0

When I hit the submit button, it takes me to the .php file as if it's a link? It's not running the script. I've looked through other questions and can't seem to find anything relating to the script not actually running so any help is greatly appreciated.

HTML

<article id="contact">
    <h2 class="major">Contact</h2>
    <form name="contact-form" method="post" action="contact.php">
        <div class="field half first">
            <label for="name">Name</label>
            <input type="text" name="name" id="name" />
        </div>
        <div class="field half">
            <label for="email">Email</label>
            <input type="text" name="email" id="email" />
        </div>
        <div class="field">
            <label for="message">Message</label>
            <textarea name="message" id="message" rows="4"></textarea>
        </div>
        <ul class="actions">
            <li><input type="submit" value="Send Message" class="special" name="submit" /></li>
            <li><input type="reset" value="Reset" /></li>
        </ul>
    </form>

PHP

<?php
if(!isset($_POST['submit']))
{
    //This page should not be accessed directly. Need to submit the form.
    echo "error; you need to submit the form!";
}
$name = $_POST['name'];
$visitor_email = $_POST['email'];
$message = $_POST['message'];

//Validate first
if(empty($name)||empty($visitor_email)) 
{
    echo "Name and email are mandatory!";
    exit;
}

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}

$email_from = 'email@outlook.com';//<== update the email address
$email_subject = "New Form submission";
$email_body = "You have received a new message from the user $name.\n".
    "Here is the message:\n $message".

$to = "email@outlook.com";//<== update the email address
$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $visitor_email \r\n";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: thank-you.html');


// Function to validate against any email injection attempts
function IsInjected($str)
{
    $injections = array('(\n+)',
                        '(\r+)',
                        '(\t+)',
                        '(%0A+)',
                        '(%0D+)',
                        '(%08+)',
                        '(%09+)');
    $inject = join('|', $injections);
    $inject = "/$inject/i";
    if(preg_match($inject,$str))
    {
        return true;
    }
    else
    {
        return false;
    }
}

?>
Donald Duck
  • 7,638
  • 19
  • 69
  • 90
Peter Krivi
  • 1
  • How are you accessing this html page ..? Are you running it directly by double clicking the .html file ? – newbie Feb 03 '17 at 16:46

1 Answers1

0

Hard to tell what you mean by your form doesn't run.. is your server configured to parse .php files?

If so, you don't have an input named "submit" so 

if(!isset($_POST['submit']))

is never true. Multiple solutions but I think the easiest is to add a hidden input named submit somewhere within your form...

<input type="hidden" name="submit" value="1" />
Duane Lortie
  • 1,282
  • 1
  • 12
  • 16