PHP contact form is sent always

Question

I have this form:

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <div>
    <span><label>Name</label></span>
    <span><input name="userName" type="text" class="textbox"></span>
  </div>
  <div>
    <span><label>Email</label></span>
    <span><input name="userEmail" type="text" class="textbox"></span>
  </div>
  <div>
    <span><label>Phone</label></span>
    <span><input name="userPhone" type="text" class="textbox"></span>
  </div>
  <div>
    <span><label>Subject</label></span>
    <span><textarea name="userMsg"> </textarea></span>
  </div>
  <div>
    <span><input type="submit" value="Send!"></span>
  </div>
</form>

And the following PHP code on the same page because the action is <?php echo $_SERVER['PHP_SELF']; ?> <?php echo $_SERVER['PHP_SELF']; ?> :

<?php
if(isset($_POST)) {
    $name = htmlspecialchars($_POST['userName']);
    $email = htmlspecialchars($_POST['userEmail']);
    $phone = htmlspecialchars($_POST['userPhone']);
    $message = htmlspecialchars($_POST['userMsg'] . $phone);

    $message = wordwrap($message, 70, "\r\n");

    $to = 'myEmail';
    $subject = 'subject';
    $headers = "From: $email" . "\r\n" .
        "Reply-To: $email" . "\r\n" .
            'X-Mailer: PHP/' . phpversion();
    mail($to, $subject, $message, $headers);
}
?>

But when a user hasn't submitted the form and just visits the contact form page, I get a blank email.

How can I fix this?

Answer 1

Change your if statement to

if(isset($_POST['userEmail'])

As $_POST will be set anytime you visit the site, see PHP doc for isset

Also see empty() as you will also be able to do this:

if(!empty($_POST))

You can see in the doc:

[empty()] Returns FALSE if var exists and has a non-empty, non-zero value. Otherwise returns TRUE.

The following things are considered to be empty:

• "" (an empty string)
• 0 (0 as an integer)
• 0.0 (0 as a float)
• "0" (0 as a string)
• NULL
• FALSE
• array() (an empty array)
• $var; (a variable declared, but without a value)

OR in this question , Nemoden 's answer suggests using $_SERVER['REQUEST_METHOD'] == 'POST' - It's pretty self-explanatory: if the page was requested by the POST request method, this statement will be true, however if you have multiple forms on the same page I suggest naming each submit button and checking for that.

Answer 2

Just do not send the form if there was no form data sent.

The condition if(isset($_POST)) checks whether there is a variable $_POST not if there is something in that variable. The $_POST array is one of PHP's automatically created superglobals and does always exist.

You need to check if there are some post-variables in that array; eg

if( !empty( $_POST ) )

or better

if( !empty( $_POST['userEmail'] ) )

…since the post array may have members (ie form fields) but those could be empty.

Answer 3

$_POST is just an empty predefined array, so when they load the page, $_POST is defined. What you need to do is isset($_POST['name'])

<?php
if(isset($_POST['name'])) {
    $name = htmlspecialchars($_POST['userName']);
    $email = htmlspecialchars($_POST['userEmail']);
    $phone = htmlspecialchars($_POST['userPhone']);
    $message = htmlspecialchars($_POST['userMsg'] . $phone);

    $message = wordwrap($message, 70, "\r\n");

    $to = 'myEmail';
    $subject = 'subject';
    $headers = "From: $email" . "\r\n" .
        "Reply-To: $email" . "\r\n" .
            'X-Mailer: PHP/' . phpversion();
    mail($to, $subject, $message, $headers);
}
?>

Answer 4

you can fixe it like that :

<?php
if(isset($_POST['userName']) && isset($_POST['userEmail']) && isset($_POST['userPhone']) && isset($_POST['userMsg'])) {
    $name = htmlspecialchars($_POST['userName']);
    $email = htmlspecialchars($_POST['userEmail']);
    $phone = htmlspecialchars($_POST['userPhone']);
    $message = htmlspecialchars($_POST['userMsg'] . $phone);

    $message = wordwrap($message, 70, "\r\n");

    $to = 'myEmail';
    $subject = 'subject';
    $headers = "From: $email" . "\r\n" .
        "Reply-To: $email" . "\r\n" .
            'X-Mailer: PHP/' . phpversion();
    mail($to, $subject, $message, $headers);
}
?>

you can however add

if(!empty($_POST['userMsg']) 

to test if the variable is empty or not...

Answer 5

You can give the submit button a name and check if it is clicked or not. This will prevent to send a email whenever the page is loaded.

if (isset($_POST["submit"])) {
   // your code
}

Edit the HTML of your submit button like this:

<input type="submit" value="Send!" name="submit">

Answer 6

give the name of your submit button like

 <span><input type="submit" value="Send!" name="submit"></span>

AND check it in php like

if(isset($_POST['submit']))
{
        // your code
}

Answer 7

This is not a good practice. I strongly advice you to start using a PHP framework.

Nevertheless...

The $_POST will always exist, so you can not test it like if(isset($_POST)) . To test if your form was submitted you must check if some of the expected POST var do exist.

In your case, something like if(isset($_POST['userEmail'])) would do the trick or you can add a name attribute to your submit button and test it if(isset($_POST['mySubmitButtonName']))

Answer 8

you need to add the name of submit button

<input type="submit" value="Send!" name="send">

then u can write the condition when the button is pressed the mail will be send like

if(isset($_REQUEST['send'])){

    $name = htmlspecialchars($_POST['userName']);
    $email = htmlspecialchars($_POST['userEmail']);
    $phone = htmlspecialchars($_POST['userPhone']);
    $message = htmlspecialchars($_POST['userMsg'] . $phone);

    $message = wordwrap($message, 70, "\r\n");

    $to = 'myEmail';
    $subject = 'subject';
    $headers = "From: $email" . "\r\n" .
    "Reply-To: $email" . "\r\n" .
        'X-Mailer: PHP/' . phpversion();
    mail($to, $subject, $message, $headers);
}

Answer 9

this could be for the $_SERVER['PHP_SELF']; acting on the form, try adding the actual page directory or a better solution i would try is to check if is not empty for a specific required field

if (!empty($_POST['userMsg'])){}