Securing a contact form script
Hello! I am just wondering how secure is this contactform script I just made? My teacher was nagging at me a long time ago when I made my contactforms.
-
There is nothing insecure in your code really beside lack of data validation. You just collect form data and send it out. so the only 'insecurity' is that you would be easily spammed through that form unless any sort of captcha is used. I am not sure at the moment, but it may be possible to trick mail() to add more receipients with crafted $subject, so it would be save to ensure it's oneliner and strip any CRLFs
讨论(0) -
You can use a function to validate the entries such as :
function check_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; }And
$name = check_input($_POST['name']); $email = check_input($_POST['email']); $phone = check_input($_POST['phone']); $subject = check_input($_POST['subject']); $comments = check_input($_POST['comments']);And
if ($name && $email && $phone && $subject && $comments) { Send contact form... }and of course you can add captcha to make it more secure.
讨论(0)
加载中...
- 热议问题