Home/ Questions/Q 6819617
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T21:19:39+00:00

I’ve made a PHP contact form for a client and they’ve come back to

  • 0

I’ve made a PHP contact form for a client and they’ve come back to me saying they are receiving blank emails like this:

From: 
E-Mail: 
Message:

I’ve put JavaScript validation in place which successfully refuses a blank form when I submit the form in the standard way.

  • What could be happening? Are we talking something malicious or stupid?
  • What extra checks should I put in place? Are PHP checks a standard thing?

Code included below. Thanks in advance 🙂

JS validation:

  $("form#submit").submit(function() {   
    var custname = $('#custname').attr('value');  
    var custemail = $('#custemail').attr('value');  
    var custmessage = $('#custmessage').attr('value');

    if (custname==null || custname=="" || custemail==null || custemail=="" || custmessage==null || custmessage=="") {
      alert("Please fill out the whole form");
      return false;
  }

PHP mailer page:

<?php
$to = "name@email.com";
$subject = "Message from website";
$name_field = htmlspecialchars(trim($_POST['custname']));
$email_field = htmlspecialchars(trim($_POST['custemail']));
$message = htmlspecialchars(trim($_POST['custmessage']));

$body = "From: $name_field\n E-Mail: $email_field\n Message: $message";

mail($to, $subject, $body);
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In the PHP mailer page, you can write something like:-

    <?php
// Site Name ( not Site Title )
$dotcom = "Custom Site Name";

$main_mail_arr            = array();
$main_mail_arr['admin']   = 'name@email.com';
$main_mail_arr['noReply'] = 'no-reply@email.com';
$main_mail_arr['cc']      = 'cc@email.com';
$main_mail_arr['bcc']     = 'bcc@email.com';

/**
 * Mail Function
 */
function genMailing($to, $subj, $body, $from = '', $fromName = '', $reply = true, $cc = '', $bcc = '') {
    global $main_mail_arr, $dotcom;

    if( empty( $from ) )
        $from = $main_mail_arr['noReply'];

    if( empty( $fromName ) )
        $fromName = $dotcom;

    $headers = "MIME-Version: 1.0\r\n";
    $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
    $headers .= "From: $fromName <" . $from . ">\r\n";

    if( $reply )
        $headers .= "Reply-to: $fromName <" . $from . ">\r\n";

    if( !empty( $cc ) )
        $headers .= "Cc: " . $cc . "\r\n";

    if( !empty( $bcc ) )
        $headers .= "Bcc: " . $bcc . "\r\n";

    $headers .= "X-Mailer: PHP/" . phpversion() . "\r\n";

    $return_str = mail( $to, $subj, $body, $headers );
    return $return_str;
}

/**
 * Email Validation Function
 */
function checkEmail( $email, $type = true ) {
    if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i", $email)) {
        $validResult = true;
    }

    if($validResult && $type) {
        $e = explode("@", $email);

        if(@checkdnsrr($e[1])) {
            $validResult = true;
        }
        else {
            $validResult = false;
        }
    }

    return $validResult;
}

if (isset( $_POST['custname'] ) && isset( $_POST['custemail'] ) && isset( $_POST['contact_msg'] )) {
    $nameError = '';
    $emailError = '';
    $msgError = '';

    $valName = trim( $_POST['custname'] );
    $valEmail = trim( $_POST['custemail'] );
    $valMsg = trim( $_POST['custmessage'] );

    if( empty( $valName ) ) {
        $nameError = 'Please provide your Name.';
    }

    if( !empty($valEmail) && !checkEmail($valEmail, false) ) {
        $emailError = 'Please provide your valid Email Address.';
    }

    if( empty( $valMsg ) ) {
        $msgError = 'Please provide your Message / Query / Comments.';
    }

    if( empty( $nameError ) && empty( $emailError ) && empty( $msgError ) ) {
        $to = $main_mail_arr['admin'];
        $subject = "Message from website";

        $body = '<h2 style="padding-bottom:0px; margin-bottom:0px;">New Details</h2>'.'<hr /><br />'."\r\n\n";
        $body .= '<b>Name</b>: '.stripslashes($valName).'<br />'."\n";
        $body .= '<b>Email Address</b>: '.stripslashes($valEmail).'<br />'."\n";
        $body .= '<b>Message</b>: '.stripslashes($valMsg).'<br />'."\n";

        $result = genMailing($to, $subject, $body, $valEmail, $valName, true);

        if ($result) {
            // Message for successful mail sent
        }
    }
    else {
        // Show the form below, with the error messages stored in the error variables
    }
}
?>

    This above code mostly covers the server side validation, along with the Email Validation. However, you can also provide more stringent Email Validation checks than the one which I have used, and Captcha checking as well.

    Although, the above code has served me well for quite some years, it must be mentioned that this snippet is not the last & full-proof, as I have not used any filter / sanitization (like what WordPress or other CMSs do) for all the user inputs. But nevertheless, it should get you well started with Google when dealing with user inputs.

    You can also check out some of the below links for filter / sanitize:-

    Hope it helps.

    • 0