Prevent redirection on form submission

Question

I have recently (with a little bit of help) written this simple form to email script. It works, the only problem is that it redirects to the included php script when run. Does anybody have any ideas on how to stop this from happening and instead just showing a thank you note on the original page?

index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Megaform</title>
</head>

<body>
  <?php include 'form.php' ?>
</body>
</html>

form.php

<form name="email" method="post" action="email.php">
  <p>
    <label for="name">Full Name</label>
    <input type="text" name="name" id="name">
  </p>
  <p>
    <label for="email">Email Address</label>
    <input type="text" name="email" id="email">
  </p>
  <p>
    <label for="phone">Phone Number</label>
    <input type="text" name="phone" id="phone">
  </p>
  <p>
    <label for="subject">Subject</label>
    <input type="text" name="subject" id="subject">
  </p>
  <p>
    <label for="message">Message<br>
    </label>
    <textarea name="message" id="message" cols="45" rows="5"></textarea>
  </p>
  <p><input type="submit" name="send" id="send" value="Submit"><input type="reset" name="send" id="send" value="Reset">
  </p>
</form>

email.php

<?php  

// Get the Variables
  $name = $_POST['name'];
  $visitor_email = $_POST['email'];
  $phone = $_POST['phone'];
  $subject = $_POST['subject'];
  $message = $_POST['message'];


// Validate against spammers
function IsInjected($str)
{
    $injections = array('(\n+)',
           '(\r+)',
           '(\t+)',
           '(%0A+)',
           '(%0D+)',
           '(%08+)',
           '(%09+)'
           );

    $inject = join('|', $injections);
    $inject = "/$inject/i";

    if(preg_match($inject,$str))
    {
      return true;
    }
    else
    {
      return false;
    }
}

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}


// Compose the Email
    $email_from = '[email protected]';  // Set a valid email address that the form can use

    $email_subject = "New Form submission - $subject";  //  Change the message subject here

    $email_body = "You have received a new message from $name ($phone) .\n Here is the message:\n $message";


// Send The Email
  $to = "[email protected]";  // Set a valid email address to send the form to

  $headers = "From: $email_from \r\n";

  $headers .= "Reply-To: $visitor_email \r\n";

  mail($to,$email_subject,$email_body,$headers);

?>
<p>Thankyou for your email.</p>

Answer 1

change your form tag to say:

<form name="email" method="post" action="index.php">

and change your index php to say:

<body>
<?php
    if (isset($_POST['email'])) {
        include 'email.php';
    } else {
        include 'form.php';
    }
?>
</body>

So if the form has been submitted, send an email, otherwise, show the form.

Answer 2

You need to set the forms target to the file itselfe.

<form name="email" method="post" action="form.php">

And include your code from email.php there.

if ($_POST['email']) {
  ... code from email.php ...
  ... and success message ...
}

This part will then only be executed if the form was sent (and an email was set).