localhost mail php code showing on page

Question

I'm having some code show up on my mail php block. It has happened with every form tutorial I've gone through. Well, it works with the basic form, but when I try a form that adds a bit of security, I get code showing through.

I'm using a css template provided online as well as a php mail code found online as well. When I pull up the stand alone code in XAMPP it looks fine, but when I incorporate it into my html, the code bleeds through.

Help?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<link href='http://fonts.googleapis.com/css?family=Ruthie' rel='stylesheet' type='text/css'>
<!-- Design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License Name : Portraiture Description: A two-column, fixed-width design with dark color scheme. Version : 1.0 Released : 20130111 -->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>title</title>

<meta name="keywords" content="" />
<meta name="description" content="" />
<script type="text/javascript" src="jquery-1.7.1.min.js"></script>
<script type="text/javascript" src="jquery.slidertron-1.1.js"></script>
<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600%7CArchivo+Narrow:400,700" rel="stylesheet" type="text/css" />
<link href="http://fonts.googleapis.com/css?family=Ruthie" rel="stylesheet" type="text/css" />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />
<!--[if IE 6]> <link href="default_ie6.css" rel="stylesheet" type="text/css" /> <![endif]-->
<link rel="stylesheet" type="text/css" href="active1.css" />
</head>


<body>
<div id="wrapper" class="container">
<div id="header">
<div id="logo">
<h1><a href="http://localhost/active/index.html">maggie braner</a></h1>


</div>
</div>
<div id="menu">
<ul>
<li class="active"><a href="http://localhost/active/index.html" accesskey="1" title="">Home</a></li>
<li><a href="http://localhost/active/musiclessons.html" accesskey="2" title="">Music Lessons</a></li>
<li><a href="http://localhost/active/pottery.html" accesskey="3" title="">Pottery</a></li>
<li><a href="http://localhost/active/jazzband.html" accesskey="4" title="">Jazz Band</a></li>


</ul>
</div>
<div id="banner">
<div id="slider">
<div class="viewer">
<div class="reel">
<div class="slide"> <img src="images/pic01.jpg" alt="" height="570" width="505" /> </div>
<div class="slide"> <img src="images/pic02.jpg" alt="" height="500" width="900" /> </div>
</div>
</div>
</div>
<script type="text/javascript">
$('#slider').slidertron({
viewerSelector: '.viewer',
reelSelector: '.viewer .reel',
slidesSelector: '.viewer .reel .slide',
advanceDelay: 3000,
speed: 'slow'
});
</script>
</div>
<div id="page">
<div id="content">
<h2>Welcome!</h2>

<p>     body text here  </p>
</div>

<div id="sidebar">




<?php 
$your_email ='yourname@your-website.com';// <<=== update to your email address

session_start();
$errors = '';
$name = '';
$visitor_email = '';
$user_message = '';

if(isset($_POST['submit']))
{

    $name = $_POST['name'];
    $visitor_email = $_POST['email'];
    $user_message = $_POST['message'];
    ///------------Do Validations-------------
    if(empty($name)||empty($visitor_email))
    {
        $errors .= "\n Name and Email are required fields. ";   
    }
    if(IsInjected($visitor_email))
    {
        $errors .= "\n Bad email value!";
    }
    if(empty($_SESSION['6_letters_code'] ) ||
      strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
    {
    //Note: the captcha code is compared case insensitively.
    //if you want case sensitive match, update the check above to
    // strcmp()
        $errors .= "\n The captcha code does not match!";
    }

    if(empty($errors))
    {
        //send the email
        $to = $your_email;
        $subject="New form submission";
        $from = $your_email;
        $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';

        $body = "A user  $name submitted the contact form:\n".
        "Name: $name\n".
        "Email: $visitor_email \n".
        "Message: \n ".
        "$user_message\n".
        "IP: $ip\n";    

        $headers = "From: $from \r\n";
        $headers .= "Reply-To: $visitor_email \r\n";

        mail($to, $subject, $body,$headers);

        header('Location: thank-you.html');
    }
}

// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html>
<head>
    <title>Contact Us</title>
<!-- define some style elements-->
<style>
label,a, body 
{
    font-family : Arial, Helvetica, sans-serif;
    font-size : 12px; 
}
.err
{
    font-family : Verdana, Helvetica, sans-serif;
    font-size : 12px;
    color: red;
}
</style>    
<!-- a helper script for vaidating the form-->
<script language="JavaScript" src="scripts/gen_validatorv31.js" type="text/javascript"></script>    
</head>

<body>
<?php
if(!empty($errors)){
echo "<p class='err'>".nl2br($errors)."</p>";
}
?>
<div id='contact_form_errorloc' class='err'></div>
<form method="POST" name="contact_form" 
action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> 
<p>
<label for='name'>Name: </label><br>
<input type="text" name="name" value='<?php echo htmlentities($name) ?>'>
</p>
<p>
<label for='email'>Email: </label><br>
<input type="text" name="email" value='<?php echo htmlentities($visitor_email) ?>'>
</p>
<p>
<label for='message'>Message:</label> <br>
<textarea name="message" rows=8 cols=30><?php echo htmlentities($user_message) ?></textarea>
</p>
<p>
<img src="captcha_code_file.php?rand=<?php echo rand(); ?>" id='captchaimg' ><br>
<label for='message'>Enter the code above here :</label><br>
<input id="6_letters_code" name="6_letters_code" type="text"><br>
<small>Can't read the image? click <a href='javascript: refreshCaptcha();'>here</a> to refresh</small>
</p>
<input type="submit" value="Submit" name='submit'>
</form>
<script language="JavaScript">
// Code for validating the form
// Visit http://www.javascript-coder.com/html-form/javascript-form-validation.phtml
// for details
var frmvalidator  = new Validator("contact_form");
//remove the following two lines if you like error message box popups
frmvalidator.EnableOnPageErrorDisplaySingleBox();
frmvalidator.EnableMsgsTogether();

frmvalidator.addValidation("name","req","Please provide your name"); 
frmvalidator.addValidation("email","req","Please provide your email"); 
frmvalidator.addValidation("email","email","Please enter a valid email address"); 
</script>
<script language='JavaScript' type='text/javascript'>
function refreshCaptcha()
{
    var img = document.images['captchaimg'];
    img.src = img.src.substring(0,img.src.lastIndexOf("?"))+"?rand="+Math.random()*1000;
}
</script>
</body>
</html>





</div>



</div>
</div>
<div id="footer">


<p>Copyright (c) 2012 Sitename.com. All rights reserved. Design
by <a href="http://www.freecsstemplates.org/" rel="nofollow">FreeCSSTemplates.org</a>,</br>
released under a <a href="http://creativecommons.org/licenses/by/3.0/">Creative
Commons Attributions 3.0</a> license</p>





</div>
</div>
</body></html>

Answer 1

我认为您必须将session_start()放在页面的顶部

Answer 2

RESOLVED.

I renamed the file from .html to .php and it worked fine as is.

Thank you all.