How to Submit an HTML Form to a MySQL Database AND Send an Email Using PHP | John Morris | Skillshare

Playback Speed

  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

How to Submit an HTML Form to a MySQL Database AND Send an Email Using PHP

teacher avatar John Morris, I help freelancers get clients.

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

13 Lessons (45m)
    • 1. Introduction and Overview

    • 2. Create the config.php file

    • 3. Build the HTML Form

    • 4. Processing the Form Data

    • 5. Functions File Overview

    • 6. Validate the SPAM Check

    • 7. Validate the Email Address

    • 8. Validate and Whitelist the $_POST Data

    • 9. Submit the Data to the Database

    • 10. Send the Email

    • 11. Store Entered Data on Form Error

    • 12. Wrap Up and Final Thoughts

    • 13. Next Steps

  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.





About This Class

In this class you'll learn how to build an HTML form that submits data to a MySQL database then sends an admin email notification. Lessons include:

  • Creating the config.php File
  • How to Build an HTML Form
  • How to Process Form Data
  • How Create and Validate a SPAM Check
  • How to Validate Email Addresses
  • How to Whitelist Form Data
  • How to Submit the Data to a Database
  • How to Send Emails In PHP
  • How to Store Entered Data On Form Error

You'll create a real contact form through the course. You'll get full access to the source code.

Meet Your Teacher

Teacher Profile Image

John Morris

I help freelancers get clients.


Click here to start this class

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
  • Yes
  • Somewhat
  • Not really
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.


1. Introduction and Overview: let me just show you first off what this formed. So I'm just gonna kind of enter in some information here. There's some dummy information that we can have this scent. All right, so we'll go ahead and submit this form. All right? So you can see we get a successful form submit, and you see, it says we'll be in touch or whatever. So if I go over to my mail over here Ah, I have this contact form submission, and you can see that I'm getting the message here in my email and so forth. Um and so it's sending the email. That's the first thing. So the second thing then, is if we go back over to our code editor here and I go into my shell here. So what I did here is I showed you, So we have Ah, this is the kind of the structure of the database here. First off, it was very simple. Just a I D. That Auto increments has a primary key name, email message, etcetera. And then, um, what I did. So I'm showing you just all the columns in the structure here. And then I did a select all from that table and you could see at that time I, uh at first I had an empty set and then I did it again a little bit later, after I had set up the my sequel stuffing and see him getting this message here. Um, actually, my session there's close looming. Close that and reopen it. Good to see a little shell typing here. This is fun. So we'll kind of get into my sequel. Will say We want to use our snippets database, which is the one that I use for all my tutorials. And then I wanted to show the columns from our my sequel email table. Okay, so those again, that's seeing all the columns. And now we can do a select all from our my sequel email table. And so now you can see I have several different submissions inside of this database, so it's sending via email. It's also processing it the what was posted and putting it into a database, and you could do those of ST those things. Ah, in the exact same kind of scripts, I'm gonna show you how to do this 2. Create the config.php file: All right. So the first thing let's start off with the conflict file here. So this is stuff that you would need to change for your set up. So if you've getting this code or you're falling along here, these are the things that you need to change the white list. Maybe not so much. But if you're gonna add fields to the form outside of this kind of math, check here for spam. You're gonna add any other field to this form you need to add. The name of that field here is well, toe white list that field. Otherwise the script won't process it, so that's just kind of a security thing. We just white list the fields that we want to allow through. Next, we have our from names of who the emails. When the email goes out, the name that's gonna be from the email address that it will be sent to. Okay, so we wanna have that here. Um, we want to have our subject line for email addresses. So new contact form. Ah, submissions here. And then we have our table that we're using. So this is the name of our table here. We have our database name. So in this case, is the snippets table. Like I showed you the user name, the password and the local host again. You're the host. This most cases will be local. Host is pretty rare. That's not, I think Go, Daddy is one where it's it's a little bit different. You'll just have to check with them if you're on go. Daddy, um, you have to go in there and they give you a special kind of u R l to use It's kind of weird , but, um, they're one of the few that I know of most cases. You can leave this. So most of this stuff, though, you're gonna have to come in and change in the conflict file, so keep that in mind. 3. Build the HTML Form: Now let's go into the index. So we'll show you what we're doing here, actually going to show you the form first. So down here we have our kind of standard H two miles. So we have our HTML, which is giving us our display over here. And then we're doing a little bit of processing at the top. So this form is actually going to submit right back to itself. Okay, so we do do a little bit of PHP processing it, processing at the top. If you wanted to submit to another page, you could take this. Ah, that basically this stuff that's right here. And you could put it in that other page and then just make sure that you set your form action to the Earl of that page. Whatever that pages. All right, But here we're just having it. Submit back to itself. Well, good over this PHP here in just a second, but I just want to cover the each tomorrow. Quick. So again you can see a standard set up. We have our h mommy of our head area of their title tags. We have some style sheets. These air, obviously including the source code. So Ah, these kind of set up the style of it. If you want to change the styling, you could go into these and do that. We're including bootstrap as well here for some of the styling as well. Inside her body tagged. The main thing is then our form, our actual form. So Ah, you can see that we have just a few inputs here. So here we have our name. You know, we ever input here. Ah, that's a type ist text. The name of it is name has a placeholder. And then in the value block, we're doing this validation. A little bit of validation. So this is a PHP function will go over, and this essentially makes it so if I come over to his form and let's say that I just submitted without entering anything, Okay, I'm gonna get an error. And actually, if I enter something real quick se and or something and then I get some sort of air, you notice that value is still there. So I'm not losing what I've already wrote. If I get an air, okay, so that's that's important. So that's what this essentially allows you to do and we'll go over that PHP function so you can see that all these form areas were really pretty much the same. The they're just the name. The email still uses that echo of ality and put and then the text area. This is a text area, so it's a little bit different html But it does the same thing. You can see if we go this way. We have eco valid Ian put message text area. All right, So, uh, in terms of the PHP is all pretty straightforward. So that's the each smell. It's kind of really just a standard form with this one kind of special thing in here that it helps us keep hold of our data. If we have some sort of air, right, then you'll notice above it. I have this kind of block right here and in this what we're doing is we're checking to see if there's any air so up in our PHP code. We're setting errors if we get any back from our processing and I'll go through that. But here we're checking to see if we have any And if we have any, then we're displaying some sort of message. So let's say I do. Let's get rid of this message over here and let's add in the math and let's submit the form , Um, the next I need to do my email address here, So let me just do testing. Let's get rid of these. Let's do our math. So the the math check and the email checker kind of what I would call standalone checks. So what that means is, if if we check the math first, if the math is wrong, we don't do anything else. And so if they if they don't have the math right, we're not gonna show any other heirs or anything, we're just going to show him. Hey, your math is wrong. Then after we check the math, we checked that email to make sure the email address is valid. The email address is not valid again. We just stop right there. We don't do anything. We don't collect up the rest of the errors. We don't do anything else. We just stop right there and say, Hey, your email address is invalid. Okay, so those two are kind of standalone checks. If they're wrong, they're just gonna is just going to stop at that air, The name and the message. If those are empty, then we actually collect up the empty fields and will display them. So at my email address, I have my math, but I haven't entered the name or the message. So if I submit this form, then you'll see it says, Please enter your name. Please enter your message. Okay, so that's what this section here is doing. Um, and all it's doing is this errors right here from PHP isn't array. And so we're just imploding the array, and we're adding some paragraph tags to the front and back of it, Um, and and then displaying that message and styling it up. So what? This looks like an actual code is just You can see it's two paragraph tags. Okay, so that's what this implode statement does here. It breaks apart the array and puts it into a string and adds, essentially these to the front and back. Okay. Now you'll notice that what comes first, actually is the ending paragraph tag. The reason we do that is because we're wrapping that whole implode statement in a paragraph tag. So when it it implodes. The first item in the race for the first time in the rays, Please enter your name. This is already there. It implodes and puts in. Please enter your name and then adds a paragraph tag to the end of that and then starts a new paragraph tag and then loops back to please enter your message and again. So it already has the starting paragraph tag and now adds this ending paragraph tagged to it adds this one back here and then we close it all with this closing paragraph tag. So what you get is you get a valid set of paragraph tags here, okay for for that loop and you can see we got one here and we got one here. All right, so one of those things that just kind of works. It's a little bit of a trick for the paragraph tags, but I don't want to get too bogged down on that because I want to really want to get to the PHP, and there's quite a bit to get through 4. Processing the Form Data: Now, if we come back all the way at the top, then you can see that we're doing a little bit of processing because we moved most of our heavy lifting over here to this functions file, which is where we're gonna operate most now. What we're doing here is we're including where we were requiring that functions file. We're Justin stance e ating Some variables that will use this is essentially just to get rid of any notices. So we're gonna be doing some different checks down here on some variables. And if we don't set him here, then you'll get some PHP notices that that variable doesn't exist, etcetera. This just helps get rid of those notices. So we're setting our errors to array, and we're setting our sent variable Toaff. Also use those a little bit later here, then the next thing that we're doing is we're checking to see if post whether post is empty or not. If it's empty than that means the form most likely majority 99.999% of cases the form has not been submitted because otherwise that post wouldn't be empty. Now, if someone tries to do some some sort of external submission than that, but we don't really care about that. So, um, again, we're just checking to see if it's empty or not. If it's not empty, so that means there's some sort of data in the array. Then we're gonna try and process it. So the main thing here is we're sending all of the post added to this function process form , which is up here and functions. This is kind of the big function or the If you're thinking in the M. V C mindset, this would be like the controller function. Eso This is the one that does all the heavy lifting and uses some other function, some helper functions to get the job done. So that's primarily what we're going to be going through. But we run that. We send the data there and get a return from it now that I'll show you the different returns that are available. But essentially what we were gonna get back, Ah, status and or a status and a message or a set of errors. Okay, so we need to just do a little bit of checking for that so we can populate this area down here. See, it's it's checking for errors or it's checking for sent. That's what our if statement is here is doing so Basically, if you're getting airs, it's gonna show the heirs. If you everything went through and sent gets set to true what you see right here, then we're gonna process our message that says your message was sent will be in touch. Okay, so that's what this does. We check to see if this process message element. So this is an array that gets sent back. We're checking to see if that exists. If it does, then we know that there was an air because that's the only way that that would be There would be anything in that that message there would be a value in that message element is that there was an air. So we're gonna set the value of that Ah process message. We're gonna set that to errors here, and that's gonna help us display airs. Then we're gonna check and see if it's set toe. If there's something called process airs that exists now, the difference between these two is what I mentioned earlier here. If there's ah if the email address is invalid or the math is wrong. Then we're just sending back this message that says it's wrong. Whereas if it's one of these fields being empty, were actually capturing all those into an errors array here and sending those backs, we can display them all. So that's the difference between these two. This is one of the checks where we're just sending back a blanket message. This is the check one of the checks where we're sending back an actual array of different airs that weaken so we can display mall. So you're going to get one or the other back, but both are displayed the same way. So we set this to, uh, errors here, and we said it to errors here so that we can then down here, use it and it ends up. The ultimate out put ends up being exactly the same. When we get to the functions foul, that will make a little bit more sense. But if there's no heirs, so if we don't have any heirs, then we're gonna just set sent to true so that then down here, we can say, if this is set to true, then we can display our success message. Okay? And we use this stuff in a couple other places, we'll show you. All right. So very, very basically were. We're sending our data to, ah, processing script. If that rescript returns with no heirs, then we're going to show our success message. If he returns with errors were going to display, there's that's what this is. 5. Functions File Overview: that all out of the way, then we can get into our functions here. So first off, I've said debugging. I've turned on all of the air reporting. Okay, so for testing and you learning and so forth, you can leave these on. You'll notice that there's no air showing up here, so that gives you some sense that this has all been worked through. And there's not in years as it is right now. But you can also use this if you weren't changing stuff and you want to have debugging and you wanna show those airs, leave that on. But when you go to use this on a life site mixture and turn this off, you could just remove these lines or common amount, Whatever. Ah, so that you don't have these showing up? I would say, probably comment them out so that if you have to go back in, this is first say, a client or something. You have to go back in and debug something. You could just easily uncommon them and show yourself the airs for a short amount of time and then turn it back off. So as generally how I do it right So there's air on. We're requiring our conflict file that we talked about before is going to use data from it . And then this is our process form function. So you can see we're passing in all of our post out of here, and then we're just gonna go through several checks here. So we're gonna validate the math. We're gonna validate the email. We're gonna validate all the rest of the data. Then we're gonna, um we're gonna use the validated data here, too. Process the database actions here. Okay. Ah, so we're gonna process the database, and then we're gonna process the email. If we get through all of that with no heirs, then we're going to return a status of one. Okay? And the reason is is you'll notice all the airs air returning a status, and then a message or this airs block right here. Like I talked about earlier. So all of these air returning an array. So over here on our index, this is expecting right here. We're expecting to get in a ray back, so we just make sure we always turn a return on right here. 6. Validate the SPAM Check: So what I'm gonna do is just kind of step through each one of these checks and go over the code for how this is done. So the 1st 1 is we're checking to see if the validate math function returns to her false. Now you'll notice with this function that I passing in the post human. So if we go to our form, you'll notice that the this check right here this you are you human. This math check the name of it is human. So that's where we're getting that. So I'm passing that in here, and then I'm I'm setting what the answer is supposed to be. So the answer is supposed to be 75 plus two equals seven, so they should enter seven here. So I'm passing in both the value that was actually submitted and what the answer is supposed to be here for this validate math check. And if it doesn't check out, then I'm returning a status of zero and a message that says your math is suspect. And so that's what we get when we enter this. And there's no the math check is wrong. All right, so then let's go ahead and go down and look at this actual function that's validate math function. So if we go down here, here is that function that I wrote and called validate, Matthew said, in the value that was submitted and then the test what it's supposed to be. And we're just doing a simple if the value equals the test, then return true. Otherwise, return falls. So a very, very simple check now invalid. Just essentially make sure you get kind of the absolute value of this. Ah, here. So don't necessarily need do that. But I have done that in the original one. I think there was a reason why, but, um eso it, just make sure that, you know, it's it's the right type and all that stuff. Okay, so anyway, it's just a simple check. Does the value equal what was passed equal? What it's supposed to it does it return to, if not return? False. So very straightforward. Check there. Right. So if that one passes, then you notice we don't. There's no else statement on here. We just allow the return so that this is the way I do this. I assume I check for all the negative. So I were checked. Basically, all these checks are designed that if there's some sort of air than we just return at that point, okay, so return will end the processing of the script that there's an air here. If the math doesn't add up, none of the rest of this will process. Okay, so it's basically a series of, like roadblocks that your coat has to get through. And if it does, then we return true down here, return a positive status down here. So that's the way generally set up my scripts. Is toe gonna be oriented toward the negative and be kind of designed so that they will, you know, there they lean towards returning some sort of, um, negative response that way, in order to get through. You're not having something submitted that isn't, you know, it's it's it's still submitting, even though there's some sort of air. I want to catch all of these airs. So that's maybe a different perspective on point of view, but that's just the way that I set it up. So anyway, you'll notice that we're returning, so this will stop at this point. If there's some sort of air, it won't do anything else. 7. Validate the Email Address: So then we're gonna run this valid e email function. We're gonna pass in the email address that was submitted. And if there's an air, we're going to turn the status of zero and a message that says that is on a valid email address. So if we go down to the valid a email function here, then again you see, it's very straightforward passing in the email that was submitted. We're checking to see if it's empty or not. First, right, So if it's empty, then obviously we're not going to do anything with it now. The way this is set up, I don't think this could submit empty email address because of the validation that we have here. But we're gonna check and see if it's empty if it's not empty. And this filter var, which is basically Ph PIF, um, function for validating the email address. So it's gonna make sure it's of the proper syntax. And so that's it. Just a Pete built in PHP function allows you to do that. You pass in the email and the filter that you want to use, I would say for email addresses, this is the one that you'll use. There may be some use case out there for some other filter on email addresses, but who knows? This is this is the one year old who's in 99.9% of cases. So, um, we're checking. If so, if it's if it's not empty and it's a valid email address than and we're going to return true, otherwise we're gonna return false. 8. Validate and Whitelist the $_POST Data: coming back up for in our process, form, function. That's are kind of our controller function. If we get past that, next thing we're gonna do is we're gonna run this validate data function here, and we're just passing in the whole array, right? So if we go down and we're setting it here because we're gonna use it through kind of throughout the rest of the script here, this function. So we go down to validate data validate Data does is a couple things first and again, we pass in the whole array. Next, we're gonna look at our white list. So we're globalizing white list. Now, if we go to our confit here, and I actually mess that up, so let me toggle the tree view and bring confit back up here, and I will close that. So if we look at our conflict, we set our white list here. This is why I said earlier. You need to make sure if you add fields here, you need to Adam here is well, because here, we're gonna use that wait list. Now, this is one of the points where one of things I didn't You'll notice I'm using just straight functions. This isn't inside of a class. I did do that on purpose because I know there's a lot of people out there who don't aren't familiar with classes. Yes, and I'm not gonna be a snob and say you have to use classes. Everybody's at their level that their hat. And so I didn't want to add in this layer of PHP classes that might make things more confusing. But for those of you who are familiar with classes, these anywhere you see this globalization here, this is a point where you could have made this into a class and this could be a class property. Okay, so that's something to think through. If you want to convert this to a class, you wouldn't have toe white list this or you won't have to globalize this. If it were a class property, you could just use the class property. And again, those of you familiar with classes, you probably already know that, right? So but here, we need to globalize it because it's outside of this function. So it's in the global scope in our conflict file, so we globalize it, then we loop through it so We're looping through name, email and message in this click case. And ah, we're looping through them as a key because, ah, as key. Because, really, that's what they are. They're the keys. Um, that that that were we that we're gonna use from our post our post array. Okay, so what we're doing is we're setting this Fields array and we're passing in the key, so we're setting each key in that element to the value that's in our post array. Okay, so we're looping through the white list and we're creating a new array that has the values from our post data. Now, the reason we do this is because, let's say someone externally submits tries. Maybe not through this form. But someone's trying to hack our form. And they pass in the past in all sorts of, um, data trying to break our script to see if they can get their messages to show up and then if they can get their master's show up, that might give them some, uh, avenue, some information that they could use for some sort of attack. I mean, that kind of the thing that that hackers tend to do is they tried. They just mess with things and trying to get things to break or do something different than it's intended to do. Ah, white list kind of stops that from happening in this particular sense, because if they submit 10 form fields to this, it's not gonna break our form. We're not gonna get a my sequel error because we had tried to insert 10 fields into a database that only has three. Why? Because we're white listing those fields. So we're looping through and we're on Lee grabbing name, email and message. If there was anything else submitted through through the Post Data, we just completely ignore it. We don't even look at it or try to process under do anything with it. That's what this does right here. Okay, so we're white listing our data. That is again, why you need to If you add a field, you need to add the name of that field here. Okay, so that's the first thing that reality that it does next we're sitting are heirs array here again, this is just so we don't get notices, and then we're looping through our new fields array that we created and we're just checking to see if each field is empty or not. If it's empty, then we're creating. We're creating an array called Ares, and we're adding that field name. So the field name here were adding that to this airs array. Plus this thing that says, please enter your space. So what? This essentially will return. It will have an array with, Let's say we don't enter the name and the message it will be one element will be, please into your name and another will be Please enter your message. And that's where we get those messages from when we're over here and we submit this form, please enter your name, please. In your message that comes from this right here. Okay. All right. So once we've done that, then we're just gonna return the proper response. So, um, if errors is empty, So if this process all the way through and there were no heirs, then we're going to return a status of one, and we're going to send our fields that we white listed back because we want to use our white list of data from this part forward because we're going to get into inserting stuff in the database. So we want to make sure and use our white listed data, not the whole post to race again. So we don't have any sort of heirs and and so forth for someone trying to hack our form here. All right, so we're gonna set it again. It starts with one or return our white listed fields. If there's airs, then we're going to turn a status of zero, and we're going to return our heirs array right here. Okay, so this kind of sets us up for the rest of the script. We now have either valid data or an array of errors that we in those in both cases, we can either continue processing with the script or weaken, go back to our display and display those errors. Okay, so this kind of sets us up. This validate data function sets us up for the rest of the of what we're going to do here, right? So then you can see once we've done that, then we check we check the status, Okay? If the status is, this is a not so basically, If it's zero status, if it's an air status, then we're going to return back to our index page, the status of zero. And then we're gonna pass in our airs which were stored in this validation. And then, uh, remember, they're stored. Ah, as this data element here. Okay, So again, if if there's an air here, we're going to return the heirs so that we can disclaim here. Otherwise we're gonna keep going and you notice that down here. Then I set data to validation data. So this is if there were no airs, the white listed fields will now be set data. That's what this is doing. And then from there forward, you can see we're gonna use data for processing our database, and we're going to use it for processing R E months we're using our white list of data at this point is very important. 9. Submit the Data to the Database: now we're gonna get into the process database. So it za same kind of story have been going through. You notice each one of these validate math. We turned an array with a status in a message. Followed a email returned array with the status in the message. Validate data returned array of the status and in this case, on errors, array process, database status, message, status message. And then if everything's good readers Turner status. Okay, So really, really similar process that we're doing for all this is just each function does something a little bit different Eso process database. Then we're passing in our white list of data. If we come down here to process data base, this is really kind of the a big part of what we're doing here. This is probably the biggest function here, but really, it's pretty straightforward. It's a pretty straightforward insert into a my sequel database. So we passed in our white list of data here. We're globalizing our table, which we set in conflict here. So this is the table against something you'll need to change for your use of this. And then we're going to create a new instance or new connection to my sequel. So we're using my SQL. I were passing in our host our user name or password, and her database name from our conflict file down here. Okay. So again, stuff you need to change for your use of this. So we're creating that new connection. We're doing a check to see if there were actually connected. If not, we're going to return false. And then we'll handle that up in our process form script. Otherwise, if we are connected, then we're gonna process are my sequel data here. So the first thing that we're going to do as we're gonna prepare were using prepared statements. So we're gonna prepare our my sequel statement are are are sequel statement here. So where you were calling my SQL? I prepare. So you have to have this instance of my sq line stance. See two first, then you can call the prepare method on that. And what you pass into it is your SQL statement here. Okay, so this is a SQL statement that you may have seen something like this before, so insert into our table name again. This is from our conflict file. We globalized it up here, and we want to insert it into these are the database columns that we want to insert into. So name, email and message. Okay, so those are what we want to insert into him, And then values is what we want to insert now, A couple of things here one on. I mentioned this in another tutorial that these this connection between the columns and the data that was submitted is what I would call dumb. So what my sequel does is it looks at what you've put in these parentheses. Name, email, message for the columns and a master's them up to what you put here in volume about values . So it assumes that this is gonna be your name. This is gonna be your email, and this is gonna be your message. So if you move these around, you have to move these around. It's important to know. Now you'll notice that these are all question marks. That's because we're using prepared statements were using this prepare function. What this prepare function does is down here. You'll see that we bind our parameters. And here is where now we're binding. Ah, the parameters that we want to use that. We wanna pass in essentially these air placeholders. We're not actually passing data in here. We're just creating placeholders so that when we boat bind our parameters, it inserts air it basically in Jack's the name for this 1st 1 the email for the 2nd 1 and the message for the 3rd 1 Okay, now, that's the subtle difference between my school I and PDO. Is that with my Asheville? I use anonymous parameter, so these are all question marks, whereas with PDO, you can use named parameters. So you could give this a name like name like this, Okay. And so that could be a little bit easier to work with. All right, so and it makes a little bit smarter than than this implementation. Right? So we're binding those parameters, and we're saying what kind of data type they are. So in this case, they're all strings name, email on message through all strings. So their whole s is if they were, um, you know, if they were numbers and it's dee would be D for whatever one's air numbers. Okay, again, I don't want to do a full my skill high and prepared statements, tutorial, but, um, just a little that that's how you do prepared statements. The advantage of this of using prepared statements like this is that PHP is going to do all of the SQL injection protection and all that stuff for you and whatever other thing that they come up with the past. You would have to go through kind of a series of different checks on the data you inserting into your database. My a my SQL real Escape string was a really, really common one that you have to run on each one of these. You don't need to do that anymore because you're preparing the statements. And PHP is doing all of that for you when you do this prepared statement and then in this execute and so forth. Okay, so we can just drop the data in as it is and let PHP do it. And if there's some new thing that they need to check for, they'll add it to PHP, and you don't have to change your code. That's the value of it. So that's why highly recommend moving two prepared statements for your code. All right, so now you'll notice though this name, email and message. We haven't set that anywhere up here before. Okay? That's what we're doing right here. Now we set those. So we're saying, OK, we bound the variable name too. This value over here, we bound it. But we didn't tell you what name was. Now let me tell you what name wants, and we're just setting it to post name post email and post message. So to our post data. Ok, so very, very straightforward. And actually, you caught me. This should be this, not our post. That should be our white list to data since we wanted to use are wait listed data here. All right, so you caught me. You got me on that one. So we're passing in our post data here, name, email and message and telling it. Okay, these there. These are the actual values that we want to use, and then we just need to make sure to set those before we run this statement. Execute method here. So that's gonna actually then here we're all just getting it all set up. This actually run. This actually runs it. Now, if this so if this returns false, then we're gonna return falls. Okay, so now don't get confused. This is for a different block. So we're not doing any sort of else statement on here. If it's false, we're going to return falls. Otherwise, we're just gonna keep processing. And then we get into this else script which runs on theatrical bind parameter statement or the ah prepare statement here. So we do this if check on our prepared statement here, so if it's prepared properly, then will process our code. Otherwise we're going to return false. Now, you notice I have in here four debugging purposes. If you wanted to debug this, you could simply comment this out. Karen, comment this and do this var dump. And that'll tell you any sort of heirs that you're getting from this prepare statement here So it can happen where you get some some airs from this prepared statement. If you're getting something like that in their database, insert isn't working than uncommon. That and do that var dump so you can see what air you're actually getting. It will tell you specifically what the air is and be pretty helpful helping you. The buggit. All right, So at that point, if we get through all of this, then this function is gonna return. Just simply return true. Okay, So if there's any sort of problem we're gonna return false. Otherwise, we're going to return. True. So at the end of that, then our data, our data will be inserted into our database, so but we don't have to stop there because we can keep going. Okay, So if we come back up to our process form function here, we just did the process database again. It's gonna return tour false. If it's false, we're going to return this array. If it's true, we're just going to keep going and we're gonna move into processing our email. 10. Send the Email: next function is process email again. We're passing in our wait list of data. If there's just some sort of air, we're gonna return status zero in a message, unable to send email. Can you can change these? These air messages will have to use the ones I'm using. Um, but if we go down and look at process email, then all the way down here, then you can see we're passing in our post data. And we're globalizing our from our email address and are subject that we got from our con fig here and we're setting. Or so we're setting some headers here. So this is basically for HTML emails here first to 2nd 1 helps us kind of define, uh, who this is gonna be from the, um both the name and the email address here again, these air set in the headers, and then you'll see here we're just running our malfunction. Really straightforward. So we're passing in the email address that we set in our conflict filed subject that we set our conflict file, were passing in the message block from our post because that's really probably what we're after. You could create a you could if you want to make this fancy, or you could create a whole kind of email template from this right here, instead of just passing in post message, he could actually come and create, you know, in here and some other function, you could create a email template that you passed that into, and it returns the HTML which then you Pat, you passed that into here. She could do that as well. Here, we're just keeping a simple We're posting in the message, and then we're passing in our headers, and this is what sends our mail. Okay? And that's the end of our processing script at that point. So it's gonna go through, do all the checks, send it to my sequel, and then it's going to send the email. 11. Store Entered Data on Form Error: as I mentioned over here on the index page for each one of these. If you remember, we have to validate input and then we pass in the name of the input that we're validating. So this is that function here. So essentially, what this is doing and see it, we're globalizing sent. So it's checking to see first in this area in this context, here, if sent, has been set to true. So that's what we're globalizing here. And then we're gonna check and see if Post is empty. If post is empty, that means we're not gonna do anything because we don't have any post data toe give back to this particular these particular inputs, right? There's nothing that's been submitted for us to hold on to and inject back in here. So it's empty. We're just gonna return. Also, if sent, is set to true, we're just we're just going to return as well, because that means it's someone just Yes, there's post data, but that post at A Because someone just submitted this form and that that data has been sent, so we don't want to show it back in here. If that data was sent we wanted blank all the field. So that's essentially what this does. And then if we get through those two, then we're returning this e function on our post input name. Okay, Now, we are using post here because this this function is called over here on index. All right, So it doesn't have access to all of the code that we've done appear, doesn't have access to our wait list of data. And really, at this point for what we're doing here, we don't We don't need that. Okay, so we're gonna we're going to just return this. This is actually then is what's gonna display here. So if there's no post out of it was just my I'm gonna show anything. If sent is set to true. We're not going to show anything. Otherwise, we're going to show whatever data was submitted for that particular input. Okay, so we're passing in the input name. So for the name importer, the message importer, the email input we're gonna We're gonna return that now. This string right here, All this is doing is escaping using HTML entities here. Um, I don't want to get into a full on HTA data escaping tutorial, but that's essentially what this does protects against Eskew cross site scripting attack 12. Wrap Up and Final Thoughts: that is, all of our functions file So again, the whole idea of this is a contact form that you can Smith have data, go to a database and have it be sent via email. Now, this kind of thing especially. You know, this is a fair, I think, a fairly decent looking form. Of course, you could go in and change up to CSS and the styling and so forth however you wanted. But this particular kind of online form industry, this is a very big industry. So this is something that's worth digging into, because if you get really good at this, you could probably do just this for the foreseeable future for clients or building, maybe build some sort of application or getting hired at some company that does this kind of thing, Whatever. It's a very, very big market. Like I mentioned in the previous podcast. Surveymonkey does 113 year and is valued at 1.35 billion. I believe it is, so that's huge. That's massive. That's a massive market and it's really just all centered around this idea of forms. So this is something that you could take you could get really, really good at, um and you could use it. I mean, this could be your your path forward in your career. This could be the thing that you do. So it's absolutely worth investing in. If I were going to do that, what I would do is I take this code. I turn it into a class, get familiar with classes, turned it into a class and really just dig into constantly improving and updating and working with that particular class and getting really good at it. And then what clients care about. It was kind of the thing. The they care about the sizzle, so they're going to care more about the way the form looks more than anything. So it's really just gonna come down to moving Ford fields around and changing CSS and so forth. And there's so many sources out there, like media loot and all the bootstrap stuff and so forth that could allow you to make 20 different forms that look different. But the back end this PHP code, it's all the same. You don't have to constantly rewrite that. It's all the same. It works and and you're just changing the kind of the veneer on top of it. Okay, so don't underestimate what this is. And that's why I invested much time in both writing the code and going through this tutorial with you. For those of you who really see what this is, this could be something that could be your path forward from from here. 13. Next Steps: I'm honest there's no more. So, so little housekeeping to finish up this course. If you haven't yet, be sure to head on over to the class area. There is a class section for some, some steps for you to walk through for this course. So be sure to head over in that it's under the discussion in Projects tab that you'll see on the course. Also, if you head over to my profile, be sure to give me a follow on my profile here so you'll be notified when I release new courses. And I also have an ongoing sort of weekly podcast style course called Let's Talk freelance. So if you would like to have sort of access to ongoing training regarding freelancing and online business and so forth. Be sure to check out that. Let's talk freelance course as well. And finally, I do have a daily tips newsletter on my website at John Morris If you head over there, you can sign up to that mailing list. You will also be put into my own, my very own mobile app, or you'll get access to over 78 hours of free content at the time of this recording related to freelance and so forth as well. So if you're interested in that, BD sure to check that out as well. Again, that's John Morris All right. Thank you for taking the class. If you enjoyed it, I appreciate you for You. Leave me a review and we'll see you in the next course.