Thanks Ben, I figure it out the issues:
1) When I tell php to echo those condition, I didn't give instruction to prevent form submission and contact with server. Basically, I should have use some js method to stop form from submiting before validate was verified...
2) I didn't split each post variable and give its separate validation and condition
3) I am a designer first and developer second...so I sometimes code basic on how I feel not on reason or logic. ( I had logic error).
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$phone = $_POST['phone'];
$human = $_POST['human'];
$email_to = "hello@somewhere.com";
$email_subject = "web customer";
$formcontent = " From: $name \n email: $email \n Phone: $phone \n Message: $message";
if (($name=="") || (strlen($name)< 2)){
echo "Please fill in your name...";
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
echo "E-mail address invalid!!";
}
else if (($message=="") || (strlen($message) >250)){
echo "Message( must be less than 250 characters)";
}
else if ($human !='2'){
echo 'Sorry, your math is wrong, please try again ';
exit();
}
else{
//header("location: ../thanks.html");
echo 'E-mail sent!! I will try my best to reply within 24 hours ';
$headers = 'From: '.$email."\r\n".
'Reply-To: '.$email."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $formcontent, $headers);
}
?>
If you see any security issue that I need to improve on, please let me know.
Thanks Ben for your contribution to the web community.