Page 542 - Beginning PHP 5.3
P. 542
Part III: Using PHP in Practice
If you don’t get an email, here are some things to check:
❑ Make sure you’ve specified the OWNER_EMAIL_ADDRESS value correctly
❑ Check your junk mail folder to see if the email ended up there
❑ If possible, take a look at your mail server’s log to see what happened to the email. It may be
that it was assumed to be junk mail by your ISP’s server and was deleted automatically. If you
can’t find any record of the message in the mail log, check your PHP configuration
How It Works
The script starts off by outputting an XHTML header, including CSS for customizing the appearance
of the form. Next, the HTML_QuickForm and HTML_QuickForm_Renderer_Tableless PEAR
packages are loaded, and the Web site owner details are specified using constants; these details are
used as the recipient details when sending the email:
require_once( “HTML/QuickForm.php” );
require_once( “HTML/QuickForm/Renderer/Tableless.php” );
define( “OWNER_FIRST_NAME”, “Michael” );
define( “OWNER_LAST_NAME”, “Brown” );
define( “OWNER_EMAIL_ADDRESS”, “michael@example.com” );
The script then sets up the contact form by creating an HTML_QuickForm object. The form uses the
post request method and sends the data back to contact.php. The true argument passed to the
constructor creates a hidden form field so that the script can tell when the form has been submitted. In
addition, the name attribute is removed from the form to make it XHTML-compliant, and the
“required fields” note is disabled (because all fields are required):
$form = new HTML_QuickForm( “form”, “post”, “contact.php”, “”, array( “style”
=> “width: 30em;” ), true );
$form->removeAttribute( “name” );
$form->setRequiredNote( “” );
Various form fields and validation rules are then added to the form. The fields include the sender’s
first name, last name, and email address, along with the message subject and message body. The
validation rules ensure that only valid characters are input for the firstName, lastName,
emailAddress, and subject fields. This validation is very important when creating form-to-email
scripts, because it makes it much harder for spammers to use your contact form to send arbitrary
emails.
The validation rule for the subject form field is very strict in this example. In a real-world situation
you might want to allow additional characters, such as ? (question mark) and ! (exclamation mark).
However, it is very important that you never allow carriage return (\r) or line feed (\n) characters in
fields such as the sender’s email address and message subject, because this would allow spammers to
insert additional headers (such as extra recipients) into the email message.
Next, the script determines if the form was submitted and valid. If so, it is processed by calling a
sendMessage() function (described in a moment). Otherwise, the form is displayed (or redisplayed if
it was already submitted):
if ( $form->isSubmitted() and $form->validate() ) {
$form->process( “sendMessage” );
} else {
504
9/21/09 9:15:41 AM
c16.indd 504 9/21/09 9:15:41 AM
c16.indd 504
