DEV Community

Cover image for Help Needed: Struggling to Set Up PHP Mailer for My Contact Form
Dusan Walla
Dusan Walla

Posted on

Help Needed: Struggling to Set Up PHP Mailer for My Contact Form

Hey Dev Community! 👋

I’m a digital marketing enthusiast and beginner in PHP, and I need some help with a problem on my website.

My Website
📍 WebFluence
Specifically, the contact form here: Contact Form

The Issue
The contact form came with a prebuilt PHP file located in includes/sendmail.php. Unfortunately, the script uses the outdated mail() function, which Hostinger (my hosting provider) told me is insecure and not recommended. They advised me to use PHPMailer, which is preinstalled on their business hosting plans.

I’ve read articles about setting up PHPMailer, but honestly, it’s all a bit overwhelming for me since I’ve never worked with PHP before. The template author hasn’t responded, and I’m stuck trying to figure this out.

Details
Domain: Registered with GoDaddy
Hosting: Hostinger Business Plan
Current Mail Script: The outdated mail() function script is here:

<?php

// Read the form values
$success = false;
$successTxt = "";
$senderName = isset( $_POST['name'] ) ? preg_replace( "/[^\.\-\' a-zA-Z0-9]/", "", $_POST['name'] ) : "";
$senderEmail = isset( $_POST['email'] ) ? preg_replace( "/[^\.\-\_\@a-zA-Z0-9]/", "", $_POST['email'] ) : "";
$subject = isset( $_POST['subject'] ) ? preg_replace( "/[^\.\-\' a-zA-Z0-9]/", "", $_POST['subject'] ) : "";
$budget = isset( $_POST['budget'] ) ? preg_replace( "/^[A-Za-z0-9\\-\\.]+$/", "", $_POST['budget'] ) : "";
$message = isset( $_POST['message'] ) ? preg_replace( "/(From:|To:|BCC:|CC:|Subject:|Content-Type:)/", "", $_POST['message'] ) : "";
$txt = "Client budget: " . $budget . "\n\n"  . $message . "\n\n" . "Regards,\n\n" . $senderName . " | " .$senderEmail;

// If all values exist, send the email
if ( $senderName && $senderEmail && $message ) {
  $mailTo = "dusan@webluence.digital"; // change it to your host mail for example (contact@yourdomain.com).
  $headers = "From: " . $senderEmail;
  $success = mail( $mailTo, $subject, $txt, $headers );
  $successTxt = "<p class='uk-alert uk-alert-success uk-margin-large-bottom success' data-uk-alert=''>Thanks for contacting us. We will contact you ASAP!</p>";
  echo $successTxt;
}

?>
Enter fullscreen mode Exit fullscreen mode

What I Need
I want to replace this script with a secure PHPMailer-based script. Hostinger has preinstalled PHPMailer, and I’ve been told it’s more reliable. I found an article about setting it up, but it’s too confusing for me as someone new to PHP.

This is what I have right now:

<?php
require 'vendor/autoload.php';

use PHPMailer\PHPMailer\PHPMailer;

$mail = new PHPMailer;

$mail->isSMTP();
$mail->SMTPDebug = 0;
$mail->Host = 'smtp.hostinger.com';
$mail->Port = 587;
$mail->SMTPAuth = true;
$mail->Username = 'sales@webfluence.digital';
$mail->Password = 'c;Ge?H9unUs#:T0J';
$mail->setFrom('sales@webfluence.digital', 'Dusan Walla');
$mail->addReplyTo('sales@webfluence.digital', 'Dusan Walla');

// Read the form values and sanitize them to prevent injection attacks
$senderName = isset($_POST['name']) ? preg_replace("/[^\.\-\' a-zA-Z0-9]/", "", $_POST['name']) : ""; // Remove any characters that are not letters, numbers, spaces, dots, hyphens, or apostrophes
$senderEmail = isset($_POST['email']) ? preg_replace("/[^\.\-\_\@a-zA-Z0-9]/", "", $_POST['email']) : ""; // Remove any characters that are not letters, numbers, dots, hyphens, underscores, or @
$subject = isset($_POST['subject']) ? preg_replace("/[^\.\-\' a-zA-Z0-9]/", "", $_POST['subject']) : ""; // Remove any characters that are not letters, numbers, spaces, dots, hyphens, or apostrophes
$budget = isset($_POST['budget']) ? preg_replace("/[^\.\-\' a-zA-Z0-9]/", "", $_POST['budget']) : ""; // Remove any characters that are not letters, numbers, spaces, dots, hyphens, or apostrophes
$message = isset($_POST['message']) ? preg_replace("/(From:|To:|BCC:|CC:|Subject:|Content-Type:)/", "", $_POST['message']) : ""; // Remove any email headers to prevent header injection

$mail->addAddress('sales@webfluence.digital', 'Dusan Walla');
$mail->Subject = $subject;
$mail->Body = <<<EOD
Client budget: $budget

$message

Regards,

$senderName | $senderEmail
EOD;

if (!$mail->send()) {
    echo 'Mailer Error: ' . $mail->ErrorInfo;
} else {
    echo "<p class='uk-alert uk-alert-success uk-margin-large-bottom success' data-uk-alert=''>Thanks for contacting us. We will contact you ASAP!</p>";
}
}
?>

Enter fullscreen mode Exit fullscreen mode

Questions
How do I replace this script with PHPMailer in the simplest way possible?
Is there a step-by-step guide that breaks down what I need to do?
How do I configure Hostinger’s SMTP settings in the script?
Any help would be deeply appreciated! 🙏

Additional Resources
Here’s the article I was referring to: How to Use PHPMailer for Secure Email Sending

Thank you in advance for your guidance! 😊

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more