Krellen Webmaster Blog

Helping webmasters do awesome things on the web.

At Krellen, we're all about web hosting and giving website owners, webmasters and web developers the tools and resources to secure and grow their websites.

How To Make A Contact Form For Your Website

Contact forms are one of the most important, yet overlooked tools on a website. They are the easiest and most direct way for visitors to contact a website owner. They may not be sexy, but they play an incredibly important role on the internet, generating millions of business leads and easily getting potential customers in direct touch with business owners.

Although contact forms are everywhere, that doesn't mean they are always simple to create for small business owners. Some technical knowledge is required not only to implement the form, but more importantly, to do it correctly. Many contact forms have potential security and usability flaws that can cause serious problems.

Potential issues with contact forms

Depending on how they are created and implemented, contact forms have several potential issues. Whether coded by your next door neighbor, a professional web developer or installed via your favorite CMS (such as WordPress), here are some common issues that website forms have:

  • SPAM (unsolicited, automated form submissions)
  • Exploitable code (usually looking for a way to send out mass emails or hack the server)
  • Unencrypted (most forms to not implement any kind of encryption)
  • Email delivery issues (email doesn't always make it to the website owner)

Fighting SPAM

The most common and reliable way to combat SPAM from your contact form is by implementing a CAPTCHA. This requires the form submitter to show they are a real human trying to legitimately use the form. The problem with CAPTCHAs is that they can be incredibly annoying to the user, so it's very important to choose one that is very easy to use. There are tons of them out there, but these are probably the best:

Proper coding techniques to avoid exploits

It is very important for contact forms to be properly coded, as they are one of the most common entry points for hackers and spammers. Even small mistakes can be very disastrous for the website and server owners. Proper input sanitation, validation and email sending techniques are critical to avoid these issues.

Encryption

Encryption gives both the user and website owner privacy. There are a few options for encryption. Most website owners choose to implement SSL/HTTPS across their entire site. For added protection, you could set up a PGP encrypted contact form to ensure they are fully encrypted every step of the way and that only the authorized website owner can read the contact form messages.

Email is unreliable

One of the most common issues facing contact form owners is when someone fills out the form and they don't get notified or the email notification goes to their SPAM folder. This happens very frequently and is something most form owners deal with at some point. It's important that when a contact form submission occurs, to not only email the message, but also store it somewhere. This should be stored in a place where the website owner can easily access it.

Okay, so how should I make a contact form?

The absolute easiest way to implement a contact form is by using a tool we created to solve some of the issues outlined above. fnContact.com will help you implement contact forms quickly, easily and securely. They are totally anonymous, embeddable and offer PGP encryption.

A common way that web designers use fnContact.com is by creating and hosting their own HTML forms on a website, but POSTing them to fnContact. This way you don't have to create any form processing code/scripts and you can take advantage of fnContact's web interface for reviewing contact form submissions, auto-responders, etc.

Create a Free Contact Form Now »

How do I properly code my own contact form?

If you really want to code your own contact form and process it locally on your server, here is some sample HTML and PHP code we recommend to get you started. It will need to be modified slightly to fit your needs.

Example PHP to process the form

This code would need to be placed (or used via an include()) at the top of your HTML, before your form. It will process any POSTed forms and email the messages to you along with the user's IP address.

<?php
$from = 'webmaster@yourwebsite.com';
$subject = 'Website Contact Form Submission';
$to = 'your@emailaddress.com';
$cc = '';
$bcc = '';

$success = null;
$error = null;

$name = !empty($_POST['name']) ? $_POST['name'] : null;
$email = !empty($_POST['email']) ? $_POST['email'] : null;
$message = !empty($_POST['message']) ? $_POST['message'] : null;

if (!empty($_POST)) {

    if (empty($name)) {
        $error = 'Your name is required.';
    }

    elseif (empty($email)) {
        $error = 'Your email address is required.';
    }

    elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $error = 'A valid email address is required.';
    }

    elseif (empty($message)) {
        $error = 'A message is required.';
    }

    if (!$error) {

        $message =
            date('Y-m-d H:i:s') . PHP_EOL .
            $name . PHP_EOL .
            $email . PHP_EOL .
            $_SERVER['REMOTE_ADDR'] . PHP_EOL . PHP_EOL .
            $message . PHP_EOL;

        $headers = 'From: ' . $from . "\r\n" .
            'Cc: ' . $cc . "\r\n" .
            'Bcc: ' . $bcc . "\r\n" .
            'Reply-To: ' . $email . "\r\n" .
            'X-Mailer: PHP/' . phpversion();

        $sent = mail(
            $to,
            $subject,
            $message,
            $headers
        );

        if ($sent) {
            $success = true;
            $name = null;
            $email = null;
            $message = null;
        } else {
            $error = 'Sorry, your mail was not sent. Please contact technical support.';
        }
    }
}
?>

Example HTML form:

<?php if ($success) { ?>
    Your message has been sent!
<?php } ?>

<?php if ($error) { ?>
    <?php echo $error; ?>
<?php } ?>

<form method="post">
    <label>
        Your name:
        <input type="text" name="name" placeholder="Your name" value="<?php echo $name; ?>" />
    </label>
    <label>
        Your email address:
        <input type="text" name="email" placeholder="Your email address" value="<?php echo $email; ?>" />
    </label>
    <label>
        Message
        <textarea name="message" rows="6"><?php echo $message; ?></textarea>
    </label>
    <input type="submit" value="Send Message &raquo;" />
</form>

Need Web Hosting?

Get started today.

Hosting Plans »

Have a question?

We're here 24/7 to help.

  Contact Us