Problem with contact form

[Nic727]

Hi, I did my first contact form ever and I have a weird problem with my php or the contact form itself. I tested my contact form and that's what I received : From : anonymous@server283.comSubject : message from my website and in the message itself I have : Name : Didn't put a name in my testCity : Didn't put a city in my test Phone number : I don't have a phone number label...Email : ___@hotmail.com So I would like to have something like that : From : email entered in the email formSubject : Subject entered on the form and in the message : Name :City :Email That's what I have in my HTML

<form method="post" action="insert.php">    <P>Required field*</p>div class="row">		<div class="half left">	    <label>Name*</label>    <input name="prenom" id="name" type="text">	</div>     	<div class="half right">	    <label>Last Name</label>    <input name="nom" id="lastname" type="text">    </div></div>	<div class="row">		<label>Email*</label>	<input name="email" id="email" type="email"></div>	 <div class="row">		<label>Country</label>	<input name="pays" id="country" type="text"></div>	<div class="row">		<label>Subject*</label>    <input name="subject" id="sujet" type="text"></div>	<div class="row">	    <label>Your message*</label>    <textarea name="message"></textarea></div>                <input id="submit" name="submit" type="submit" value="sent">        </form> 

And my PHP

<?php $filled = true; $required = array("name", "email", "subject"); //all the required fields// Get values from form$prenom=$_POST['prenom'];$nom=$_POST['nom'];$email=$_POST['email'];$pays=$_POST['pays'];$pays=$_POST['sujet'];$to = "contact@nicolas-duclos.com";$subject = "Message from my website";$message = " Name: " . $name . "rn City: " . $city . "rn Téléhone: " . $phone . "rn Email: " . $email;$from = "Message from my website";$headers = "from:" . $from . "rn";$headers .= "Content-type: text/plain; charset=UTF-8" . "rn"; if(@mail($to,$subject,$message,$headers)){  print "Thank you!"}else{  echo "Sorry, we had a problem.";}?>

So what's wrong?And how to have the "Thank you!" message under the submit button instead of having another white page with that?How to put required field working?Thank you for your help

[justsomeguy]

First, use print_r to verify what the form is submitting and compare it with this part to make sure you're using the correct names:

$prenom=$_POST['prenom'];$nom=$_POST['nom'];$email=$_POST['email'];$pays=$_POST['pays'];$pays=$_POST['sujet'];

Note you're using the same variable twice at the end.If you want to set the from address on the email then you need to use the From header. The From header should be an email address, not freeform text. If you are going to let people fill in the from address and the subject then you also need to validate those, or else an attacker will be able to use your server to send any spam message to any recipients, and then your server will get blocked from sending email. There's a description about sanitizing that kind of data at the links below, note that you need to sanitize anything that goes in a header (which includes both the subject and the from address).http://stackoverflow.com/questions/1055460/how-to-sanitze-user-input-in-php-before-mailinghttp://www.dreamincode.net/forums/topic/228389-preventing-php-mail-header-injections/

[funbinod]

I noticed you have defined the FROM and SUBJECT already. you are not choosing it from user input value.

 

like ----

 

$subject = "Message from my website";

$from = "Message from my website";

 

you should change it to ---

 

$from = '$_POST['subject'];

$subject = $_POST['email'];

 

and of course you should process through validation as suggested by justsomeguy ...............

[Nic727]

Thank you very much. I found that too, but I need more explication about that : http://www.freecontactform.com/html_form.php And I tested my contact form another time :http://image.noelshack.com/fichiers/2014/50/1418173249-email3.pnghttp://image.noelshack.com/fichiers/2014/50/1418173250-email2.pnghttp://image.noelshack.com/fichiers/2014/50/1418173250-email1.pngI hope you understand my problem with that. It's my first contact form and I'm not good in php.

[justsomeguy]

Those links aren't working for me, I'm not sure what questions you have.