Simple php form = too simple to actually work?

Question

Hey guys

I'm sitting here wondering wheather this php contact form solution is too simple to actually work. Or, well it does work, but will it always work?

Also, atm when you recieve the email, it says FROM: [email protected] which means that most mail clients will put it straight in the junkbox. How can I change it to the entered email address?

Thanks!

<form method="POST" action="mailer.php">
   <input type="text" name="name" size="19">
   <input type="text" name="phone" size="19">
   <input type="submit" value="Submit" name="submit">
</form> 

<?php
if(isset($_POST['submit'])) {

$to = "[email protected]";
$subject = "From website";
$name_field = $_POST['name'];
$phone_field = $_POST['phone'];

$body = "From: $name_field\n E-Mail: $phone_field\n";

echo "Data has been submitted to $to!";
mail($to, $subject, $body);

} else {

echo "Error!";

}
?>

Answer 1

It will work, but your recipient is going to get spammed heavily after it has been out for a while. You can cut back on that a lot by putting another field in the form that is hidden with CSS and then checking that it is still empty before sending your email. As for adjusting the return address, use the forth parameter to the PHP mail function. It will look something like this:

mail($to, $subject, $body, "From:$fromAddress\n");

Here is some quick and dirty code that I have used for a similar form for a website to relay a message to someone's smartphone in a way that makes it easy to give a call back while on the go: http://rietta.com/stackoverflow/sample-form.txt