Question

Web email form

PHP, Web form, Web development

I need to make an email form work with a file upload option. Basically, I want the user to input their information into fields, include a file, and then have all the information sent to me in an email (including the file). Is this possible?

You can use the $_FILES variable in PHP to access files uploaded with the HTML widget <input name="someVarName" type="file" />. Once you do some basic checks on the file (that its mime type is what you're expecting, that its file size isn't too big, etc), you can move the file from the temporary dir PHP automatically puts it in to a permanent directory using move_uploaded_file(). See PHP.net's page on handling file uploads in PHP for more info. Be sure to remember that you must never trust user data without verifying it! Even things like the file's mime type are supplied by the client; PHP makes no check on the file. And watch out for tricks like injection attacks or file names that include relative path names. In short, since PHP doesn't have built-in taint checking, the onus is on you to make sure your upload script is secure.

For the email part, you can use PHP's built-in mail() function. If you want to include the file as an attachment in the email itself, you'll need to send a multipart email with the file's contents in base64 encoding; I've never done that myself, but there seem to be plenty of guides out there. Zend (which owns PHP) has some code snippets on its site, including code for sending email with attachments in PHP. If you have access to the server that the PHP script is being run on, you could also move the uploaded files to a designated directory that only you (and not the world at large) has access to, and then just email yourself the file's location.