Home/ Questions/Q 1012669
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T09:58:52+00:00

This is my second attempt at a php contact form using Jquery and php

  • 0

This is my second attempt at a php contact form using Jquery and php to validate. I am pretty happy with the jquery but am unsure if I did the php right. I looked online and combined a few tutorials. Is this the best way to go about validating the fields and making sure the sendmail function is not improperly used? Is this a good way of going about this? Is there a better? Thanks in advance.

if(isset($_POST['submit'])) {
    //Check to make sure that the name field is not empty
    if(trim($_POST['emailTo']) == '') {
        $hasError = true;
    } else {
        $name = trim($_POST['emailTo']);
    }
    //Check to make sure that the subject field is not empty
    if(trim($_POST['subject']) == '') {
        $hasError = true;
    } else {
        $subject = trim($_POST['subject']);
    }
    //Check to make sure sure that a valid email address is submitted
    if(trim($_POST['emailFrom']) == '')  {
        $hasError = true;
    } else if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}$", trim($_POST['emailFrom']))) {
        $hasError = true;
    } else {
        $email = trim($_POST['emailFrom']);
    }
    //Check to make sure comments were entered
    if(trim($_POST['message']) == '') {
        $hasError = true;
    } else {
        if(function_exists('stripslashes')) {
            $comments = stripslashes(trim($_POST['message']));
        } else {
            $comments = trim($_POST['message']);
        }
    }
    $dodgy_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
                ,"bcc:"
);

function is_valid_email($email) {
  return preg_match('#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si', $email);
}

function contains_bad_str($str_to_test) {
  $bad_strings = array(
                "content-type:"
                ,"mime-version:"
                ,"multipart/mixed"
        ,"Content-Transfer-Encoding:"
                ,"bcc:"
        ,"cc:"
        ,"to:"
  );

  foreach($bad_strings as $bad_string) {
    if(eregi($bad_string, strtolower($str_to_test))) {
      echo "$bad_string found. Suspected injection attempt - mail not being sent.";
      exit;
    }
  }
}

function contains_newlines($str_to_test) {
   if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) {
     echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent.";
     exit;
   }
} 

if($_SERVER['REQUEST_METHOD'] != "POST"){
   echo("Unauthorized attempt to access page.");
   exit;
}

if (!is_valid_email($email)) {
  echo 'Invalid email submitted - mail not being sent.';
  exit;
}

contains_bad_str($email);
contains_bad_str($subject);
contains_bad_str(body);

contains_newlines($email);
contains_newlines($subject);

    //If there is no error, send the email
    if(!isset($hasError)) {
        $emailTo = 'My@Email.com';
        $body = "Name: $name \n\nEmail: $email \n\nSubject: $subject \n\nComments:\n $comments";
        $headers = 'From: My Site <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email;
        mail($emailTo, $subject, $body, $headers);
        $emailSent = true;
    }
}
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is very complicated (script you wrote).
    Essentially you need two scripts, one for ajax and second one normal php contact form.
    Lets call the first one ajax.php (both script contain sam validation rules), when user enters for example his mail (you bind jquery blur event to email) a request is sent to…

    ajax.php?action=checkmail&email=example@example.com

    You can then print return by email input box, eg “Your email is valid.” or contrary.

    You can also use only ajax.php to send mail by passing all parameters to it, and then showing user “email is sent” or “email is not sent because…” without refreshing the page.

    • 0