Need major help with emailing contact form

You should really think about using a pre-made email class.
Attachments opens a whole new realm of security issues that good email classes help resolve if used properly.

I have used this one PHPMailer | Download PHPMailer software for free at SourceForge.net
It is also the email class that is used by WordPress and many other CMS's.

This is the company that developed it along with tutorials and other info about this class
Worx International Inc.

If you google around, there are tons of example on PHP send mail attachment. Most of them you can simply copy and paste. But I agreed with phpbbxpert, you need to seriously consider possible security vulnerability to your application when sending mail attachment. Using an existing PHP mail application is probably your best bet.

I made a one-off payment for unlimited forms from FormDevil. Works well without me getting into php but you can access the code is needed. The time/money saved in designing a form, never mind building it, is enormous. So many good starter forms to use or customize. They also have a free service but not sure if file attachments included.

OK, out of curiosity I dug into this a bit since I already have my own custom contact form.

It seems the phpmailer class does not provide security it just does the work of setting the files up in the mail->send

First thing is your form has to be multi part for attachments.

Anyway, here are some security things to prepare for.
You trust nothing the user is inputting into the form!
So,
Before it is moved to the actual upload path you have to do the following.

Deconstruct the name of the file and only accept safe extensions.
The rest has to be renamed to something random, so if it is a hack, there is no way for them to run the file because they no longer know the name of it.

Keep in mind when cleaning the name that a hacker may do something like myhack.php.jpg
So if you leave that extra . in there they already know a way to run that file otherwise they wouldn't have named it that way

Check its size, your sever default for upload is most likely 2megs.

Then you move the file to a secret location and make sure there is an index there so the directory can not be browsed.

Then the file is attached to the mail, I still used the phpmailer class for this.
It is preferred after the mail is sent to delete those files.
There is no sense in keeping them there.

Don't allow to many attachments, set something like 5 as the limit.
Other wise a hacker could potentially flood the system and try to overload the memory or something dumb like that.

Make sure your errors do not report the upload path!
It shouldn't matter because there is no way of knowing the file names but its still better to not give clues.

You have to try Gtalk also to do that.

Thanks a lot. I have seen a lot of tutorials and things on this but I have my contact form built and all the other php is good to go except for this file upload and I was looking for a way to just implement it into my current mail.php file and that's where I get stuck.