contact-script.php

<?php
include 'contact.php'; // Assuming this file contains database connection code
include 'sql.php'; // Assuming this file contains database configuration

if (isset($_POST["submit"])) {
    $user_name = $_POST['user_name'];
    $user_mobile = $_POST['user_mobile'];
    $user_email = $_POST['user_email'];
    $user_address = $_POST['user_address'];
    $user_message = $_POST['user_message'];
    $show_modal = false;

    // Using prepared statements to prevent SQL injection
    $query = "INSERT INTO contactus(c_name, c_mobile, c_email, c_address, c_message) VALUES (?, ?, ?, ?, ?)";
    $stmt = $conn->prepare($query);
    $stmt->bind_param("sssss", $user_name, $user_mobile, $user_email, $user_address, $user_message);
    
    if ($stmt->execute()) {
        echo "<script type='text/javascript'>
        $('#mysuccessModal').modal('show');
        function pagesuccessRedirect() {
            location.replace('index.php');
        }</script>";
    } else {
        echo "<script type='text/javascript'>
        $('#myunsuccessModal').modal('show');
        function pageunsuccessRedirect() {
            location.replace('contact.php');
        }</script>";
    }
    
    $stmt->close();
    $conn->close();
}
?>