Jump to content
Demonolith

PHP contact form sends without user content

Recommended Posts

Hi all,

I have a PHP contact form that doesn't seem to want to work, it did before and no longer does for a reason I'm unaware of.

An email is sent to my inbox with the contents I set in the code, the problem is that the content provided by the user (name, comments etc.) remain empty - I've tested it myself and information I enter is not shown in the email.

This used to work for me without this happening, but somewhere along the line it stopped - I don't think I made any major changes to the coding.

Can anyone please help?

<div class="form">

<form id="myform" class="cssform contact_form" action="http://www.greencastleparish.com/wordpress/wp-content/themes/ourladyofwayside/contact-us.php" method="post">
<ul class="field">
  <li><label id="Name">Name*</label>
    <input class="cssform-field" name="Name" type="text" data-bvalidator="required,alphanum" />       
    <input class="cssform-field-m" name="Full Name" type="text" data-bvalidator="required,alphanum" value="Full Name*" onblur="if(this.value=='')this.value='Full Name*';" onfocus="if(this.value=='Full Name*')this.value='';">
  </li>
</ul>
<ul class="field">
  <li><label id="Email">Email*</label>
    <input class="cssform-field" name="Email" type="text" data-bvalidator="required,email" />
    <span class="form_hint"><strong>Example</strong> name@something.com</span>
    <input class="cssform-field-m" name="Email Address" type="text" data-bvalidator="required,email" value="Email Address*" onblur="if(this.value=='')this.value='Email Address*';" onfocus="if(this.value=='Email Address*')this.value='';">
  </li>
</ul>
<ul class="field">
  <li><label id="Telephone">Telephone<span style="color: #fff;">*</span></label>
    <input class="cssform-field" name="Telephone" type="text" />
    <input class="cssform-field-m" name="Telephone Number" type="text" value="Telephone Number" onblur="if(this.value=='')this.value='Telephone Number';" onfocus="if(this.value=='Telephone Number')this.value='';">
  </li>
</ul>
<ul class="field" style="text-align: left;">
  <li><label id="Comments">Comment(s)*</label>
    <textarea class="cssform-field" style="width: 304px;" name="Comments" rows="5" data-bvalidator="required,alphanum"></textarea>
    <textarea class="cssform-field-m" name="Comments" rows="5" data-bvalidator="required,alphanum" value="Comments" onfocus="if(this.value==this.defaultValue)this.value='';" onblur="if(this.value=='')this.value=this.defaultValue;"> Comment(s)*</textarea>
  </li>
</ul>
<ul class="field">
	<li class="gdpr-checkbox"><input type="checkbox" id="gdpr-checkbox" name="gdpr" value="GDPR" data-bvalidator="required">I consent to having this website store my submitted information so they can respond to my enquiry.*</li>
</ul>

  <div class="g-recaptcha" data-sitekey="-----"></div>
<ul class="submitwrapper">
  <li>
<div class="inforequired"><em>*Information is required</em></div>
<div class="submitbutton"><input alt="Submit" src="http://greencastleparish.com/wordpress/wp-content/uploads/2017/11/olw-submit.svg" style="width: 88px;" type="image" value="Submit" /></div></li>
</ul>

</form>

</div><!-- form -->
<?php

/** Contact Us Form **/
$formurl = "http://greencastleparish.com/wordpress/our-lady-of-wayside/contact-us" ;
$thankyouurl = "http://greencastleparish.com/wordpress/our-lady-of-wayside/contact-us/thank-you" ;

$uself = 0;

$headersep = (!isset( $uself ) || ($uself == 0)) ? "\r\n" : "\n" ;
$name = $_POST['Name'] ;
$email = $_POST['Email'] ;
$telephone = $_POST['Telephone'] ;
$comments = $_POST['Comments'] ;
$captcha = $_POST['g-recaptcha-response'];
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=-----&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
        if($response.success==false)
        {
          echo '<h2>You are spammer ! </h2>';
        }else
        {
          echo '<h2>Thanks for posting comment.</h2>';
        }

$http_referrer = getenv( "HTTP_REFERER" );

$subject = "[Greencastle Parish Website] New message from $name";

$comments =

	"This message was sent from:\n" .
	"$http_referrer\n" .
	"------------------------------------------------------------\n\n" .
	"Name: $name\n" .
	"Email: $email\n" .
	"Telephone: $telephone\n" .
	"------------------------ COMMENT(S) ----------------------\n\n" .
	$comments .
	"\n\n------------------------------------------------------------\n" ;

mail("nialldevlin@hotmail.com", $subject, $comments, "FROM: info@greencastleparish.com" . $headersep . "Reply-To: \"$name\" <$email>" . $headersep . "X-Mailer: chfeedback.php 2.07" );
header( "Location: $thankyouurl" );
exit ;

?>

 

Edited by Demonolith

Share this post


Link to post
Share on other sites

Hi, I'm going to hazard a few guesses, I've never seen a form made that way.

First, you have 2 different input boxes for example, one for mobile (name="Full Name") and one for desktop (name="Name"), but in your code you're only looking for $_POST['Name'], I guess if you post the mobile value it will be blank as there's no php for the mobile version. You should really only use 1 input, then just style it with media queries.

Second, you're posting to /wordpress/wp-content/themes/ourladyofwayside/contact-us.php but the page is on /wordpress/our-lady-of-wayside/contact-us/, not sure if it'll make a difference but it's possible.

Last point, you're setting the value="" for both input and textarea, I think you're wanting placeholder="Telephone Number" and also the value of a textarea if from inside the area, no value required. The problem here is giving it a set value means they will need to delete the value to add their own, second if they post and it's an error then their data will be wiped and the default value added again, making the form a right ball-ache. If you're posting to the page with the form on it would be better to do something like...

<input name="Email" type="email" placeholder="Your Telephone Number" value="<?php if($telephone!="") { echo $telephone; } ?>" />

Cheers.

Edited by BrowserBugs

Share this post


Link to post
Share on other sites

You have:

$comments =

	"This message was sent from:\n" .
	"$http_referrer\n" .
	"------------------------------------------------------------\n\n" .
	"Name: $name\n" .
	"Email: $email\n" .
	"Telephone: $telephone\n" .
	"------------------------ COMMENT(S) ----------------------\n\n" .
	$comments .
	"\n\n------------------------------------------------------------\n" ;

where the $name\n is part of the string

Try changing this to:

$comments =

	"This message was sent from:\n" .
	$http_referrer\n .
	"------------------------------------------------------------\n\n" .
	"Name:" . $name\n .
	"Email::" . $email\n .
	"Telephone:" . $telephone\n .
	"------------------------ COMMENT(S) ----------------------\n\n" .
	$comments .
	"\n\n------------------------------------------------------------\n" ;

 

Share this post


Link to post
Share on other sites

After looking into it more, it seems that the 'WP Super Cache' plugin is prevent the content coming through - I haven't yet found out why that is though.

I've removed the inputs for what I intended to be mobile phone screens, I originally did this because I wanted the label to appear inside the box rather than outside as it is on desktop screens (it looks tidier on small screens that way to me). Is there an easy way to do this?

I'm pretty much learning as I go along, this site is voluntary and I use it to learn skills and coding while striving to make it as good as I can - I realise that the code is a little messy and as a result not as functional and streamlined as it could be.

 

Share this post


Link to post
Share on other sites

I noticed that I've been getting a few emails with the bare content (text I inserted into the email) but not with the user content in it, basically I get this:

Quote

This message was sent from:

------------------------------------------------------------

Name:
Email:
------------------------ COMMENT(S) ----------------------



------------------------------------------------------------

Why might this be happening? I can't send an empty email myself as validation prevents me from doing so.

Edit: The form sends fine if the required information is entered

Edited by Demonolith

Share this post


Link to post
Share on other sites
14 hours ago, Demonolith said:

Why might this be happening? I can't send an empty email myself as validation prevents me from doing so.

Edit: The form sends fine if the required information is entered

Your validation is javascript, great for pre-submission, not ideal for actual validation as it can be switched off. I'd recommend using php for real validation before sending. Basics would be something like;

<?php
if($_SERVER['REQUEST_METHOD']=="POST") { // Check it was posted else simply going to the processor would send the email
	$ok_to_send = true; // Default we want to send
	$name = trim($_POST['Name']); // Trim removes whitespace at the ends of a string
	if($name=="" && $ok_to_send) {
		$ok_to_send = false;
		$err_msg = "Error! Please provide your name.";
	}
	$email = trim($_POST['Email']); // Trim removes whitespace at the ends of a string
	if($email=="" && $ok_to_send) {
		$ok_to_send = false;
		$err_msg = "Error! Please provide your email address.";
	} elseif($ok_to_send && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
		$err_msg = "Error! Your email address appears to be invalid."; $ok_to_send = false; }
	}
	if($err_msg!="") { echo $err_msg; }
	if($ok_to_send) {
		// Here is where you form and send the mail.
	}
}
?>

  

Edited by BrowserBugs

Share this post


Link to post
Share on other sites
21 hours ago, Demonolith said:

Sorry, but how do I implement that into the code I've already written?

Can I just check that /wordpress/our-lady-of-wayside/contact-us/ is the same page as /wordpress/wp-content /themes/ourladyofwayside/contact-us.php? E.g. you could post to either or is it separate?

Edited by BrowserBugs

Share this post


Link to post
Share on other sites
1 minute ago, BrowserBugs said:

Can I just check that /wordpress/our-lady-of-wayside/contact-us/ is the same page as /wordpress/wp-content /themes/ourladyofwayside/contact-us.php? E.g. you could post to either or is it separate?

I have all the PHP code on it's on page (/wordpress/our-lady-of-wayside/contact-us.php) while the Wordpress page containing the form is /wordpress/our-lady-of-wayside/contact-us/.

Share this post


Link to post
Share on other sites

I would personally process on /wordpress/our-lady-of-wayside/contact-us/ rather than a second page. This is so you can return an error with the form rather than letting it process, having a problem and sending them back to all fields empty and starting all over again.

The form...

<div class="form">
<form id="myform" class="cssform contact_form" action="/wordpress/our-lady-of-wayside/contact-us/" method="post">
<?php if($err_msg!="") { ?><div><?php echo imp($err_msg); ?></div><?php } ?>
<ul class="field">
  <li><label id="Name">Name</label>
    <input class="cssform-field" name="Name" type="text" data-bvalidator="required" placeholder="Enter your full name here" required="required" value="<?php if($name!="") { echo htmlspecialchars(stripslashes($name)); } ?>">
  </li>
</ul>
<ul class="field">
  <li><label id="Email">Email</label>
    <input class="cssform-field" name="Email" type="email" data-bvalidator="required,email" placeholder="Enter your email address here" required="required" value="<?php if($email!="") { echo htmlspecialchars(stripslashes($email)); } ?>">
    <span class="form_hint"><strong>Example</strong> name@something.com</span>
  </li>
</ul>
<ul class="field" style="text-align: left;">
  <li><label id="Comments">Comment(s)</label>
    <textarea class="cssform-field" name="Comments" rows="5" data-bvalidator="required" placeholder="Enter your comment(s) here" required="required"><?php if($comments!="") { echo htmlspecialchars(stripslashes($comments)); } ?></textarea>
  </li>
</ul>
  <div class="g-recaptcha" data-sitekey="6LdrHSkTAAAAABGTS7K2RsSedXKYWiWf0mAGhcjF"></div>
<ul class="submitwrapper">
  <li>
  <div class="inforequired"><em>*Information is required</em></div>
<div class="submitbutton"><input alt="Submit" src="http://greencastleparish.com/wordpress/wp-content/uploads/2017/11/olw-submit.svg" style="width: 88px;" type="image" value="Submit" /></div></li>
</ul>
</form>
</div>

... and the php above the <html> ...

<?php
function imp($var) { return htmlspecialchars(stripslashes($var)); }
if($_SERVER['REQUEST_METHOD']=="POST") { // Check it was posted else simply going to the processor would send the email
	$ok_to_send = true; // Default we want to send
	$name = trim($_POST['Name']); // Trim removes whitespace at the ends of a string
	if($name=="" && $ok_to_send) {
		$ok_to_send = false;
		$err_msg = "Error! Please provide your name.";
	}
	$email = trim($_POST['Email']); // Trim removes whitespace at the ends of a string
	if($email=="" && $ok_to_send) {
		$ok_to_send = false;
		$err_msg = "Error! Please provide your email address.";
	} elseif($ok_to_send && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
		$err_msg = "Error! Your email address appears to be invalid."; $ok_to_send = false; }
	}
	$comments = trim($_POST['Comments']); // Trim removes whitespace at the ends of a string
	if($comments=="" && $ok_to_send) {
		$ok_to_send = false;
		$err_msg = "Error! Please provide your comment(s).";
	}
	$captcha = $_POST['g-recaptcha-response'];
	$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=-----&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
	if($response.success==false) {
		$err_msg = "You are spammer!";
	}
	if($ok_to_send) {
		// Here is where you form and send the mail.
		$referrer = "Unknown";
		if($_SERVER['HTTP_REFERER']!="") { $referrer = $_SERVER['HTTP_REFERER']; }
		$sTo = "nialldevlin@hotmail.com";
		$replyTo = "Reply-To: " . $name . " <" . $email . ">".PHP_EOL;
		$subject = "New message from " . $name;
		$email_message = "This message was sent from: " . $referrer . PHP_EOL;
		$email_message .= "------------------------------------------------------------" . PHP_EOL;
		$email_message .= "Name: " . $name . PHP_EOL;
		$email_message .= "Email: " . $name . PHP_EOL;
		$email_message .= "------------------------ COMMENT(S) ----------------------" . PHP_EOL;
		$email_message .= nl2br($comments) . PHP_EOL;
		$email_message .= "------------------------------------------------------------" . PHP_EOL;
		ini_set("sendmail_from", " info@greencastleparish.com ");
		if(mail($sTo, $subject, $email_message, "From: Greencastle Parish Website <info@greencastleparish.com>\n" . "MIME-Version: 1.0\nContent-type:text/html;charset=UTF-8\n-f" . $replyTo)) {
			header("Location: http://greencastleparish.com/wordpress/our-lady-of-wayside/contact-us/thank-you");
			exit();
		} else {
			$err_msg = "Whoops! Sorry but the email didn't send.";
		}
	}
}
?>

Note: Untested but should work, also I notice in your original you were overwriting the $comments variable when constructing the message ;)

Edited by BrowserBugs

Share this post


Link to post
Share on other sites
9 hours ago, BrowserBugs said:

I would personally process on /wordpress/our-lady-of-wayside/contact-us/ rather than a second page. This is so you can return an error with the form rather than letting it process, having a problem and sending them back to all fields empty and starting all over again.

 

Would this mean putting the PHP in header.php? I don't know how to add it to a single page using wordpress.

Share this post


Link to post
Share on other sites
2 minutes ago, Demonolith said:

Would this mean putting the PHP in header.php? I don't know how to add it to a single page using wordpress.

Ah, you'll need a WordPress person. I doubt in the header.php else it could be fired on any page. Maybe @teodora would know.

Share this post


Link to post
Share on other sites

You need to create a new php file and point the form to this page. The new php file should go in the theme folder.

I do wonder what you are making things so complicated for yourself. Why not just use one of the many Wordpress contact form plugins?

Share this post


Link to post
Share on other sites
12 hours ago, fisicx said:

You need to create a new php file and point the form to this page. The new php file should go in the theme folder.

This is how I currently have it functioning.

12 hours ago, fisicx said:

I do wonder what you are making things so complicated for yourself. Why not just use one of the many Wordpress contact form plugins?

I wanted to see it as a challenge to learn from.

I also don't know how much freedom for customisation there is if I use a plugin.

In saying that, I'm looking at the WPForms Lite plugin as Plan B!

Share this post


Link to post
Share on other sites

A bit of self promotion here. I built a contact form plugin that has more customisation than a customising thing.

https://wordpress.org/plugins/quick-contact-form/

give it a go and even if you don’t use it you will see how to build a contact form in Wordpress. 

Share this post


Link to post
Share on other sites
On 7/2/2018 at 7:33 PM, Demonolith said:

Would this mean putting the PHP in header.php? I don't know how to add it to a single page using wordpress.

Technically, for the sake of learning, you can use a conditional statement in header.php

if(is_page(92) { //replace with your page id or slug  - https://developer.wordpress.org/reference/functions/is_page/

    /* Your php code goes here */

}

Ideally, your form processing files should not be in header.php. If you're up for a challenge, have a look at some tutorials on ajax form submission with jquery and php - https://www.google.co.uk/search?q=ajax+form+submission+using+jquery+and+php&amp;rlz=1C1CHBF_en-GBGB799GB799&amp;oq=ajax+form+submiss&amp;aqs=chrome.2.0j69i57j0l4.12448j1j4&amp;sourceid=chrome&amp;ie=UTF-8

A plugin is always an option so perhaps try fisicx's one or Contact form 7 (not too difficult to customise as far as I remember).

Share this post


Link to post
Share on other sites

Sorry I haven't replied in a while but I was taking advantage of this rare bout of good weather we're having in the North of Ireland!

I've given fisicx's Quick Contact Form (thanks!) and WPForms Lite a go and I can't seem to customise them fully to match my original contact form (ie pop-up validation such as 'This field is required' and to be taken to a separate thank you page). Neither seems to email to the Hotmail address whereas my own does.

I replaced my original PHP with what BrowserBugs provided and it seems to work (though with Javascript turned off it just takes you to a blank page without submitting the actual form so I'm not sure...). When I add the extra lines of code to the HTML it gives me what appears in the attached image.

Am I getting closer with my own form? 

  <div class="form">
<form id="myform" class="cssform contact_form" action="http://www.greencastleparish.com/wordpress/wp-content/themes/ourladyofwayside/contact-us.php" method="post">
  <?php if($err_msg!="") { ?><div><?php echo imp($err_msg); ?></div><?php } ?>
<ul class="field">
  <li><label id="Name">Name</label>
    <input class="cssform-field" name="Name" type="text" data-bvalidator="required" placeholder="Enter your full name here" value="<?php if($name!="") { echo htmlspecialchars(stripslashes($name)); } ?>">
  </li>
</ul>
<ul class="field">
  <li><label id="Email">Email</label>
    <input class="cssform-field" name="Email" type="text" data-bvalidator="required,email" placeholder="Enter your email address here" required="required" value="<?php if($email!="") { echo htmlspecialchars(stripslashes($email)); } ?>">
    <span class="form_hint"><strong>Example</strong> name@something.com</span>
  </li>
</ul>
<ul class="field" style="text-align: left;">
  <li><label id="Comments">Comment(s)</label>
    <textarea class="cssform-field" name="Comments" rows="5" data-bvalidator="required" placeholder="Enter your comment(s) here" required="required"><?php if($comments!="") { echo htmlspecialchars(stripslashes($comments)); } ?></textarea>
  </li>
</ul>
  <div class="g-recaptcha" data-sitekey="6LdrHSkTAAAAABGTS7K2RsSedXKYWiWf0mAGhcjF"></div>
<ul class="submitwrapper">
  <li>
  <div class="inforequired"><em>*Information is required</em></div>
<div class="submitbutton"><input alt="Submit" src="http://greencastleparish.com/wordpress/wp-content/uploads/2017/11/olw-submit.svg" style="width: 88px;" type="image" value="Submit" /></div></li>
</ul>
</form>
  </div><!-- form -->
<?php

function imp($var) { return htmlspecialchars(stripslashes($var)); }
if($_SERVER['REQUEST_METHOD']=="POST") // Check it was posted else simply going to the processor would send the email
	$ok_to_send = true; // Default we want to send
	$name = trim($_POST['Name']); // Trim removes whitespace at the ends of a string
	if($name=="" && $ok_to_send) {
		$ok_to_send = false;
		$err_msg = "Error! Please provide your name.";
	}
$email = trim($_POST['Email']); // Trim removes whitespace at the ends of a string
	if($email=="" && $ok_to_send) {
		$ok_to_send = false;
		$err_msg = "Error! Please provide your email address.";
	} elseif($ok_to_send && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
		$err_msg = "Error! Your email address appears to be invalid."; $ok_to_send = false; }
	$comments = trim($_POST['Comments']); // Trim removes whitespace at the ends of a string
	if($comments=="" && $ok_to_send) {
		$ok_to_send = false;
		$err_msg = "Error! Please provide your comment(s).";
	}
	$captcha = $_POST['g-recaptcha-response'];
	$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=-----&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
	if($response.success==false) {
		$err_msg = "You are spammer!";
	}
	if($ok_to_send) {
		// Here is where you form and send the mail.
		$referrer = "Unknown";
		if($_SERVER['HTTP_REFERER']!="") { $referrer = $_SERVER['HTTP_REFERER']; }
		$sTo = "nialldevlin@hotmail.com";
		$replyTo = "Reply-To: " . $name . " <" . $email . ">".PHP_EOL;
		$subject = "New message from " . $name;
		$email_message = "This message was sent from: $referrer <br><br>" . PHP_EOL;
		$email_message .= "---------------------------------------------------------------- <br><br>" . PHP_EOL;
		$email_message .= "Name: $name<br>" . PHP_EOL;
		$email_message .= "Email: $email<br><br>" . PHP_EOL;
		$email_message .= "---------------------- COMMENT(S) ----------------------<br>" . PHP_EOL;
		$email_message .= nl2br("$comments<br>") . PHP_EOL;
		$email_message .= "----------------------------------------------------------------<br>" . PHP_EOL;
		ini_set("sendmail_from", " info@greencastleparish.com ");
		if(mail($sTo, $subject, $email_message, "From: Greencastle Parish Website <info@greencastleparish.com>\n" . "MIME-Version: 1.0\nContent-type:text/html;charset=UTF-8\n-f" . $replyTo)) {
			header("Location: http://greencastleparish.com/wordpress/our-lady-of-wayside/contact-us/thank-you");
			exit();
		} else {
			$err_msg = "Whoops! Sorry but the email didn't send.";
		}
}
?>

 

Untitled-1.jpg

Share this post


Link to post
Share on other sites
1 hour ago, BrowserBugs said:

This looks like the page is treating the code as a string rather than php. To be honest no idea why, maybe a WordPress quirk?

If the PHP is in a template it will parse, if this is being added through an editor it will render the HTML but won't parse any PHP, to do that you have to use something called a Shortcode.

I'm guessing this is being added in the wrong place, but to be honest the OP would be better off using a plugin like Ninja Forms or Contact Form 7.

Share this post


Link to post
Share on other sites
6 minutes ago, Jack said:

If the PHP is in a template it will parse, if this is being added through an editor it will render the HTML but won't parse any PHP, to do that you have to use something called a Shortcode.

I'm guessing this is being added in the wrong place, but to be honest the OP would be better off using a plugin like Ninja Forms or Contact Form 7.

Ah! Glad I don't use WordPress ;)

Share this post


Link to post
Share on other sites
3 minutes ago, BrowserBugs said:

Ah! Glad I don't use WordPress ;)

It's not too bad for some stuff, but it can encourage bad practices, like shoving the form code above into a template, because it will run. Wordpress does nothing to prevent users from running whatever PHP code they want inside a file basically. A lot of modern CMS's won't allow you to do this without writing a plugin that follows a specific set of documented functions, mainly to prevent security issues, difficult upgrade paths, and keeping a consistent architecture. For example https://docs.craftcms.com/v3/coding-guidelines.html.

Share this post


Link to post
Share on other sites
1 hour ago, Jack said:

It's not too bad for some stuff, but it can encourage bad practices, like shoving the form code above into a template, because it will run. Wordpress does nothing to prevent users from running whatever PHP code they want inside a file basically. A lot of modern CMS's won't allow you to do this without writing a plugin that follows a specific set of documented functions, mainly to prevent security issues, difficult upgrade paths, and keeping a consistent architecture. For example https://docs.craftcms.com/v3/coding-guidelines.html.

Is my approach unsecure? If I'm putting myself or visitors at risk then I will try a plugin.

Share this post


Link to post
Share on other sites

It could be insecure. Wordpress has a neat tool called wp_nonce you should incorporate and the code really shouldn’t be part of the template. At the very least it should be in functions.php.

from what I can tell the only reason you aren’t using a plugin is because it doesn’t have tooltip validation. That seems a very minor reason especially as it doesn’t work on my phone.

Share this post


Link to post
Share on other sites
8 minutes ago, Demonolith said:

Is my approach unsecure? If I'm putting myself or visitors at risk then I will try a plugin.

Not necessarily on your site, I was referring to being able to put any PHP code inside a template and have it execute, what you tend to see from time to time is someone that has copied random code from somewhere on the internet and pasted it onto their site. There are examples of insecure PHP everywhere, and to get around that, some CMS vendors will make sure all plugin hooks go through their API. This means that any security issues can be patched and rolled out to every plugin that's using a particular piece of venerable code. Wordpress does this through their set of plugin hooks, but you have to explicitly use them, and it won't prevent issues from bad code inside a template.

Share this post


Link to post
Share on other sites

For contact form implementation instead of going with PHP you can get it done by installing a plugin in wordpress because there are lots of cost effective plugins available in the market. An expert wordpress developer can help you in this.

Share this post


Link to post
Share on other sites
1 hour ago, Dezvolta said:

For contact form implementation instead of going with PHP you can get it done by installing a plugin in wordpress because there are lots of cost effective plugins available in the market. An expert wordpress developer can help you in this.

WordPress is built on PHP

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing

    No registered users viewing this page.

  • Member Statistics

    • Total Members
      58,416
    • Most Online
      4,970

    Newest Member
    angelsphone09
    Joined
  • Forum Statistics

    • Total Topics
      65,740
    • Total Posts
      452,901
×