Make PHP Sites

Last updated: 2015-02-28

PHP contact form

In this section, we'll go over how to process a contact form with PHP.

The code for this version will be written in a procedural method.

Requirements

Refer to the Get Started section to know what you need to use this tutorial. You must also have an understanding of HTML and how a web page is constructed.

We'll go through this assuming you know how to make an HTML form.

We will make two version; one will send an email from the form; the other will store to a database.

Note: For either the email or the database method, your server must be operating a database of some kind and a mail program.

A typical contact form

Create a PHP web page file with a form.

					<html>
						<head>
							<title>Contact me</title>
						</head>
						
						<body>
							
							<h1>Contact me</h1>
							
							<form action="" method="post">
							
								<p>
									<label for="name">Your name</label>
									<br/>
									<input type="text" name="name" id="name" />
								</p>
								
								<p>
									<label for="phone">Your phone number</label>
									<br/>
									<input type="text" name="phone" id="phone" />
								</p>
								
								<p>
									<label for="email">Your email address</label>
									<br/>
									<input type="text" name="email" id="email" />
								</p>
								
								<p>
									<label for="message">Your message</label>
									<br/>
									<textarea name="message" id="message"></textarea>
								</p>
								
								<p>
									<button type="submit">Submit</button>
								</p>
								
							</form>
							
						</body>
					</html>
				

When a form is submitted

When a user clicks the "submit" button on a form, the data they entered becomes part of a built-in PHP array. It's dependent on the method="" value of the <form> tag. The two arrays are $_POST and $_GET.

If the method="" value is left blank, does not exist or is given get, the $_GET array is used. There are a limited number of characters allowed for each $_GET value. The user would see the information the submitted on the form in the URL.
http://sites.com/contact.php?name=Joe&phone=867-5309&email=joe@joe.com&message=Hi+there

If the method="" value is "post," the $_POST array is used. The values will not be in the URL and there is no limit to the length of the values like there is on the $_GET array.

Most of the time, use the $_POST array. The $_GET array is great if you want people to be able to share a page that is dependent on those values.

Notice the action="" value has been left blank. For the purposes of this lesson, we want the form to submit on its own page.

Processing a PHP form

Let's process a submitted form. All of the following code will be placed above the <html> line of the page.

Since we only want things to happen when a form is submitted, we'll start with our code like this:

					<?php
					
						if(!empty($_POST)){
							// Allow form process
						}
					
					?>
					
					<html>
					
					[...]
				

This conditional will only allow things within it to happen if a form was submitted to this page.

Handling the $_POST variables

When this form is submitted, the $_POST array automatically has several values: name, phone, email and message. We want to work with those variables, so let's take them out of the the $_POST array and into their own variables.

					<?php
					
						if(!empty($_POST)){
							$name = $_POST['name'];
							$phone = $_POST['phone'];
							$email = $_POST['email'];
							$message = $_POST['message'];
							
							/*
								// If we were using the $_GET array
								$name = $_GET['name'];
								$phone = $_GET['phone'];
								$email = $_GET['email'];
								$message = $_GET['message'];
							*/
						}
					
					?>
					
					<html>
					
					[...]
				

Sending the form data via email

We now have the form values in their own variables. Let's send it as an email to the webmaster. PHP has a built-in mail() function, but that doesn't guarantee your server is capable of sending mail.

					<?php
					
						if(!empty($_POST)){
							$name = $_POST['name'];
							$phone = $_POST['phone'];
							$email = $_POST['email'];
							$message = $_POST['message'];
							
							// The mail function will need three arguments to work at this point
							// mail($to, $subject, $message);
							
							// Who do we want to receive the email?
							$to = 'webmaster@mysite.com';
							
							// What do we want the subject of the email to be?
							$subject = 'Someone submitted the contact form';
							
							// Let's combine their submitted information into one variables, $letter
							$letter = '';
							
							// use "\n\n" to enter two text lines down in the message
							
							$letter .= 'The name: ' . $name . "\n\n";
							
							$letter .= 'Their phone number: ' . $phone . "\n\n";
							
							$letter .= 'Their email address: ' . $email . "\n\n";
							
							$letter .= 'Their message:' . "\n";
							
							$letter .= $message;
							
							// Send the email!
							mail($to, $subject, $message);
						}
					
					?>
					
					<html>
					
					[...]
				

If everything works correctly, an email should be sent with the submitted information. This is assuming heavily on the functionality of your web server.

Sending the form data to a database table

Let's use the same variables and add the information into a theoretical database table instead of an email. This is going to submit data to a database named mysite into a table named contact_form. The table must have at least four fields: name, phone, email and message. This part assumes you have a general understanding of databasing and queries.

					<?php
					
						if(!empty($_POST)){
							$name = $_POST['name'];
							$phone = $_POST['phone'];
							$email = $_POST['email'];
							$message = $_POST['message'];
							
							// Database connection credentials
							$database_host = 'localhost';
							$database_user = 'root';
							$database_password = '';
							$database_name = 'mysite';
							
							// Connect to database
							$mysqli = new mysqli($database_host, $database_user, $database_password, $database_name);
							
							// Since the user could have entered things like ' and " into the form fields, we need to escape those characters to allow a successful insertion.
							$name = $mysqli->real_escape_string($name);
							$phone = $mysqli->real_escape_string($phone);
							$email = $mysqli->real_escape_string($email);
							$message = $mysqli->real_escape_string($message);
							
							// Write the query
							$sql = "INSERT INTO contact_form (name, phone, email, message) VALUES('" . $name . "', '" . $phone . "', '" . $email . "', '" . $message . "')";
							
							// Operate the query
							$query = $mysqli->query($sql);
							
							// Close the connection to the database
							$mysqli->close();
						}
					
					?>
					
					<html>
					
					[...]
				

All the code

					<?php
					
						if(!empty($_POST)){
							$name = $_POST['name'];
							$phone = $_POST['phone'];
							$email = $_POST['email'];
							$message = $_POST['message'];
							
							// Database connection credentials
							$database_host = 'localhost';
							$database_user = 'root';
							$database_password = '';
							$database_name = 'mysite';
							
							// Connect to database
							$mysqli = new mysqli($database_host, $database_user, $database_password, $database_name);
							
							// Since the user could have entered things like ' and " into the form fields, we need to escape those characters to allow a successful insertion.
							$name = $mysqli->real_escape_string($name);
							$phone = $mysqli->real_escape_string($phone);
							$email = $mysqli->real_escape_string($email);
							$message = $mysqli->real_escape_string($message);
							
							// Write the query
							$sql = "INSERT INTO contact_form (name, phone, email, message) VALUES('" . $name . "', '" . $phone . "', '" . $email . "', '" . $message . "')";
							
							// Operate the query
							$query = $mysqli->query($sql);
							
							// Close the connection to the database
							$mysqli->close();
						}
					
					?>
					
					<html>
						<head>
							<title>Contact me</title>
						</head>
						
						<body>
							
							<h1>Contact me</h1>
							
							<form action="" method="post">
							
								<p>
									<label for="name">Your name</label>
									<br/>
									<input type="text" name="name" id="name" />
								</p>
								
								<p>
									<label for="phone">Your phone number</label>
									<br/>
									<input type="text" name="phone" id="phone" />
								</p>
								
								<p>
									<label for="email">Your email address</label>
									<br/>
									<input type="text" name="email" id="email" />
								</p>
								
								<p>
									<label for="message">Your message</label>
									<br/>
									<textarea name="message" id="message"></textarea>
								</p>
								
								<p>
									<button type="submit">Submit</button>
								</p>
								
							</form>
							
						</body>
					</html>