www.webdeveloper.com
Results 1 to 7 of 7

Thread: Is this php form processing script safe from hackers and spammers

  1. #1
    Join Date
    Jan 2010
    Location
    Atlanta,GA
    Posts
    53

    Is this php form processing script safe from hackers and spammers

    I don't know very much about using php for online form submissions. However, I copied this php out of a tutorial. Does this script provide everything i need to protect myself from spammers and hackers?

    If not could you please insert the proper precautions into this script.

    Thank you in advance
    JS


    <?php
    /* Set e-mail recipient */
    $myemail = "xxxx@xxxxx.com";
    $subject = "internet contact form submission";

    /* Check all form inputs using check_input function */
    $name = check_input($_POST['name'], "Enter your name");
    $email = check_input($_POST['email']);
    $phone = check_input($_POST['phone']);
    $company = check_input($_POST['company']);
    $comments = check_input($_POST['comments']);


    /* If e-mail is not valid show error message */
    if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))
    {
    show_error("Please enter a valid E-mail address");
    }


    /* Let's prepare the message for the e-mail */
    $message = "Greetings

    Your contact form has been submitted by:

    Name: $name
    E-mail: $email
    Phone: $phone
    Company: $company

    Comments:
    $comments

    End of message
    ";

    /* Send the message using mail() function */
    mail($myemail, $subject, $message);

    /* Redirect visitor to the thank you page */
    header('Location: contact.html');
    exit();

    /* Functions we used */
    function check_input($data, $problem='')
    {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if ($problem && strlen($data) == 0)
    {
    show_error($problem);
    }
    return $data;
    }

    function show_error($myError)
    {
    ?>
    <html>
    <body>

    <b>Please correct the following error:</b><br />
    <?php echo $myError; ?>

    </body>
    </html>
    <?php
    exit();
    }
    ?>

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,388
    Looks to be safe from being used to relay spam (no mail header injection). I would probably add some stuff to make it more difficult for robot scripts to submit it. Also, the email validation pattern used in the preg_match() is likely to give false negatives on some valid email addresses (e.g.: "nogdog@mail.example.com" would fail). I use this validation function.

    PS: If you wrap your code examples in [php]...[/php] tags, it's much easier to read.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Jan 2010
    Location
    Atlanta,GA
    Posts
    53
    Someone else told me it offered no protection at all. Now I am really confused. Is this thing safe to put on my website. I looked at the link you gave and it looks very complicated. and I dont know what version to choose.

    Thanks JS

  4. #4
    Join Date
    Jan 2009
    Posts
    3,346
    I think there was a little bit of "skim" not "read" going on in the other reply where it was mentioned that this offered no protection. Knowing that this will fall within the following:
    1) Not be displayed back to the page
    2) Not stored in a database
    you can eliminate a good portion of the security practices that are only used for those situations.

  5. #5
    Join Date
    Jan 2010
    Location
    Atlanta,GA
    Posts
    53
    Thanks for answering. Would you use that script on your page and feel safe about it.

    JS

  6. #6
    Join Date
    Jan 2009
    Posts
    3,346
    I would have to agree with NogDog:
    Looks to be safe from being used to relay spam (no mail header injection). I would probably add some stuff to make it more difficult for robot scripts to submit it.
    And also that your email validation might need a brush up. You can use his provided link above to address that.

  7. #7
    Join Date
    Jan 2010
    Location
    Atlanta,GA
    Posts
    53
    thanks criterion and nogdog

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles