I have created a form using the below php. I have a couple of issues...

1.The form seems to be working except it is not showing the sender's name/email in the 'from' section... how can I get it to show the sender's email?

2.Is there some sort of coding I can add to help prevent spam from coming through? I saw once on a form where it asked a question and below it said 'so we know you are not a machine'. What is the code to add this extra security to the form?

Any assistance is greatly appreciated.

Here is the php the form is using....




<?php

$EmailFrom = "";
$EmailTo = "nina@make-upbynina.com";
$Subject = "Make-up Inquiry";
$Name = Trim(stripslashes($_POST['Name']));
$Email = Trim(stripslashes($_POST['Email']));
$Message = Trim(stripslashes($_POST['Message']));

// validation
$validationOK=true;
if (!$validationOK) {
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
exit;
}

// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $Name;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $Email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $Message;
$Body .= "\n";

// send email
$success = mail($EmailTo, $Subject, $Body, "From: <$Email>");

// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=http://www.make-upbynina.com/form-reply.php\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.htm\">";
}
?>

Simple for showing user's email. Here, in the PHP: $_REQUEST['from']
And in your form from the other page, simply add this: <input type="text" name="from" id="from">
(You don't absolutely need the ID in the HTML)
I'm not sure if it will work, but it's a guess. As for your other question, I'm not sure. How about Captcha? You could use PHP to write some Captcha.
EDIT: Added single quotes, forgot it's in some code with " 's......

Can you show your html markup? It may be something as simple as a typo.

I would not recommend the use of $_REQUEST in this case. If you're not getting your desired value from the $_POST array, that means something is wrong - you're not getting the info from the form as you intended. $_REQUEST opens up your script to the query string and cookies, which may produce errors or unintended results (best case) or create a security hole (worst case).

Here is the html for the form:




<div id="form">
<form class="feedbackform" method="post" action="http://make-upbynina.com/scgi-bin/contactengine.php">

<div class="fieldwrapper">
<label for="username" class="styled">Your Name:</label>
<div class="thefield">
<input type="text" id="username" value="" size="40" />
</div>
</div>

<div class="fieldwrapper">

<label for="email" class="styled">Email address:</label>
<div class="thefield">
<input type="text" id="email" value="" size="40" /><br />
</div>
</div>

<div class="fieldwrapper">
<label for="about" class="styled">Message:</label>
<div class="thefield">

<textarea id="about"></textarea>
</div>
</div>

<div class="buttonsdiv">
<input type="submit" value="Submit" style="margin-left: 150px;" /> <input type="reset" value="Reset" />
</div>

</form>

</div>

I am surprised you are getting any of the POST info considering you have all the fields labeled different than what you call the POST[].
Like you call $_POST['Name'] but you call the field username, so that shouldn't even work.
Also I am not totally sure but you call $_POST['Email'] but it's labeled email in lowercase, so that may be the issue too.

The POST variables your script is using don't match the form's field names.

For example, your script is looking for $_POST['Email'], whereas the field it actually needs is named email (yes, capitalization matters).

It gets worse - $_POST['Name'], as far as I can tell, should actually be $_POST['username'], and $_POST['message'] should be $_POST['about'].

You should also change all of your input id's to names (POST uses name, not id).

for example:


<!-- in your html form -->
<input type="text" id="username" name="username" value="" size="40" />
<input type="text" id="email" name="email" value="" size="40" />
<textarea id="about" name="about"></textarea>


// in your php script
$Name = trim(stripslashes($_POST['username']));
$Email = trim(stripslashes($_POST['email']));
$Message = trim(stripslashes($_POST['about']));




fastsol by 2-1/2 minutes! :p :D

Thank you... I will try this. But I got a question... in the HTML do I still need the

id="username" -as well as- name="username"?

You said Post doesn't use id so do I need to keep this in there? And if yes, why? (I'm new to php so I'm trying to figure out the logic)

Thank you again for your help.

For this particular purpose, no, you don't need to keep the id.

I don't know if there's anything else on your page that might be using it (css, jQuery, etc.), so I won't automatically tell you to throw it out. and leaving it as-is shouldn't cause any problems, either.