PHP E-mail Receive Form Electronic Content Text

Frequently Asked Questions

send | spam | spam2 | bots | from | response | header | validation

For help debugging, see: Troubleshooting Tips

Q: How do I send the e-mail message to more than one person?
A: Add recipients separated by commas to the "SendTo" line.

For example:
      $sendTo = ",";

Q: I'm getting attacked by spammers.  Help!
A: Spammers search for web forms in the hopes they can use the forms to automatically add their annoying links to blogs.  They also look for vulnerable web forms they can trick into causing a server to become an unsuspected spam sender.  Luckily, there is an easy way to foil most spammers.  Spammers rarely run JavaScript when attacking web pages.  Use JavaScript to add the action attribute to the form tag so the spammers won't figure out where to submit the form.

Replace the line:
      <form class=perfect method=post action="feedback.php">
      <form class=perfect method=post>

and then insert the following lines just before the </body> tag:
      <script src=""></script>
      <script>$('.perfect').attr('action', 'feedback.php');</script>

Q: I'm STILL getting attacked by spammers.  Help!
A: There is even more you can do to filter spam.  Attackers often try to use web forms to submit the text "bcc:" or "cc:" followed by a test e-mail address in the hope that the form processor inadvertently sends a copy of the message to the test e-mail address.  PERFECT appears to be impervious to these attacks, but the resulting barrage of test messages can be annoying.  You can enhance PERFECT to not send the message if any indicators of spam are detected.

Replace the "mail" line with the following four lines of code:
      $spam = count($_POST) == 0 || stristr($msgBody, "cc: ") ||
          stristr($msgBody, "href=") || stristr($msgBody, "[url");
      if (!$spam)
          mail($sendTo, $subjectLine, $msgBody, "From: $sendFrom");

If you want even more protection, incorporate reCAPTCHA into your form.  It's free and helps digitize books.

Q: How do I prevent the bots from triggering e-mails?
A: As they spider the web, some search engine robots will follow the link in your HTML form causing PERFECT to send an e-mail message with no values.  You can solve this annoyance by sending e-mails only if at least one form field has a value.

Just before the "mail" line, add a line using the "count()" function as follows:
      if (count($_POST) > 0)
          mail($sendTo, $subjectLine, $msgBody, "From: $sendFrom");

Q: How do I set the From: field to the submitter's e-mail address?
A: Don't.  Doing so creates an easy way for someone to hack into your server by injecting malicious content into your e-mails.

Q: How do I send an automatic response to the submitter?
A: Don't.  Doing so will give spammers an easy way to use your server to send their spam.  Actually, don't put any user input into the header of the e-mail message as spammers could then inject malicious content into your e-mails.
Q: How do I add a field to the e-mail header?
A: If you have a need to supplement the e-mail header with a field, like "Return-Path" or "Bcc", add a variable to hold the desired value:
      $returnPath = "";

Then add the new header to the "mail" command:
      mail($sendTo, $subjectLine, $msgBody,
          "From: $sendFrom\r\nReturn-Path: $returnPath");

Replace the header name ("Return-Path) and variable ("$returnPath") as appropriate for the header field you require.

Q: How do I add field validation (error checking) to my form?
A: For most web sites, simple client-side validation is sufficient.  Client-side validation entails having the user's browser perform the error checking, such as making sure the user entered his or her name, before the data is submitted to PERFECT.  This client-side validation is typically done with JavaScript.  There is no need to modify the PERFECT script unless you have stringent validation needs.