PHP was designed for making interactive web pages and mixing functionality with HTML. Form handling in PHP is quite a simple process. Here is a step-by-step guide for creating a simple feedback form. A visitor to your website fills this out and the information is emailed to you.

Create the web form

First we need to create a simple HTML form, to start with we'll keep the form simple by just asking for the users email address and comments. Here is our HTML form:

<html>
<head>
<title>Simple Feedback Form</title>
<style>label{display:block;}</style>
</head>
<body>

<form action="/feedback_form.php" method="post">

<label>Email Address</label>
<input type="text" name="email_address" size="40">

<label>Your Feedback</label>
<textarea name="feedback" cols="50" rows="10"></textarea>

<input type="submit" name="send" value="Submit">

</form>

</body>
</html>

This form will send two parameters to our PHP script, email_address and feedback. Save this file as feedback_form.html and upload it to the web folder on your hosting.

Create the form script

First we receive the data from our form and store it in two PHP variables, $email_address and $feedback.

<?php
$email_address = $_POST['email_address'];
$feedback = $_POST['feedback'];

Filtering user submitted data

Whenever you write a PHP script that receives data from an unknown source you should always filter the data to make sure it doesn't contain anything harmful. For example, if we don't filter the data in our form it would be quite easy for a Hacker to use our PHP script to send out spam to thousands of people. The golden rule is never trust any data you haven't created or don't control.

To filter our user data we're going to create a functions:

function filter_email_header($form_field) {
  return preg_replace('/[\0\n\r\|\!\/\<\>\^\$\%\*\&]+/','',$form_field);
}

The filter function removes special characters which could be used to trick our script into sending spam and is applied to the $email_address data. We'll place the two functions at the bottom of our script.

Now we'll call the filter function to clean up our user submitted email address:

$email_address  = filter_email_header($email_address);

Emailing the feedback

Once we have the filtered data we need to email it back to you. Our web hosting servers run a local mail server that a PHP script can use to send email. This can be done using the PHP in-built mail function:

$headers = "From: $email_address\n";
$sent = mail('you@domain.com', 'Feedback Form Submission', $feedback, $headers);

Make sure you set your email address on line 2.

Thank the user for their feedback

Finally, when a user submits your form lets show a page thanking them for their feedback:

if ($sent) {

?><html>
<head>
<title>Thank You</title>
</head>
<body>
<h1>Thank You</h1>
<p>Thank you for your feedback.</p>
</body>
</html>
<?php

} else {

?><html>
<head>
<title>Somthing went wrong</title>
</head>
<body>
<h1>Somthing went wrong</h1>
<p>We could not send your feedback. Please try again.</p>
</body>
</html>
<?php
}
?>

The final script

This example script shows a very basic way to get form contents emailed to you, it doesn't however have the refinements of a professional script, e.g. input validation. Below is the finished script. We've added some comments (lines beginning with #) to help make it clearer.

<?php

#Receive user input
$email_address = $_POST['email_address'];
$feedback = $_POST['feedback'];

#Filter user input
function filter_email_header($form_field) {
  return preg_replace('/[\0\n\r\|\!\/\<\>\^\$\%\*\&]+/','',$form_field);
}

$email_address  = filter_email_header($email_address);

#Send email
$headers = "From: $email_address\n";
$sent = mail('you@domain.com', 'Feedback Form Submission', $feedback, $headers);

#Thank user or notify them of a problem
if ($sent) {

?><html>
<head>
<title>Thank You</title>
</head>
<body>
<h1>Thank You</h1>
<p>Thank you for your feedback.</p>
</body>
</html>
<?php

} else {

?><html>
<head>
<title>Somthing went wrong</title>
</head>
<body>
<h1>Somthing went wrong</h1>
<p>We could not send your feedback. Please try again.</p>
</body>
</html>
<?php
}
?>

Save this script as feedback_form.php and upload it to the root of your web hosting on your web hosting.

Now you're ready to test your feedback form. Load your feedback form in your browser, http://www.domain.com/feedback_form.html, fill the form in and submit it. If everything works you should receive an email containing what you just entered in the form. If not, try checking out our Troubleshooting common PHP issues guide.

Need a hand? Search over a hundred step-by-step support guides