PHP was designed for making interactive web pages and mixing
functionality with HTML. Form handling in PHP is quite a simple process.
Here is a step-by-step guide for creating a simple feedback form. A
visitor to your website fills this out and the information is emailed to
you.
Create the web form
First we need to create a simple HTML form, to start with we'll keep
the form simple by just asking for the users email address and comments.
Here is our HTML form:
- <html>
- <head>
- <title>Simple Feedback Form</title>
- <style>label{display:block;}</style>
- </head>
- <body>
-
- <form action="/feedback_form.php" method="post">
-
- <label>Email Address</label>
- <input type="text" name="email_address" size="40">
-
- <label>Your Feedback</label>
- <textarea name="feedback" cols="50" rows="10"></textarea>
-
- <input type="submit" name="send" value="Submit">
-
- </form>
-
- </body>
- </html>
This form will send two parameters to our PHP script, email_address and feedback. Save this file as feedback_form.html and upload it to the web folder on your hosting.
Create the form script
First we receive the data from our form and store it in two PHP variables, $email_address and $feedback.
- <?php
- $email_address = $_POST['email_address'];
- $feedback = $_POST['feedback'];
Filtering user submitted data
Whenever you write a PHP script that receives data from an unknown
source you should always filter the data to make sure it doesn't contain
anything harmful. For example, if we don't filter the data in our form
it would be quite easy for a Hacker to use our PHP script to send out
spam to thousands of people. The golden rule is never trust any data you
haven't created or don't control.
To filter our user data we're going to create a functions:
- function filter_email_header($form_field) {
- return preg_replace('/[\0\n\r\|\!\/\<\>\^\$\%\*\&]+/','',$form_field);
- }
The filter function removes special characters which could be used to
trick our script into sending spam and is applied to the $email_address
data. We'll place the two functions at the bottom of our script.
Now we'll call the filter function to clean up our user submitted email address:
- $email_address = filter_email_header($email_address);
Emailing the feedback
Once we have the filtered data we need to email it back to you. Our
web hosting servers run a local mail server (PHP script can use to send
email. This can be done using the PHP in-built mail function:
- $headers = "From: $email_address\n";
- $sent = mail('you@domain.com', 'Feedback Form Submission', $feedback, $headers);
Make sure you set your email address on line 2.
Thank the user for their feedback
Finally, when a user submits your form lets show a page thanking them for their feedback:
- if ($sent) {
-
- ?><html>
- <head>
- <title>Thank You</title>
- </head>
- <body>
- <h1>Thank You</h1>
- <p>Thank you for your feedback.</p>
- </body>
- </html>
- <?php
-
- } else {
-
- ?><html>
- <head>
- <title>Somthing went wrong</title>
- </head>
- <body>
- <h1>Somthing went wrong</h1>
- <p>We could not send your feedback. Please try again.</p>
- </body>
- </html>
- <?php
- }
- ?>
The final script
This example script shows a very basic way to get form contents
emailed to you, it doesn't however have the refinements of a
professional script, e.g. input validation. Below is the finished
script. We've added some comments (lines beginning with #) to help make
it clearer.
- <?php
-
- #Receive user input
- $email_address = $_POST['email_address'];
- $feedback = $_POST['feedback'];
-
- #Filter user input
- function filter_email_header($form_field) {
- return preg_replace('/[\0\n\r\|\!\/\<\>\^\$\%\*\&]+/','',$form_field);
- }
-
- $email_address = filter_email_header($email_address);
-
- #Send email
- $headers = "From: $email_address\n";
- $sent = mail('you@domain.com', 'Feedback Form Submission', $feedback, $headers);
-
- #Thank user or notify them of a problem
- if ($sent) {
-
- ?><html>
- <head>
- <title>Thank You</title>
- </head>
- <body>
- <h1>Thank You</h1>
- <p>Thank you for your feedback.</p>
- </body>
- </html>
- <?php
-
- } else {
-
- ?><html>
- <head>
- <title>Somthing went wrong</title>
- </head>
- <body>
- <h1>Somthing went wrong</h1>
- <p>We could not send your feedback. Please try again.</p>
- </body>
- </html>
- <?php
- }
- ?>
Save this script as feedback_form.php and upload it to the root of your web hosting on your web hosting.
Now you're ready to test your feedback form. Load your feedback form
in your browser, http://www.domain.com/feedback_form.html, fill the form
in and submit it. If everything works you should receive an email
containing what you just entered in the form.