PC Services


Some PHP Tips and 'Tricks'

Thinking beyond each page and DESIGNING your web site

Tel: 0118 946 3634

linked-in profile facebook profile

   The Company 
   Resources / Examples 
     Email Forms 

Better PHP scripts for email contact forms

One of the most common things needed on a website is a contact form for customers, users, visitors, commentators, through to whingers and more likely spammers trawling the pages for email addresses or use your form to send spam.

Objectives for a good contact form to email script

Forms should be easy to fill in, because the easier to fill in the more likely the correct information will be given. Ask for too much information, like full postal address, and other details for briefest of email enquiries for emailing a product brochure, then you are likely to get invalid or 'jokey' data. Remember the less the user has to fill in. the less you have to validate, process and store!

Some of the worst things to have as part of your form -

  • NOT do automatic subscriptions to mailing lists by stealth methods. Most classic example seen is an Internet provider signup form, which would ALWAYS return wanting more address details than was possible on first form, so extended form is presented with the 'please subscribe me' checkboxes re ticked and below the submit button.
  • Submit button MUST BE BELOW or AFTER ALL form fields.
  • Data required must be User orientated, what their projected spend is unlikely to be filled in correctly.
  • NOT use long and multiple text entry fields, too long for user and too many chances of errors.
  • NOT ask for too many fields of information.
  • NOT ask for data more than required to answer the enquiry (e.g. mobile, phone number and postal address if response is email only).
  • NOT make compulsory fields not obvious. Mark ALL compulsory fields (ensuring they are really necessary).
  • IF ALL fields are compulsory then SAY so.
  • NOT make selection choices, easy for you, make them easy for the users as they do not know your internal structure or divisions.

For an exaggerated example of a bad form, see this form, but be warned this is opened in a separate window/tab for reasons that become obvious if you use the submit button!

For a good contact form you should consider the following for security and protection from spammers.

  • Form to use a coded alias for the email address to use.
  • Form to use MAXLENGTH and other attributes to limit size of data values passed.
  • Javascript at least on form web page for client side (browser) to limit variable length form values
  • As many fields as possible to be drop down selections, checkboxes or radio buttons.
  • NO email addresses on form (or on site) to stop spammers trawling email addresses.
  • User email address, post code/zip code, telephone number simple validity checks
  • Ability to parse default values passed back, to pre fill form with known data, or errors passed back.

To get an idea of form checks see PC Services contact form.

Objectives for a good contact form to email script

For a good contact form script you should consider adding the following features for security and protection from spammers.

  • Script callable from muiltiple forms.
  • Each form to have a config file, hidden from browsers.
  • Thank you pages, (defined in config file) to confirm email sent and/or data entered.
  • Email sent is formatted in order of fields configured, data is word wrapped and indented for easy reading
  • Error pages, (defined in config file)
  • Error page for invalid call to script (spammer or corrupted call).
  • Form to pass a coded alias for the email address to send details to (defined in config file).
  • All form values checked for valid data (stop unwanted side effects).
  • Size limit all form values for security (spammer doing direct post will bypass form). Important sizes and default max size defined in config file.
  • Select which special form fields have allowable email addresses (defined in config file).
  • Select which special form fields have allowable URL/web page addresses (defined in config file).
  • Extra checks for known web stuffing programmes, errors to drop forced web url insertions (99.99% spammers).
  • Only allow form POSTING from known website, IP addresses referrers defined in script.
  • Log as much detail as possible in the email sent to determine spammers and trouble makers that get through.

To see more details on this and an online demonstration of the script in action see the Email Form Demonstration section. The contact form to email PHP script package is available on request by contacting Paul Carpenter.

© 2010 onwards by PC Services, Reading UK Last Updated: 20th July 2013
If you encounter problems with this page please email your comments to webmaster