I recommend you read Part I and Part II of this series if you haven’t already.

In the previous posts on this subject, I’ve explained the basic page template and the validation that we need to do for our contact form. Finally we can deal with the actual emailing of the form content and then put it all together.

Emailing the form content

The theory behind this is to grab all of the information from the form, put it into a message variable. Perhaps also add in some extra info for ourselves eg. their IP and browser type. So first off we need to get all of the information from the form. To make lives easier for ourself in the future (and we’ve already got a reasonable bit of strict validation in), we can just run through every form element and add it into the message eg.

[sourcecode language=”php”]$message = “”;
foreach ($_POST AS $key => $value) :
$message .= $key.”: “.$value.”\n\n”;

This will mean that you can add new fields to the form and not have to worry about adding additional code into the PHP to get those new fields, as this will get every key and value from the $_POST array. Is it the best option? In theory no. All it would take is someone to post the correct fields plus hundreds more, via their own script, to your form processing script, and your email would be very long. But at the same time, it’s only content, and the email is only coming to you. If you found this to start happening then I’d recommend learning how to retrieve individual field values instead. However, for this form we’ll stick with the above as it’s quicker for now!

So, we’ve got the basics of our message created. We want to add some additional info below it so we can use:

[sourcecode language=”php”]$message .= “\n\nSender Info:\n”;
$message .= “IP: “.$_SERVER[‘REMOTE_ADDR’].” https://ws.arin.net/whois/?queryinput=”.$_SERVER[‘REMOTE_ADDR’].”\n”;
$message .= “Browser/OS: “.$_SERVER[‘HTTP_USER_AGENT’];[/sourcecode]

This is just a fairly simple addition. The second line will echo out the IP address and link to the whois lookup for it, in case you may want to check where the person is from. Then the final line just tells you the person’s browser and operating system. They’re not 100% accurate, but for most legit people contacting you, it will be, and it’s sometimes interesting to know what people have. Also, if you start to get multiple messages off what appear to be different people, but have the same IP, then you know you could block that IP as they’re clearly just stalking you 😉

Next we need to create our email headers. Whilst a basic header of

"From: ".$email

Will usually work, some servers may reject the email if the headers do not appear complete. So let’s build the headers up properly.

[sourcecode language=”php”]$headers = “From: “.$_POST[‘cfname’].” < ".$_POST['cfemail'].">\n”;
$headers .= “Mime-Version: 1.0\n”;
$headers .= “Content-Type: text/plain; charset=ISO-8859-1\n”;
$headers .= “Content-Transfer-Encoding: 8bit\n”;
$headers .= “Return-Path: < ".$_POST['cfemail'].">\n”;
$headers .= “Errors-To: “.$to_email;[/sourcecode]

This code sets the email to be a plain text email. If you wanted to use HTML in the email then you’d change line 3 from text/plain to text/html. The last line uses a variable which we’ll set at the top of the file, just a simple To email address, so that you don’t have to change it everywhere if you want to change your email in the future.

Then finally we have the code to send the email:

mail($to_email, $subject, $message, $headers);

Again, the $subject will be set at the start, so that you don’t have to go poking around the code once it’s all set up.

You’ve then got two options once the email is sent. You can either return a thank you message on the same page, or redirect the user to a thank you page. Personally I opt for the latter and use the code


Where $redirect is the path to the thank you page on your site from the root eg. “contact-form/thank-you/”.

Final Functions

Just to explain a couple of final functions. These are not essential but as they’re in the final template they just need a brief explanation.

[sourcecode language=”php”]// clean up the form content
foreach ($_POST AS $key => $value) :
if (get_magic_quotes_gpc()) :
$value = stripslashes($value);

$formstuff[$key] = strip_tags($value);

This first function will run through every value submitted in the form and strip and backslashes added by magic quotes (if they’re set to on) and also run strip_tags() which will strip out all HTML tags. Afterall, no one should be sending HTML to you in your contact form 😉 If you want to allow it (considering the email is sent as plain text so the code would just display) then remove line 7.

// function to print out form value, stripping any added backslashes
function get_value ($formvalue) {
if (!empty($_POST[$formvalue])) :
if (get_magic_quotes_gpc()) :
$form_value = stripslashes($_POST[$formvalue]);
echo $form_value;

This function is used when someone partly completes the form but triggers and error. We want to redisplay their content so that they don’t have to retype it. Again, it just checks if magic quotes are set to on and if they are it strips the backslashes out.

// this is the message if there is one.
if (!empty($error_msg)) :
echo "<ul>\n"; // perhaps style the warning class to a bright colour
echo $error_msg;
echo "</ul>\n";

Finally the code to echo our our errors that we’ve saved. Again, only used if someone partially completes the form and triggers a validation error. This will display the errors in a list.

Put it all together

Now we can finally put it all together, along with a couple of if statements to check that we can proceed. The final template can be downloaded. It’s well documented so you should be able to run through it all without a problem. You may need to edit the divs and markup around the form to suit your own template, however comparing this to your page.php or index.php file will show you what needs changing.

Leave any questions below and I’ll do my best to help you out. Ideally mention the line number(s) if it’s about the code, that you’re asking about so that I can look it up 🙂