Contact Form not sending senders email address

Question

1.00/5 (1 vote)

See more:

HEllo everyone, i don't know if this is a common problem but i can't seem to understand why it is happening.
I am trying to process a form and have it send the details to an email. Simple enough.
Here is the PHP code for it. When someone fills the form up it shows everything except the senders email. It comes out as unknown sender. Does anyone know how i can fix it?
Thanks a lot to anyone who takes time out to look at this.

--Updated question

PHP validation

PHP

<?php
 
if(isset($_POST['email'])) {
 
     
 
    // EDIT THE 2 LINES BELOW AS REQUIRED
 
    $email_to = "you@yourdomain.com";
 
    $email_subject = "Your email subject line";
 
     
 
     
 
    function died($error) {
 
        // your error code can go here
 
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
 
        echo "These errors appear below.<br /><br />";
 
        echo $error."<br /><br />";
 
        echo "Please go back and fix these errors.<br /><br />";
 
        die();
 
    }
 
     
 
    // validation expected data exists
 
    if(!isset($_POST['first_name']) ||
 
        !isset($_POST['last_name']) ||
 
        !isset($_POST['email']) ||
 
        !isset($_POST['telephone']) ||
 
        !isset($_POST['comments'])) {
 
        died('We are sorry, but there appears to be a problem with the form you submitted.');       
 
    }
 
     
 
    $first_name = $_POST['first_name']; // required
 
    $last_name = $_POST['last_name']; // required
 
    $email_from = $_POST['email']; // required
 
    $telephone = $_POST['telephone']; // not required
 
    $comments = $_POST['comments']; // required
 
     
 
    $error_message = "";
 
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
 
  if(!preg_match($email_exp,$email_from)) {
 
    $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
 
  }
 
    $string_exp = "/^[A-Za-z .'-]+$/";
 
  if(!preg_match($string_exp,$first_name)) {
 
    $error_message .= 'The First Name you entered does not appear to be valid.<br />';
 
  }
 
  if(!preg_match($string_exp,$last_name)) {
 
    $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
 
  }
 
  if(strlen($comments) < 2) {
 
    $error_message .= 'The Comments you entered do not appear to be valid.<br />';
 
  }
 
  if(strlen($error_message) > 0) {
 
    died($error_message);
 
  }
 
    $email_message = "Form details below.\n\n";
 
     
 
    function clean_string($string) {
 
      $bad = array("content-type","bcc:","to:","cc:","href");
 
      return str_replace($bad,"",$string);
 
    }
 
     
 
    $email_message .= "First Name: ".clean_string($first_name)."\n";
 
    $email_message .= "Last Name: ".clean_string($last_name)."\n";
 
    $email_message .= "Email: ".clean_string($email_from)."\n";
 
    $email_message .= "Telephone: ".clean_string($telephone)."\n";
 
    $email_message .= "Comments: ".clean_string($comments)."\n";
 
     
 
     
 
// create email headers
 
$headers = 'From: '.$email_from."\r\n".
 
'Reply-To: '.$email_from."\r\n" .
 
'X-Mailer: PHP/' . phpversion();
 
@mail($email_to, $email_subject, $email_message, $headers);  
 
?>
 
 
 
<!-- include your own success html here -->
 
 
 
Thank you for contacting us. We will be in touch with you very soon.
 
 
 
<?php
 
}
 
?>

Posted 3-May-15 9:51am

Member 11661173

Updated 3-May-15 18:54pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2015-05-03T13:30:00

Solution 1

First of all, last parameter should have the form "$header: $header_valie", it cannot possibly be "From: $Name <$comments>". Also, I have no evidence that your mail is properly setup, that all parameter values are correct, and so on. To start with, make sure that some existing mail client can send mail with the same parameters and the same SMTP server (or whatever you use at your Web site's host). Check up everything.

It's very good that it does not send mail yet. You are going to face much worse problem. The way your code is written will allow anyone to turn your host into a zombie sending spam, or something like that. It can be done in no time through the simplest injection trick; and you won't even notice that.

For further explanation, please see my past answer and fix it, through proper sanitizing of the input which comes from your HTTP request:
unable to send mail , it showing the error in below code .[^].

—SA

Posted 3-May-15 13:30pm

Sergey Alexandrovich Kryukov

Comments

Member 11661173 4-May-15 0:44am

Thank you sir. I missed that . It was not supposed to be comments. And i am not using that form. As you said it can be easily hacked/injected. There is validation for all fields on the form i am using . I went through the other answer also.

Is this validation ok? I am sorry if this question is not supposed to be here. Your answer was amazing and it taught me something for real life.

Sergey Alexandrovich Kryukov 4-May-15 0:47am

Please, not code in comments; it's unreadable. Better put it to the question using "Improve question".
—SA

Member 11661173 4-May-15 0:55am

Sorry Sir, Just updated it. Thank you very much.

Sergey Alexandrovich Kryukov 4-May-15 1:09am

All right. Regular expression should be stronger. Not just letters from the set, but certain form for valid address. Identity name, in angular brackets or not, @ domain.*.[tld], all that rules. And I advised what to do with new-line characters and validation. You need to do the whole work and validate your code yourself, it needs time to prove it all.

Will you accept my answer formally?

Thank you,
—SA

Member 11661173 4-May-15 1:10am

Whoopos . Did not see that button before. For sure. Thanks so much . You are awesome.