the square brackets like [‘name’] are references to the names or ids of the input fields in our form. So one line of this code basically says GET stuff from ‘name’ and put it into $ visitors_name. The same goes for any other fields.

We could now just call PHP’s mail() function to send an email to us containing the visitors name and message. The problem with this is that it is not secure at all, nor has it been validated. Another hole in our contact form is that we have no way of emailing the person back! So we must add an email field to our form and alter the code of our PHP script as follows:

$visitors_name = $_GET[‘name’];

$visitors_email = $_GET[’email];

$visitors_message = $_GET[‘message’];

Validation is an important aspect of any system that involves interaction with a user. A basic rule is to never trust any input from users. The problem we have right now is that a user can type anything into our form fields, such as an invalid email address and even malicious script that could harm our website. First you could check to see if the user has actually wrote a message by using the following function:

If(!isset($visitors_message)) echo “no message entered, please go back.”;

This is a logical statement. It basically says, if $visitors_message is not (!) set (isset), then write in the browser (echo) that no message was entered.

Validation is a very large topic and can be implemented more to enhance this contact form, like using a regular expression to check that the email address entered is valid in terms of format.

Once everything has passed the validation checks, we then need to send the users data to our email. This is done with the function mail(). For our basic form, the following will suffice:

mail(“”, “The Subject of Your Email”, “$visitors_name left you a message that reads: $visitors_message”, “From: $visitors_email”);

After the email has been sent to us, we want our user to be sent to a “Thank You” page rather than an empty white screen. We do this by calling the header() function.



By doing this we send our user to the page which lets them know their email was successful. The way we coded this form is procedural, so it’s important that the header function comes last, after everything else has been done such as the email being sent to us.

PHP is very powerful, you could even have this contact system connect to a database to store all the messages instead of emailing you and the level of validation can be far more complex. This form will suffice for the majority of webmasters, but remember you should never trust user input and should take measures to protect yourself and your users!

Tom C W Higgins

Provider or up to date information on technical services and ftp services.

Article Source:

Be Sociable, Share!
    The following two tabs change content below.

    Latest posts by Ray (see all)

    Add Your Comment (Get a Gravatar)