Contact Us Script

Contact Us PHP Script

It Just Works!

A contact script allows people to contact you without your putting your email address on your site, protecting you from web bots that find your address on the web and send you spam.

Other Features:

Checks inputs to make sure the user fills in the values!
Works with PHP safe mode on, to protect your site!
Scans user inputs for security, eliminating harmful characters!
Gives the IP address and browser information of whoever writes!
New: Security image protects against automated bots that try to post SPAM to your page.
It's free, easy to use, and it works!

Easy Add Instructions

  1. Copy and paste the two sections of code below into a file called contact.php.

    You may also add your site's HTML code that you usually put on every page so that this page will look like the rest of the pages on your site (or you can just paste it in a php file by itself).

    (note: if your html has an "<?xml" line in it, it will need to be removed)

  2. Change the four variables at the top of the script (in blue below).

  3. Upload the file to your server.

New! Security Image Feature

Use this feature only if you have noticed a problem with spam being sent to you through the script. To prevent this, you may use a security image such as

that users must type before their message is sent.

To use this feature, you will need the whole securityimage directory in the zip file below. Upload it to the same directory where your contact page is. Then change the $use_security_image=false; line in contact.php to $use_security_image=true;

You may contact me with any questions you have about this script.

You may download the script and related files in a gz format or a zip format

Copy to the first line in the php file:

<?php session_start(); /* MAKE SURE THIS IS THE FIRST LINE IN THE FILE */ ?>

Copy this code to the php file next (it can go in the in <BODY> section of any HTML you have):

<!-- contact us script from (c) 2005-2006 Douglass Davis -->

// Version 1.5
// Fill in the following.

// where you want the emails to go to
// separate multiple emails with a comma.

// this will be the first part of the subject line of mail
// sent from this script (identifies mail from this page)

// emails sent from this page may appear to come from this
// email address. change YOURDOMAIN.COM is to be the same
// as your website's domain name

// emails sent from here may come from this name.
// Change this to be the name of your website.
$contact_from_name="YOUR WEBSITE NAME";

// The Following changes are optional

// If your host blocks messages with To: fields coming
// from other domains, then you may change this to true.
// If the script works fine as it is, just leave it as false.
// If this variable is false, messages will appear to come
// directly from the email address of the person who
// filled out the form, rather than appearing to come from
// the $contact_from_email above.

// The color the errors will come out as when they
// are displayed on the screen, use either a name or code
// such as #0000FF

// Use a security image only if you have a problem with automated
// bots submitting SPAM to this form. You will need the
// securityimage directory, which is located in the zip
// file on
// change to true to use security image
// false to not use security image.
// The downside to using a security image is that visually impaired
// people will not be able to use the form.


// Do not change anything below.

function previous_request_value($str)
if (isset($_REQUEST[$str]) )
return $_REQUEST[$str];
return '';

function cndstrips($str)
if (get_magic_quotes_gpc())
return stripslashes($str);
return $str;

$security_code=str_replace(' ','',cndstrips(trim(previous_request_value('security_code'))));


function validate_email($email) {
return preg_match('/^[A-Za-z0-9_\-\.]+@[A-Za-z0-9_\-\.]+\.[A-Za-z0-9_\-\.]+$/', $email) == 0;


if (validate_email($visitor_email) ) {
$errors.="Please enter a valid email address in the form of user@place.ext<br/><br/>";

if ($use_security_image && (strtolower($security_code) != strtolower($_SESSION['contact_form_security_code']) || $_SESSION['contact_form_security_code']=='') ) {
$errors.="The verification code for the image presented was incorrect. Please enter a correct verification code.<br/><br/>";

if ($message_body == '')
$errors.="Please enter a message<br/><br/>";

if ($message_subject == '')
$errors.="Please enter a message subject<br/><br/>";

if ($visitor_name == '')
$errors.="Please enter your name<br/><br/>";

if ( !$errors ) {
$httpagent = $_SERVER["HTTP_USER_AGENT"];
$time = date("D, F j, Y H:i O");

if ($visitor_name)
$visitor_name_and_email="$visitor_name <$visitor_email>";

if ($contact_from_name)
$contact_from_email="$contact_from_name <$contact_from_email>";

$message = "


Browser Info: $ip $httpagent

if ($send_from_internal_address) {
$message= "
From: $visitor_name_and_email
Date: $time
Subject: $message_subject

if ($send_from_internal_address) {
mail($contact_to_email, $contact_subject." $message_subject", $message, "From: $contact_from_email\r\nReply-To: $visitor_name_and_email");
else {
mail($contact_to_email, $contact_subject." $message_subject", $message, "From: $visitor_name_and_email");

echo "Your message";
echo "<div style='border: 1px solid black; margin: 10px 10px 10px 10px; padding: 10px 10px 10px 10px;'>From: ".htmlentities($visitor_name_and_email)."<br />Re: ".htmlentities($message_subject)."<br />".htmlentities($message_body)."</div>";
echo "Has been sent. Thank you for contacting us.";

if (!$message_sent) {
$this_file = substr(strrchr($_SERVER['PHP_SELF'], "/"), 1);


<form name="ContactForm" id="ContactForm" method="post" action="<?php echo $this_file ?>">
<br /><strong>We are happy to hear from you. Please enter the requested information <?php if (!$message_body) echo "and message" ?> below, then click the Send button. </strong>
<br />
<br />
if ($errors) {
echo "<br />";
echo "<span style='color:$error_color'><br />$errors</span>";

<label for="visitor_name">Your name</label><br />
<input name="visitor_name" type="text" id="visitor_name" value="<?php echo htmlentities($visitor_name) ?>" size="25" />
<br /><br />

<label for="visitor_name">Your Email Address</label><br />
<input name="visitor_email" type="text" id="visitor_email" value="<?php echo htmlentities($visitor_email) ?>" size="25"/>
<br /><br />

<label for="message_subject">Subject</label><br />
<input name="message_subject" type="text" id="message_subject" value="<?php echo htmlentities($message_subject) ?>" size="25"/>
<br /><br />

if ($use_security_image) {
<div id="security"><img src="securityimage/security-image.php?width=200" width="200" height="40" alt="Verification Image" /></div>

Verification Image (please enter the text in the image above) <br />
<input name="security_code" type="text" id="security_code" size="25"/>
<br /><br />


<label for="message_body">Message</label><br />
<textarea name="message_body" cols="30" rows="6" id="message_body" ><?php echo htmlentities($message_body) ?></textarea>
<br /><br />

<input type="submit" name="Submit" value="Send" />


<br /> <br />
Contact Form From: <a href=""></a>


no warranty is expressed or implied

 Google (TM) Search
This Site

© 2005 Douglass Davis, All Rights Reserved