Is this php form processing script safe from hackers and spammers
I don't know very much about using php for online form submissions. However, I copied this php out of a tutorial. Does this script provide everything i need to protect myself from spammers and hackers?
If not could you please insert the proper precautions into this script.
Thank you in advance
/* Set e-mail recipient */
$myemail = "firstname.lastname@example.org";
$subject = "internet contact form submission";
/* Check all form inputs using check_input function */
$name = check_input($_POST['name'], "Enter your name");
$email = check_input($_POST['email']);
$phone = check_input($_POST['phone']);
$company = check_input($_POST['company']);
$comments = check_input($_POST['comments']);
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))
show_error("Please enter a valid E-mail address");
/* Let's prepare the message for the e-mail */
$message = "Greetings
Your contact form has been submitted by:
End of message
/* Send the message using mail() function */
mail($myemail, $subject, $message);
/* Redirect visitor to the thank you page */
/* Functions we used */
function check_input($data, $problem='')
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0)
<b>Please correct the following error:</b><br />
<?php echo $myError; ?>
Looks to be safe from being used to relay spam (no mail header injection). I would probably add some stuff to make it more difficult for robot scripts to submit it. Also, the email validation pattern used in the preg_match() is likely to give false negatives on some valid email addresses (e.g.: "email@example.com" would fail). I use this validation function.
PS: If you wrap your code examples in [php]...[/php] tags, it's much easier to read.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
How to Ask Questions the Smart Way
(not affiliated with this site, but well worth reading)
Someone else told me it offered no protection at all. Now I am really confused. Is this thing safe to put on my website. I looked at the link you gave and it looks very complicated. and I dont know what version to choose.
I think there was a little bit of "skim" not "read" going on in the other reply where it was mentioned that this offered no protection. Knowing that this will fall within the following:
1) Not be displayed back to the page
2) Not stored in a database
you can eliminate a good portion of the security practices that are only used for those situations.
Thanks for answering. Would you use that script on your page and feel safe about it.
I would have to agree with NogDog:
And also that your email validation might need a brush up. You can use his provided link above to address that.
Looks to be safe from being used to relay spam (no mail header injection). I would probably add some stuff to make it more difficult for robot scripts to submit it.
thanks criterion and nogdog
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)